CIS writes huge 20MB+ log files every day.
A. THE BUG/ISSUE:
- What you did:Nothing. Allowed CIS to update itself, I guess.
- What actually happened or you actually saw:Every day between 7am and 8am CIS generates so many “configuration changes” that it expands the log file past my 20MB limit and starts a new log. Almost all the “changes” revolve around two Windows files – c:\windows\system32\cidaemon.exe and c:\windows\pchealth\helpctr\binaries\helpsvc.exe. The log files created are so huge that when I open them and try to read through them the log reader software uses 100% of cpu and stalls for long periods.
- What you expected to happen or see:normal log files; a few entries every day… not the thousands of lines generated now.
- How you tried to fix it & what happened:I added those two files to CIS’s Defense/Executions Control Settings/Exclusions. But that did not help
- If a software compatibility problem have you tried the compatibility fixes (link in format)?: N/A
- Details & exact version of any software (execpt CIS) involved (with download link unless malware):Windows XP Version 5.1 (Build 2600.xpsp_sp3_gdr.120821-1629:Service Pack 3).
- Whether you can make the problem happen again, and if so precise steps to make it happen:just wait until next day. CIS does this every single day.
- Any other information (eg your guess regarding the cause, with reasons):
This happened once before a long time ago… don’t remember which verison of CIS. I had to uninstall completely and reinstall a new copy downloaded from the Comodo website.
B. FILES APPENDED. (Please zip unless screenshots).:10_12_2012_07_54_32.zip
- Screenshots of the Defense plus Active Processes List (Required for all issues):defense running processes screenshot.jpg
- Screenshots illustrating the bug:
- Screenshots of related CIS event logs:
- A CIS config report or file:see files appended (#8B, above)
- Crash or freeze dump file:
- Screenshot of More~About page. Can be used instead of typed product and AV database version:comodo version number screenshot.jpg
C. YOUR SETUP:Windows XP Version 5.1 (Build 2600.xpsp_sp3_gdr.120821-1629:Service Pack 3). CPU: AMD Sempron 2800+; 2GB RAM
- CIS version, AV database version & configuration:CIS 5.12.256249.2599; AV database: 14506
- a) Have you updated (without uninstall) from a previous version of CIS:
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:Sigh. I will try a whole new reinstall again. Seems crazy to need to do this.
- a) Have you imported a config from a previous version of CIS: No.
b) if so, have U tried a standard config (without losing settings - if not please do)?:
- Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No.
- Defense+, Sandbox, Firewall & AV security levels: Defense+=clean pc mode; Sandbox=enabled; Firewall= safe mode; AV security= stateful
- OS version, service pack, number of bits, UAC setting, & account type:Windows XP (32 bit) Version 5.1 (Build 2600.xpsp_sp3_gdr.120821-1629:Service Pack 3).
- Other security and utility software currently installed:Ccleaner (used rarely) Spybot S&D updated and run manually, approximately monthly.
- Other security software previously installed at any time since Windows was last installed:none
- Virtual machine used (Please do NOT use Virtual box)[color=blue]:none.
[attachment deleted by admin]
[attachment deleted by admin]