Buggy cmdagent.exe: slows things down for no reason!

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
#1

First off, I am NOT using the Antivirus component. I did NOT even install it.

The problem is that cmdagent.exe unnecessarily slows down Mozilla Thunderbird initial startup AFTER SYSTEM BOOT. Thunderbird startup usually takes about 30 seconds on my system (a P3 933 MHz w/ 512 MB RAM); however, with Comodo, it was taking several minutes. After the first startup, subsequent startup of Thunderbird were normal.

At first I couldn’t figure out why, because only Thunderbird was noticeably most affected and Firefox seemed unaffected. Then after monitoring Task Manager, I noticed that, whenever I started Thunderbird for the first time, after system boot, cmdagent.exe would kick in, consuming well over 100 MB and about half CPU utilization. This would go on till Thunderbird had finished loading, after which cmdagent.exe settled back down.

Thinking this might be an issue with Defense+, I disabled it and left only the firewall, AND REBOOTED. However, I noticed the exact same issue was happening – EVEN WITH ONLY THE FIREWALL ENABLED.

So then I DISABLED THE FIREWALL and REBOOTED, thus effectively disabling Comodo Internet Security (though the application itself remained running), and finally, Thunderbird startup was back to normal. No more cmdagent.exe chewing things up.

While certainly unacceptable either way, I could have somewhat understood cmdagent.exe having fits in connection with Defense+, but the firewall? What the heck? What is cmdagent.exe doing? And based on other reports I have seen regarding cmdagent.exe’s propensity for high memory and CPU consumption, it is apparent this is not a problem with my system or software. There are no bandages for this: cmdagent.exe is the Achilles heel and needs to be fixed.

Right now I have all Comodo services disabled, holding out hope that the problems with cmdagent.exe will be acknowledge and fixed. A great piece of software is ruined by one buggy component. Why dig a well then ■■■■ in it?

So please, Comodo, fix cmdagent.exe. Thank you. End rant. ;D

p.s. other particulars of my system are:

  • Pentium 3 933 MHz + 512 MB RAM (as stated above)
  • Windows XP SP3
  • Comodo Internet Security 3.10.102363.531
  • Mozilla Thunderbird 3.0 nightly builds
  • Mozilla Firefox 3.7a1pre nightly builds
#2

Hmmmm, nightly builds… does the same thing happen with stable builds?

#3

Predictably, I knew that was coming.

It has absolutely nothing to do with the fact that they are nightly builds. The builds themselves are very stable and serve my daily operating needs. If Comodo does not want to fix the issue then I suppose there’s nothing more I can add.

#4

I never looked at cmdagent while Thunderbird was starting so I decided to give it a go. Rebooted the PC and waited for all the startup stuff to settle down. With process explorer monitoring cmdagent, I started Thunderbird. cmdagent used about 60% of a processor for about 5 seconds and then went back to under 1%. Thunderbird GUI was open in about 25 seconds. I will note that because of a problem with lightning and SSL, I have Thunderbird configured such that it does not attempt to look for messages on any email account at startup. It does load 3 network calendars and check 8 RSS feeds. Since you indicate that this occurs with only the firewall running you might want to experiment and see if turning off “Check for new messages at startup” on all accounts changes startup time. The other interesting clue is that this only happens the first time you run Thunderbird after reboot. This leads me in the direction of something that Thunderbird uses is being loaded that first time (giving cmdagent something that it spends a lot of time scanning) Thunderbird is run but doesn’t get scanned on subsequent runs of Thunderbird.

#5

You’re still missing the point. But first. In comparing your timing to mine, ensure that you have first properly taken note of differences between my system and yours.

Secondly, nobody should be forced to modify Thunderbird startup behavior to accommodate CIS. This should be transparent to the user.

I have five email accounts that Thunderbird checks at startup (all POP3). If that were the problem, Firefox would also be affected but is not. With Firefox, I usually have two windows, each with several tabs, that restore after startup. Some of those tabs aren’t cached and are loaded afresh on startup (meaning network activity). But even more importantly, and fatal to your theory, is that the delay is in Thunderbird even loading – long before Thunderbird is even ready to perform any network activity. Therefore this is not a network-related issue at all. VERY STRICTLY speaking, it probably isn’t even a problem with the firewall component of CIS per se. Rather it is a problem with whatever cmdagent.exe is doing and doing a terribly inefficient job of.

The question then is: what exactly is cmdagent.exe doing that it probably shouldn’t be? Thunderbird is very lightweight as far as tie-in to Windows goes. Prior to Thunderbird even performing ANY network activity, and with Defense+ completely disabled, and no Antivirus component installed, exactly what is cmdagent.exe doing? The only other thing is that I have lots of email (about 200 MB worth) and several Thunderbird extension. Exactly what is cmdagent.exe interrogating while Thunderbird is trying to load? If Comodo can answer this, that’s the right path to finding the source of this bug.

#6

Can you show us a screenshot of the firewall logs when T’bird starts up?

#7

Do you want to try and understand what is happening or just complain? All I stated was my Thunderbird configuration might be different from the configuration you are using because of a Thunderbird bug and that the difference could relate to why I don’t see the minutes of processor time you see. Have a nice day. I can take a hint when assistance is not welcome.

#8

Out of the blue I started having the same problem. And I cannot think what is different in my system before cmdagent consumed all cpu and now. My temporary solution is to disable the system service cmdagent.

But in the last thread the fellow asked twice what is comodo agent doing and perhaps because of the tone, no one tried to offer an answer.

Can anyone tell me the purpose of cmdagent.exe?

Disabling it does not appear to disable the firewall and I have confirmed that it does not disable the Defense+ because it blocked specific annoying other “agents” such as the logitech updater that I have set as forbidden files.

In the Comodo Firewall window, it does report that “Comodo Application Agent is not running” but it does not seem necessary to the functioning of the security components of the program.

I am using 3.954… and do not want to upgrade for a number of reasons including having done so and experienced a bunch of conflicts.

So my question, not complaint, is what does the Application Agent do and am I creating vulnerabilities other than not getting update alerts?

#9

I am too having problem with cmdagent.exe but with a little difference…

I don’t use thunderbird so I don’t know how cmdagent.exe affects it but for me the problem is cmdagent.exe uses maximum traffic…

I am using Comodo 3.11.108364…

I too like gcaleval terminate cmdagent.exe as it does not affect much to the firewall…

I too would like to know what cmdagent.exe do and is it safe to always terminate it???

#10

@gcaleval. Please do a clean install of 3.12. It’s not recommended to copy your 3.9 configuration to 3.12 due to changes in how rules are being stored.

@atalemohit. Please update to 3.12. Either by running the updater or running the installer 3.12. In case you use the installer remember to export your active configuration from under Miscellaneous → Manage my configurations. After installing 3.12 you can import your 3.11 configuration. What configuration are you using?

#11

Thanks for the tip, but let me just repeat my question:

What does the Application Agent do and am I creating vulnerabilities other than not getting update alerts?

I do not wish to upgrade beyond the version I have as I do not use any of the new features. I have also been advised that my version does not contain any known vulnerabilities.

So, I just want to confirm that not running the agent is not introducing vulnerabilities.

What does the application agent actually do? Anyone know?

Thanks for the help.

#12

Disabling cmdagent.exe will disable the Firewall, D+ and the AV. Your protection will be gone.

Just go ahead and try; disable cmdagent from starting with Autoruns and reboot. Comodo will report it is continuously initialising. When running Diagnostics it will report an error. Window security/action center will report that Comodo Firewall and AV are reporting that they are not running.

To further test. Delete the Firewall and D+ rules for an application and start it. No new rules will be made. The program will get system and net access without notification. :o

What are the conflicts you are experiencing? Can you elaborate on it to see if we can figure out where there is a conflict.

#13

Thanks EricJH After updating to 3.12 I haven’t faced the same problem…

#14

What you describe is simply not happening on my system.

I am running ver 3.9.954…

The Firewall IS working and I have thoroughly tested it. The D+ is working and at the settings I keep it, it is an intrusion into my day at least a couple of times every day.

There must be some difference between the version I run and the current version, because the agent is clearly not necessary for the fw and d+ to operate.

In Autoruns, there is NO entry for cmdgaent.exe.

What is loaded is:

cmdhelp.sys
cmdguard.sys
cfp.exe
inspect.sys (the firewall inspector)

Nothing else is loaded and as mentioned previously I have disabled the cmdagent.exe Service from running.

This does result in the Alert symbol on the task icon and an alert in the Comodo dialogue window. But there are no other evident ill effects. It absolutely, clearly does NOT disable the firewall, nor Defense+. I do not run Windows Security so Am not aware of what it might report. Comodo is not reporting, nor actually continuously enabling. In fact I have not experienced the processor loads that have been periodically reported, but cfp is very quiet unless I’m doing something that requires it to do a lot of rule checking. I have no need to run the Comodo Diagnostics because everything is working, altho I don’t doubt doing so would result in unpleasantness. Everything is operating effectively.

Ergo my question which remains unanswered, what does cmdagent.exe actually do in version 9?

with all the expertise here, I’m starting to become a little uneasy at the lack of a straight answer. Was/is cmdagent primarily an update checker? Or was it used to do silent user monitoring? What was/is its role?

As to the problems I had with the newer versions: first they sent my system into an unbootable loop. I run a very tight system that is controlled at several levels and I’m guessing that some of those controls don’t play nice with the newer versions. Because the version 9.9.54… fully suits my needs there is no reason for me to troubleshoot the problem. As soon as I booted into Safe Mode, and fell back to the previous install of CFP, everything worked tickety-boo again.

I’ve attached a screen cap of the Comodo Summary dialogue if it’s of any use.

[attachment deleted by admin]