CIS 5.3xx generates huge defense config change log files [NBZ]

The bug/issue

1. What you did:
   My CIS logging preference is set to copy log files over 25MB to a subfolder.

2. What actually happened or you actually saw:
   Sudden change in size of logs; never before (since Comodo version 2.x) have I seen Comodo log files of this size.

3. What you expected to happen or see:
   reasonably sized log files; similar to previous CIS versions

4. How you tried to fix it & what happened:
   nothing yet; don’t know what to change

5. If its an application compatibility problem have you tried the application fixes here?:
   n/a

6. Details & exact version of any application (execpt CIS) involved with download link:
   helpsvc.exe version 5.1.2600.5997 (xpsp_sp3_gdr.100614-1759) filedate: June 14 2010, filesize: 744,448 bytes. NOTE: this is a newer filedate than the other files in that folder. I assume that is because it was updated by Windows Update… it does not appear to be malware or virus to me.

Defense+ seems to be logging configuration changes to the file C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvs.exe over and over and over again.

7. Whether you can make the problem happen again, and if so exact steps to make it happen:
   It just happens; Not something I am causing, I don’t think.

8. Any other information (eg your guess regarding the cause, with reasons):
   Something is happening to that file that causes Comodo defense to see it as a configuration change of some sort. I don’t use Windows help services very often, so I don’t know what could be causing changes to that file. I don’t think I have changed any other Comodo CIS settings that would cause it to log more changes than it used to. Virus scans come up clean, so I don’t know why this is happening.

Files appended. (Please zip unless screenshots).

1. Screenshots illustrating the bug:
2. Screenshots of related CIS event logs and the Defense+ Active Processes List:
3. A CIS config report or file. 20_01_2011_13_29_18.zip
4. Crash or freeze dump file:

Your set-up

1. CIS version, AV database version & configuration used: 5.3176757.1236 AV 7470
   (but this has been happening at least since first install of v 5.3x)
   PS: sure would be handy if I could copy and paste that info from “about” screen instead of retyping it.

2. a) Have you updated (without uninstall) from CIS 3 or 4: NO - I uninstalled 3.x completely and then installed 5.1 as new installation
   b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:

3. a) Have you imported a config from a previous version of CIS: NO
   b) if so, have U tried a standard config (without losing settings - if not please do)?:

4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): Turned off cloud scanning. Turned off auto updates (I check for software and AV database updates daily or more often. Other than that, no, I don’t think so.

5. Defense+, Sandbox, Firewall & AV security levels: D+= , Sandbox= , Firewall = , AV =

Defense+ = clean pc mode
Sandbox = enabled
Fiirewall = safe mode
AV = stateful

6. OS version, service pack, number of bits, UAC setting, & account type:
   XP Pro 2002 sp3 fully patched/updated, 32bit, user account w/administrator privs,

7. Other security and utility software installed:
   Spybot S&D (teatimer not active)

8. Virtual machine used (Please do NOT use Virtual box): NONE

[attachment deleted by admin]

Thank you for your bug report in the required format.

Moved to verified.

Thank you

Dennis

Hi,
Any news about what’s going on with the giant logs issue? I have two other pc’s in the house using Comdode 5.3x and they do not share this problem. I can’t figure out what’s different among them.

The huge log files are more than just a curiosity – they make it much more difficult to use the logs the way they were intended. E.g., a simple check for Defense+ or Firewall events becomes a significant project. Please help!

Many Thanks,
Dave/EddyHaskel

PS: some newer giant logs zipped and attached

[attachment deleted by admin]

…and the latest one.

I’ll stop for now >:-D

[attachment deleted by admin]

I’ve had the same problem since first installing v5.0 and still have it with the latest v5.3.

My laptop with XP has an almost exact CIS setup and configuration doesn’t do it. The PC does.

The log file grows daily by small increments as I would expect. Then, about once a week or two (irregularly) in one day it will jump from 1.5MB to 7 or 8MB and (as I have my max log file size as 10MB) the next day my logs disappear to be replaced with a new blank file.

It is very annoying when tracking certain things happening in the Firewall or Defense+ to lose the logs like this.

Attached are 2 log files 1 day apart, one normal at 1.4MB the other nearly 8MB.
When I’ve viewed these files in Log Viewer they don’t seem much different, nothing to account for the extra 6MB in file size.

System is XP up-to-date, 32-bit, Administrator privs.

[attachment deleted by admin]

Over a month and no reply from staff? This is a serious problem.

Now CIS is creating 45MB log files every few minutes. cmdagent is using 120MB RAM and cfp is using another 120MB RAM.

I am uninstalling.

This is ■■■■. I need help. How long do you think it is reasonable to wait. Certainly not this long.

I am sorry but this is intolerable. I care for 11 other families’ systems and will move them all from Comodo, also.

Feb 27 log files 3 and 4

[attachment deleted by admin]

[attachment deleted by admin]

Feb 27 log file 1

[attachment deleted by admin]