CIS causes System process Handle Leak [M1413]

A. CIS causes System process Handle Leak
Can you reproduce the problem & if so how reliably?:
After updating to the version CIS is causing a Handle Leak in System process.
The leak always happens during time.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1:After turning on the PC the Handle count of System process keeps increasing steadily.
After 12h of having the computer on doing mainly RDP to other computer and browsing the Handle count exceeds 30000.
One or two sentences explaining what actually happened:
Elevated Handle count are know to create problems.
Nevertheless none happened so far.
I confirmed that it was CIS by using Process Explorer. See attached image.
One or two sentences explaining what you expected to happen:
CIS should not affect, at least, not massively the handle count of System process.
Any software except CIS/OS involved? If so - name, & exact version:
Any other information, eg your guess at the cause, how you tried to fix it etc:
The Diagnostics functionality doesn’t report any error.
Restart the computer helps but the handle count goes up again.

Using Process Explorer the System process reports thousands of Handles to the following reg key:


Exact CIS version & configuration:
Comodo Internet Security Active.
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Antivirus Stateful
Auto-sandbox disabled
HIPS disabled
Firewall Safe Mode

Have you made any other changes to the default config? (egs here.):
Have you updated (without uninstall) from CIS 5 or CIS6?:
No, updated from 7 using the update feature of the app.
if so, have you tried a a a clean reinstall - if not please do?:
Didn’t tried to reinstall or clean install.
Have you imported a config from a previous version of CIS:
Yes, from CIS 7.
if so, have you tried a standard config - if not please do:
Changed now to the firewall config. the Handle count didn’t dropped. Didn’t restarted to see if gets better. I’ll follow up on that info later.
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
7 ultimate SP1 64bit
UAC disabled

[attachment deleted by admin]

Can you force a full dump of the system process that is experiencing the leak? It would be most beneficial to take the dump when the handle count is very high. This will help the developers figure out whats going on.


Yes, I can do the full dump.
But I need some instructions on how to do the dump. Is there any tutorial to help doing that dump?

After changing to a standard config the problem still happens with a slight difference to the key that appears:

The only difference is that the last 0 on the key changes to 2.

Open process explorer then right click on the process then click create dump then select full dump.

Once the full dump is created zip it with 7zip (or any archiving tool) and upload it to a cloud service. Then post a link to the download here or send me the link.

I’ll do it right away. The Handle count is around 5000 now.

Process Explorer complains with a message “Error opening process: Access Denied” when selecting full dump.
Even running Process Explorer with Administrator rights (that checkbox on the Compability tab) and with the right click option the same message appears.

I can dump other processes without any issue.

I looked more into the issue and made a video. Link below.
It’s clear that the behavior repeats indefinitely.

Also captured 20 seconds of data with Windows Performance Recorder.
Data here:

The file is password protected.
Password was sent to wasgij6 by PM.
Password given upon request.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Any info you might need I’ll be glad to help.

This bug is present on version. Exactly the same behavior.

System process:
Using 17245 handles after 7h:03m:28s PC on.

Thanks for letting me know. I have updated the tracker

After 16 days and 18 hours uptime the System process is using no less than 610,332 handles!!

cmdAgent.exe’s commit size is 1,835,664K

Will this be fixed soon?

hopefully it will be fixed in the next version which plans to add a new/improved av engine.

Bug still present on

I confirm, it’s till happening with 8.2: 166078 handles after 4 days

508,384 handles after 20 days system uptime (50% ram usage when idle, that’s 8Gb of my 16…).
Is there any news on this issue, are the developers able to reproduce it?

Still happening on

I’ve updated tracker data.

Thank you.

The problem seems to have lessen for me “only” 43,514 handles on the system process after 17 days. Unfortunately I’m not sure what happened to change that. Except of course the Comodo update as well as the various Windows system updates released since my last post.