CIS 8.0.0.4344 causes System process Handle Leak [M1413]

Makrea · December 28, 2014, 12:57am

A. CIS 8.0.0.4344 causes System process Handle Leak
Can you reproduce the problem & if so how reliably?:
After updating to the version 8.0.0.4344 CIS is causing a Handle Leak in System process.
The leak always happens during time.
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1:After turning on the PC the Handle count of System process keeps increasing steadily.
After 12h of having the computer on doing mainly RDP to other computer and browsing the Handle count exceeds 30000.
One or two sentences explaining what actually happened:
Elevated Handle count are know to create problems.
Nevertheless none happened so far.
I confirmed that it was CIS by using Process Explorer. See attached image.
One or two sentences explaining what you expected to happen:
CIS should not affect, at least, not massively the handle count of System process.
Any software except CIS/OS involved? If so - name, & exact version:
No.
Any other information, eg your guess at the cause, how you tried to fix it etc:
The Diagnostics functionality doesn’t report any error.
Restart the computer helps but the handle count goes up again.

Using Process Explorer the System process reports thousands of Handles to the following reg key:

HKLM\SYSTEM\ControlSet001\services\CmdAgent\CisConfigs\0

B. YOUR SETUP
Exact CIS version & configuration:
8.0.0.4344
Comodo Internet Security Active.
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Antivirus Stateful
Auto-sandbox disabled
HIPS disabled
Firewall Safe Mode

Have you made any other changes to the default config? (egs here.):
No.
Have you updated (without uninstall) from CIS 5 or CIS6?:
No, updated from 7 using the update feature of the app.
if so, have you tried a a a clean reinstall - if not please do?:
Didn’t tried to reinstall or clean install.
Have you imported a config from a previous version of CIS:
Yes, from CIS 7.
if so, have you tried a standard config - if not please do:
Changed now to the firewall config. the Handle count didn’t dropped. Didn’t restarted to see if gets better. I’ll follow up on that info later.
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
7 ultimate SP1 64bit
UAC disabled
Administrator

[attachment deleted by admin]

wasgij6 · January 15, 2015, 6:19am

Can you force a full dump of the system process that is experiencing the leak? It would be most beneficial to take the dump when the handle count is very high. This will help the developers figure out whats going on.

Thanks

Makrea · January 17, 2015, 3:05pm

Yes, I can do the full dump.
But I need some instructions on how to do the dump. Is there any tutorial to help doing that dump?

After changing to a standard config the problem still happens with a slight difference to the key that appears:
HKLM\SYSTEM\ControlSet001\services\CmdAgent\CisConfigs\2

The only difference is that the last 0 on the key changes to 2.

wasgij6 · January 17, 2015, 5:54pm

Open process explorer then right click on the process then click create dump then select full dump.

Once the full dump is created zip it with 7zip (or any archiving tool) and upload it to a cloud service. Then post a link to the download here or send me the link.

Makrea · January 17, 2015, 8:46pm

Ok.
I’ll do it right away. The Handle count is around 5000 now.

Makrea · January 17, 2015, 8:55pm

well…
Process Explorer complains with a message “Error opening process: Access Denied” when selecting full dump.
Even running Process Explorer with Administrator rights (that checkbox on the Compability tab) and with the right click option the same message appears.

I can dump other processes without any issue.

Makrea · January 18, 2015, 5:05pm

I looked more into the issue and made a video. Link below.
It’s clear that the behavior repeats indefinitely.

Also captured 20 seconds of data with Windows Performance Recorder.
Data here:
http://www.filedropper.com/cis8004344handleleakdemo

The file is password protected.
Password was sent to wasgij6 by PM.
Password given upon request.

wasgij6 · January 22, 2015, 6:14am

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Makrea · January 22, 2015, 10:43pm

Any info you might need I’ll be glad to help.

Makrea · February 14, 2015, 10:17pm

This bug is present on 8.1.0.4426 version. Exactly the same behavior.

Makrea · February 15, 2015, 5:22pm

System process:
Using 17245 handles after 7h:03m:28s PC on.

wasgij6 · February 15, 2015, 8:20pm

Thanks for letting me know. I have updated the tracker

2072 · March 7, 2015, 11:35pm

After 16 days and 18 hours uptime the System process is using no less than 610,332 handles!!

cmdAgent.exe’s commit size is 1,835,664K

Will this be fixed soon?

wasgij6 · March 8, 2015, 9:42am

hopefully it will be fixed in the next version which plans to add a new/improved av engine.

Makrea · April 25, 2015, 1:12pm

Bug still present on 8.2.0.4508.

2072 · April 25, 2015, 1:56pm

I confirm, it’s till happening with 8.2: 166078 handles after 4 days

2072 · May 11, 2015, 12:41am

508,384 handles after 20 days system uptime (50% ram usage when idle, that’s 8Gb of my 16…).
Is there any news on this issue, are the developers able to reproduce it?

Makrea · June 28, 2015, 2:30am

Still happening on 8.2.0.4591.

qmarius · June 28, 2015, 8:13am

I’ve updated tracker data.

Thank you.

2072 · June 28, 2015, 1:03pm

The problem seems to have lessen for me “only” 43,514 handles on the system process after 17 days. Unfortunately I’m not sure what happened to change that. Except of course the 8.2.0.4591 Comodo update as well as the various Windows system updates released since my last post.