CIS 8.0.0.4344 causes System process Handle Leak [M1413]

Makrea · June 28, 2015, 1:52pm

On my system the behavior initially reported remains the same.

The one reported on the video I posted on one of the initial posts:

I’ve red the release notes of the versions that have been released and nothing (publicly available) there explicitly relates/solves/addresses this issue.
And if there isn’t a direct post to the issue on this thread (or other related thread that i’m unaware), then I assume that this issue is still untouched/unsolved.

So, for me it is a surprise seeing that you notice some improvement.

Nevertheless for me any number above 5000 handles is a warning sign.

DecimaTech · October 17, 2015, 6:11pm

I can not reproduce this issue on 8.2.0.4703 I don’t have the AV installed but I enabled all other components of CIS (HIPS=Safe,Firewall=Safe,Auto-sandbox=Enabled,Viruscope=Enabled for all processes)and my peek handle count so far is 1,425 and I only have two open handles to HKLM\SYSTEM\ControlSet001\services\CmdAgent\CisConfig\1 whereas the video posted shows an increase of handle count to that registry key path.

Makrea · October 18, 2015, 9:25am

The issue doesn’t happen on all systems.
I have another computer with the same OS and same comodo version and the handle issue doesn’t manifest.

qmarius · October 19, 2015, 7:09am

Hi Makrea,

If it’s not fixed then please do the following :

Download ProcDump - ProcDump - Sysinternals | Microsoft Learn
While experiencing the issue, run procdump with following command : procdump -ma -n 10 cmdagent.exe
Provide a link to dumps (old link is dead).

Thank you

Makrea · October 19, 2015, 9:08pm

Last time I checked it wasn’t fixed. (I’m not joking.)

This issue occurs on a PC that is on another home and it isn’t easily remotely accessible.

I’ll do what you ask probably next weekend.

Regarding the dead link I think I saved that zip on that PC. But its better to record the data again since the Comodo version has advanced since then.
I’ll upload the dumps from procdump as-well.
Meanwhile maybe wasgij6 still has the file?

Makrea · October 24, 2015, 10:51pm

Here are the logs:

Password sent by PM.

qmarius · October 25, 2015, 3:12pm

I’ve updated tracker data.
Thank you.

qmarius · July 16, 2016, 2:57pm

Please check if it’s fixed with version <10.0.0.5144>.

Thank you.

Makrea · July 16, 2016, 4:23pm

Will do.

Currently my version is 8.4.0.5076

It’s fully updated.
That version will be released soon?

Thanks for keeping me posted.

qmarius · July 16, 2016, 4:30pm

It’s a beta version that you may test to verify if this issue is fixed with your system. Do note that you could wait for stable version.
Please check Comodo Internet Security CIS V10.0.0.5144 Beta !! for additional information.

Thanks.

DecimaTech · December 9, 2016, 8:23pm

Please check with Comodo Internet Security V10.0.0.6071 Beta thanks.

Makrea · December 9, 2016, 10:52pm

Thanks for the reply.
I’ve been waiting for the stable version.
But I might install it just to give you some feedback.

Makrea · December 26, 2016, 11:37am

Not solved in 10.0.0.6086.
Exactly the same behavior happens.

Have a great 2017!

qmarius · December 29, 2016, 3:55pm

Many thanks for checking. QA said they are unable to replicate this issue with version 10.
Could you kindly provide more info?

Please provide:

system summary (run > msinfo32 > save)
list of installed programs (http://www.howtogeek.com/165293/how-to-get-a-list-of-software-installed-on-your-pc-with-a-single-command/)
more dumps?

Thanks again.

Makrea · December 29, 2016, 4:24pm

More info:
I updated after downloading the EXE from the site.
Didn’t uninstall the version 8 before installing v10.
After installing the v10 imported the firewall definitions that exported previously of the v8.
I verified the leak happening before the import of the definitions.
And continues after the import.

Ok.
I’ll get that info when i’m back at that PC.

Regarding the “more dumps” anything specific?

qmarius · December 29, 2016, 4:33pm

‘cmdagent.exe’ process, I’m guessing. Come to think about it, while reading your older comments, using Windows Performance Toolkit might be a good idea for devs. Hmm!

Hope it helps.

Makrea · December 29, 2016, 6:26pm

Will do.

I was thinking of that executable.
Yes it helps. I was just forcing an answer. ;D

qmarius · December 29, 2016, 7:05pm

You might also want to try :
https://blogs.technet.microsoft.com/yongrhee/2011/12/19/how-to-troubleshoot-a-handle-leak/
Looks promising.

Instead of attaching with WinDbg, you could create dumps, I’m guessing.

Makrea · January 1, 2017, 1:35am

Well I attached WinDbg and the PC became completely unresponsive. Did a reset of the PC and the rest was a complete mess…
So thoroughly detailing:
1- After reboot COMODO was corrupted.
The following image appears:

https://s24.postimg.org/gy5977ftx/comodo_msg.png

Clicking Yes/Sim does absolutely nothing.
The COMODO doesn’t load whatsoever nor processes appear on the task manager.

2- Lost internet connection.
Didn’t acquired public IP until I explicitly uninstall the following option:

https://s23.postimg.org/k1i3wjowb/comodo_firewall_option_network.png

3- Thinking I was only being amazingly unlucky did the following:
3.1- Used IObit Uninstaller to do thorough uninstall of COMODO Internet Security, COMODO Essentials, COMODO Secure Shopping
3.2- Downloaded the COMODO installer, Installed, restarted when asked, updated definitions, was notified to install program updates :-TD on a SUPER fresh installation that is installed after the installer downloads what is installed from the site.
3.3- Fresh reboot after that not much understandable update and guess what… Corrupted again… :-TD
The following image appears:

https://s24.postimg.org/gy5977ftx/comodo_msg.png

This diagnostics module is broken!
Very close to ditching v10 or COMODO altogether…
Nevertheless have a good 2017!

Makrea · January 1, 2017, 1:40am

This appears on the COMODO when repairing the installation on control Panel:

https://s24.postimg.org/87fi75r3p/comodo_control_panel.png