CIS introducing latency over multiple days of uptime [M2129]

makloda · October 28, 2016, 5:58pm

The full product and its version:
CIS 10 Beta V10.0.0.5144
Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
Windows 10 x64, Anniversary Update
List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
I am using standard setup with Sandbox, Firewall + Antivirus. No HIPS.
Did you install over a previous version without uninstalling first, or import a previous configuration file?:
No.
Other Security, Sandboxing or Utility Software Installed:
Nothing else, just CIS as far as security software is concerned.
Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
Install LatencyMon to measure Windows operating system latency.
Upon booting, this will show around 50 microseconds. Which is perfect.
CIS is operating normally in the background.
Use PC normally (Websurfing, Office work etc). Everything is working normally.
After each workday, set PC to goto sleep. In the morning wake up PC and continue working. Then sleep again and repeat.
What actually happened when you carried out these steps:
Each morning, use LatencyMon to measure the latency. After each day, latency will increase by about 100-150 microseconds. Once it reaches 500 microseconds (takes about 3-4 days of uptime) audio jitters can be observed, usually related to the Windows network adapter. That means when playing music in media player and loading a webpage (in any browser, doesn’t matter) this will introduce massive jitter (music stopping/starting/stopping then starting again in short succession).
What you expected to see or happen when you carried out these steps, and why (if not obvious):
Upon uninstallation of CIS, this behavior disappears. I have an uptime of 9 days right now, with no jitters. The latency is still around 50 microseconds, just like after a fresh booting.
I tried multiple rounds of install and uninstall, with the same result.
Any other information:
My suspicion is that your Firewall/network device driver is somehow becoming less and less responsive with longer uptime. I did not test disabling CIS Firewall/Sandbox/Antivirus individually. Maybe the culprit is one specific module.

Link for Windows LatencyMon (free): Resplendence Software - LatencyMon: suitability checker for real-time audio and other tasks

qmarius · October 28, 2016, 6:04pm

Hi,

Could you kindly provide more detailed steps regarding third-party utility (latencymon) ? (eg screenshots, where you checked, monitoring time)

Thank you.

makloda · November 1, 2016, 8:45pm

Hello,

of course.

If you look at this screenshot from the Program’s website: http://www.resplendence.com/images/latencymon.jpg

The relevant numbers to look at are the top two ones:

“current measured kernel timer latency” (it is measured approx every second)
“highest measured kernel timer latency” (it is the max of the above number, since measuring started)

You only have to run measuring for some 20-30 seconds. The numbers do not change much after that.

Whenever I referred to “latency in us” (microseconds),I meant the average number shown under “current measured kernel timer latency” after running it for 20-30 seconds. For example, when I wrote “latency was 500 us” it means that latency was fluctuating around say 250 - 750 us over the 20 second time frame. With 500 being the average.

Latency mon will also give you information at the top “Your system appears to be suitable…” – Once latency increases, it will turn to orange and red colors and describing that real time audio can no longer be handled without dropouts.

Hope that helps.

qmarius · November 11, 2016, 1:01pm

Please test this issue again with (upcoming) BETA2 of version 10.

makloda · November 16, 2016, 9:00pm

OK will do, thank you.

DecimaTech · December 9, 2016, 8:47pm

Please check with Comodo Internet Security V10.0.0.6071 Beta thanks.

makloda · December 14, 2016, 10:46pm

Installed 6071. Will report back after a few days of uptime.

makloda · December 15, 2016, 5:53pm

After 20 hours latency is already abnormally high. Will check again in 24-48 hours of more uptime.

qmarius · December 15, 2016, 7:02pm

Thanks. Appreciate it if you could provide screenshots like that with progress / over days.

makloda · December 16, 2016, 4:07pm

After 42 hours of uptime latency has increased a bit more

qmarius · December 20, 2016, 12:54am

Thank you.

Reported issue. Thanks again for your efforts.

makloda · December 25, 2016, 1:35pm

Thanks, I will try again when they release a version with a fixed attempt to verify. Thanks for reporting it! Its not easy to catch.

DecimaTech · July 7, 2017, 6:27pm

Please check with 10.0.1.6254 thanks.

DecimaTech · September 13, 2017, 2:50pm

Please check issue with CIS 10.0.1.6294 thanks.

makloda · October 27, 2017, 4:11pm

I have tested the latest version, still happens. But I have found something interesting. I made a test WITHOUT the Firewall (so only the Antivirus component was installed for this test) and there is no DPC latency now, even after 4 days of uptime. It appears the latency is slowly (over multiple days) introduced with the Comodo Firewall.

I currently run the Windows stock Firewall and Comodo antivirus and have no problems.

Citizen_K · October 27, 2017, 9:47pm

The latency could be related to the inspect.sys driver. Could you for the sake of testing try the following.

Add the Comodo FIrewall so you will run the full suite again. Then disable the Comodo Internet Security Firewall driver in the Properties of your network adapter. That will disable all filtering done by Inspect, the packet filter driver, effectively disabling the working of the firewall. That’s why you leave Windows Firewall running.

If the DPC problem does not happen when running the computer multiple days we’ve established it is the Inspect driver is the root cause.

makloda · November 1, 2017, 8:18pm

Hello, I have performed the above test. I have installed the Comodo firewall, then immediately upon boot disabled the Firewall driver in the IP4 networking settings. Then after about 35 hours of uptime I have tested latency and it was too high already, see screenshot.

When uninstalling the Comodo firewall my latency never spikes above 300/400 even after 5 days of uptime.

Citizen_K · November 3, 2017, 4:36pm

Thank you for testing. We now know it is not the Inspect driver causing but one of the other drivers.

Could you check disabling other CIS drivers one at a time like you did with the Inspect driver? You can disable them with Autoruns. Remember to reboot the computer after you disabled the start up. Those are the drivers:
cmderd.sys
cmdGuard.sys
cmdcmdhlp.sys

Please keep in mind that disabling a driver will reduce the overall security of your system.