CleanMem causes high cmdagent cpu usage

center]A. THE BUG/ISSUE: CleanMem causes high cmdagent cpu usage[/center]

Can you reproduce the problem & if so how reliably?:
Yes, and so can everyone. Install it, configure, wait for task to kick in, look at it go insane every 5 minutes.

If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1:Install
2. Let it schedule a task (or execute manually by double clicking)
3. sit back and watch it spike.

One or two sentences explaining what actually happened:

The scheduler starts running the memory cleaner task instantly causing a giant cpu spike in cmdagent.exe everytime it runs.

One or two sentences explaining what you expected to happen:
I have been using this program since it was released over a decade ago I think, I expect cmdagent to not bottleneck my cpu by using 12-15% every 5 minutes while I’m gaming.

If a software compatibility problem have you tried the advice to make programs work with CIS?:
Yes but I shouldn’t have to, I’ve been using this for years, I don’t even know why it’s not whitelisted yet.

Any software except CIS/OS involved? If so - name, & exact version:
Windows 7 x64 up-to-date
CleanMem Mini-monitor v2.5 Free and Paid edition (CleanMem Free/Pro | PcWinTech.com™) 64 bit, manual execution and scheduled task.

Any other information, eg your guess at the cause, how you tried to fix it etc:

Turned off the scheduler, problem solved but RAM problem is an issue again which it has not been for years.

B. YOUR SETUP
Exact CIS version & configuration:
10.0.1.6258

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
AV, FW, Sandbox, HIPS, Virusscope, Web Filter.

Have you made any other changes to the default config? (egs here.):
Imported previous setup. Happens with both fresh and imported settings.

Have you updated (without uninstall) from CIS 5, 6 or 7?:
I tried both.

if so, have you tried a a a clean reinstall - if not please do?:
Yes, twice.

Have you imported a config from a previous version of CIS:
Yes and No.

if so, have you tried a standard config - if not please do:
Yes

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Win 7 Home Premium 6.1.7601 SP 1 Build 7601, x64, UAC off, Admin, No VM.

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
MBAM

C. ATTACH REQUIRED FILES (delete this section (section C) after attaching required files)
Nothing special to report, issue is clear, see other bug report if one is required but there is nothing special to look at, if really urgent I can generate a new one but I doubt there is need for it.

Hi Saintj,
Do you see any of files Sandboxed?If yes, may you please share sha-1?

Thanks
-umesh

Hi Umesh,

Nothings getting sandboxed.

I can share cleanmem.exe and mini_monitor.exe’s sha-1’s though.

CleanMem.exe
SHA-1
27186952361F28B38D938B1BA3DBC8006F1527F8

File SHA report:

Mini_Monitor.exe
SHA1
B9857F10AFE073EB0E32C6A11DEB5638FD4BF2E5

File SHA report:

Nothing gets flagged as a virus, nothing acts erratic, had no issues on CIS v8 and never had issues with it since the install first install of it in 2014.
Same issues with a fresh install (just tried) it just sometimes gets delayed a bit, e.g. yesterday cmdagent functioned properly for about 2-3 hours before it started acting up, nothing weird happened in between, the system was fairly idle other then defragging, and doing some simple tasks.

Virus scanned with Comodo (heuristics high), MBAM, Eset offline virusscanner tool, TDSSKiller, HitmanPro.
HIPS is on safe mode, no weird activities to report other then just creating the files to clean as it always did.

Thanks,
As i see both files are safe.

When you see high CPU issue, please go to task manager, then select cmdagent.exe and right click and take dump.
Please take at least three dumps at different time when you see abnormal CPU.

Additionally, please also share diagnostic report.

Thanks
-umesh

I tried running the schedule manually and I have not noticed any issue with cmdagent. I am using default settings of cleanmen which means it does not clean the file cache. Do you have file cache cleaning enabled? Also do you have create rules for safe applications enabled in HIPS settings?

Note I have 6 GB of memory installed so maybe running cleanmen has no affect and issue won’t present itself.

Sorry I was trying to upload dumps but my whole internet gave out on me for some reason, will try again in a bit :P.
I don’t think the dump will reveal much though, it’s most likely just scanning it over and over because it’s inside a protected dir (syswow64 in my case).
The weird thing is that I never had an issue with it in previous CIS versions, while my settings haven’t changed a bit.

If you run it manually (just double click the program) it won’t give any issues. I’m assuming that the difference is that it runs memcleaner from the default program files dir instead of the protected syswow64 or 32 bit equivalent (I hash checked the files, they’re the same as the original and just to double check I did a quick google on the location of the file and the corresponding original hash check and it’s the same).
If you created a schedule by right clicking it and “start cleanmem settings wizard” (or run the exe) it should create a similar issue to mine.

I have file cache cleaning enabled (one of my games is very RAM heavy and it swaps a lot but doesn’t swap out) I created a “safe application” rule in HIPS. I ran a file rating scan on it (and one on a fresh install of a new hash checked installer) as well but unfortunately it doesn’t fall under trusted vendors so isn’t handled automatically…

The moment I remove it as a scheduled task and just run it manually it has no issue running it, HIPS doesn’t even notice it (or ignores it as a possible threat) and cmdagent doesn’t go above 0.3% cpu use which is fair.

Fixed this issue.

For some reason removing it from HIPS as a trusted application created by Comodo, then manually adding it as a trusted application again with the exact same privileges stopped the CPU issue.

Having a similar issue with Process Hacker (checked sha-256, nothing wrong with it, nonmalicious, using it for over a decade) now eating away at svchost on which this trick unfortunately doesn’t work so I’ll have to create a new topic for that because the only trick that works on that is turning HIPS off and back on again.
For some reason HIPS doesn’t seem to work as flawless in v10 as it did in v8 :(.

Can you export and attach your config? It sounds like you have the HIPS setting ‘create rules for safe applications’ enabled.