Clearing Win Event Logs (wevtutil.exe cl) crawls on Win 10 with CFW [M1551]

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

EDITED and corrected based on futuretech’s post and kind correction of my initial post. I should have said wevtutil.exe cl (not wevtutil.exe el). Thanks futuretech
The bat file I NORMALLY use to clear windows event logs is:

[at]echo off
FOR /F “tokens=1,2*” %%V IN (‘bcdedit’) DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F “tokens=*” %%G in (‘wevtutil.exe el’) DO (call :do_clear “%%G”)
echo.
echo goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
exit

A. THE BUG/ISSUE (Varies from issue to issue)

For those who do not know, running wevtutil.exe cl via a Command Prompt will quickly clear all Windows Event (Viewer) logs in one go.However with Windows 10 Release after Latest CF is installed a 9 second complete log clearance (every time) becomes a 2 minute slow craw every time

Can you reproduce the problem & if so how reliably?:
? Yes 100%
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Installed latest Win 10 compatible Comodo Firewall on to a Clean Installed Win 10 Pro (x64) PC
2: run wevtutil.exe cl in cmd.exe, run or via a bat file.
3: Command window appears and a long log list scrolls and closes at end
4: All Windows Event logs have been cleared
One or two sentences explaining what actually happened:
Before CF installed it took 9 seconds every time to run to finish. After CF installed it took 2 minutes every time. Uninstalled CF and rebooted PC it went back to taking 9 seconds.
One or two sentences explaining what you expected to happen:
I, of course, expected wevtutil.exe el to still only take 9 seconds from start to finish after CF was installed and running.
If a software compatibility problem have you tried the advice to make programs work with CIS?:
I tried File> Properties compatibility adjustments to no avail.
Any software except CIS/OS involved? If so - name, & exact version:
No only cmd.exe (admin mode if running from Bat file) and wevtutil.exe
Any other information, e.g your guess at the cause, how you tried to fix it etc:
I Have no idea. I have tried a second new clean install of Win 10 and as I install other software wevtutil.exe cl always works quickly in 9 seconds, but as soon as CF installed it immediately slows to 2 minutes. When CF is fully uninstalled it goes back to only taking 9 seconds (ONLY CF or a CF setting can be the cause).
EDIT: I forgot to mention an observation. Closing (Exiting from) CF does NOT allow wevtutil.exe cl to run quickly -only a total uninstallation of CF does that

B. YOUR SETUP
Exact CIS version & configuration:
? COMODO Firewall 8.2.0.4674 (only)
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
D+/HIPS, Firewall
Have you made any other changes to the default config? (egs here.):
Tried with and without. Result: NO difference
Have you updated (without uninstall) from CIS 5, 6 or 7?:
NO it was not installed before as Clean install of Win 10
if so, have you tried a a a clean reinstall - if not please do?:
N\a
Have you imported a config from a previous version of CIS:
I have tried it with the CF installation config AND my previously used one when I was using Win 7. The result is identical
if so, have you tried a standard config - if not please do:
Yes (see above)
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
?Windows 10 Release 10.0.10240.16425 Pro (x64). UAC is enabled at its LOWEST setting. Local Administrator Account, Motherboard Asus P8Z68-V PRO/GEN3 8Mb RAM, Graphics Card Gigabyte GV-N460oC-1GI/ (GTX460)

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a= Avast! Ver 10.3.2225 Free Antivirus b) Avast! Ver 10.3.2225 Free Antivirus

:)I have no files Comodo Firewall has been uninstalled to check my findings after its uninstallation. Hope the above is adequate for you.

2

I’m the OP :slight_smile:

I spent a lot of time providing this report and having so far not heard anything from anybody to confirm/refute my finding from other readers or Comodo itself for 10 days I wish to ask a few procedural questions not mentioned in the specific topic regarding what happens.

  1. How do I know whether Comodo are satisfied with my input, and if not what they want further?

  2. How do I know when Comodo has taken a look at the issue or decided not important for them?

  3. What timelines normally apply to bug reports to know whether confirmed or not or not being taken up?

I ask because after years of very happy use, I am now without Comodo Firewall (due to this issue) and it is NOT a pleasant feeling.

Finally if Comodo is not interested in this report can someone please say so so I know a solution will not be forthcoming.

Many thanks

3

wevtutil el only lists available log names as stated by the help ouput, to clear a log use wevtutil cl

Clear events from an event log and, optionally, back up cleared events.

Usage:

wevtutil { cl | clear-log } <LOG_NAME> [/OPTION:VALUE]

<LOG_NAME>
Name of log to clear. You can retrieve a list of log names by typing
wevtutil el.

Issuing wevtutil el from the command prompt on Windows 7 x64 thats installed on a regular HDD takes ~5 seconds, I will try on my SSD that has Windows 10 x64 and report back.

As for your questions, bug reports that are in the required format are processed by the volunteer forum moderators when they have the time to do so. Upon being processed, valid bug reports are moved to the format verified bug reports sub-section. Comodo developers may or may not look into the bug report or may or may not contact you about the bug either, they may fix bugs without ever them confirming the bug or if they are looking into the big.

Edit: Even though there are more log names listed from the output on Windows 10, it still took no more than 8 seconds to list all available log names. Clearing two different logs was instant.

4

Hi futuretech :smiley:

Thanks ever so much for your helpful reply and correction of my mistake. I have now corrected my OP and referenced that you drew my attention to my error.
I have also included the bat file I use to run the cleal windows event logs. I am not an expert and as you can see the bat file refers to switches el and cl I did not notice and quoted the wrong one.

Thank you for testing on Win 10 and you say it works fast on your system.

May I ask if you are using win 10 Pro (x64) and can you please confirm if you used the same CF I installed for your test.
I note you ran it on an SSD whilst I have only Hard Drives (2 x Seagate 465GB Seagate ST500DM002-1BD142 (SATA/600)
Both have writing to cache enabled.

I will reinstall the latest comodo FW (and before I change ANY settings or import my win7 rules see if anything has changed since my post.
Certainly without CF installed my bat file (see below) completes in 9 seconds.

FOR /F “tokens=1,2*” %%V IN (‘bcdedit’) DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F “tokens=*” %%G in (‘wevtutil.exe el’) DO (call :do_clear “%%G”)
echo.
echo goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
exit

====

OK I have now just downloaded the latest CF (cmd_fw_installer_6907_a5.exe) and installed it.
My findings are EXACTLY and 100% consistently the same as before.

Once Comodo Firewall (cloud, sandbox, virusscope all disabled.) my “Clear all Windows Events bat file” (ran as Administrator)

slowed from 9 seconds to just over 2 minutes.

To test further, I switched off Windows 10 Firewall (that was still on) and that made NO difference.
I closed CF (but it was still installed). That also made NO difference.

I uninstalled CF rebooted and immediately my “Clear all Windows Events bat file” (ran as Administrator) returned to completing in 9 seconds

Whilst I have no idea what the issue is (way below my ability to find out) there is NO QUESTION CF is the ONLY common factor to massive slowdown of this bat routine..

Hope Comodo can work out issue and resolve (or tell me how to.

I reiterate this was a clean install of Window 10 Release and the 1st time I tried installing Comodo CF was one of the first app installed and it slowed to 2 minutes. My current Win 10 set-up all apps I want installed etc. The Windows Event Viewer is showing ONLY 1 warning and NO Errors on Windows Start-up and Log-on (e1iexpress) which is not related.

=============

5

Using your bat script there is a slowdown with CIS installed, I tried with all of the components disabled and the quickness of the command prompt screen scrolling down is noticeably slower with comodo installed compared to when ran without comodo installed. I have the home edition of Windows 10 x64 with CIS version 8.2.0.4674 installed. I didn’t time the operation of the bat file each run, but when I uninstalled comodo, the command prompt screen was scrolling pretty fast but with CIS installed, the screen was scrolling slow enough to read each action the bat was was performing.

6

:slight_smile: Thank you so much futuretech for bothering to re-test :-TU and for confirming my finding . Like you, I too found without CF installed the lists scrolled too fast to read, but with CF installed they scrolled slowly upwards and easily readable.

My concern is not only the 15 times longer to process this bat file (which is essentially a well published method to clear all Win Event logs in one go but what else is affected/slows down by whatever Comodo Firewall is doing/not doing. I have NOT tested but does CF adversely affect all command prompt scripts (I honestly do not know). either way CF directly causing a slowdown from 9 seconds to 2 minutes (13 times slower) on such a simple bat file to clear Win Event logs is not good.

I can only hope Comodo consider this an issue worth sorting out and hopefully soon. It is the only app I have on my PC affecting others adversely, and to be honest and I feel unable use CF unless issue is resolved. I love CF but not with this issue, and will need to look elsewhere if not solved.

In the meantime I am relying on Windows Firewall which is far from ideal IMHO (certainly not ideal when compared to Comodo Firewall, (the best there is, IMO)

7

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Thanks again

8

Unfortunately with the introduction of Windows 10 Pro (x64) Major Update/upgrade Ver 1511. Build 10586.14
Clearing all logs using the bat file described in an earlier post (WITHOUT Comodo Firewall installed slowed from around 9 seconds (with previous release of Windows 10 Pro (x64) to 17 seconds on my PC.

I have just installed Comodo Firewall (latest Version 8.2.4792) and clearing the logs now took 155 seconds (2mins 35 seconds).

Regretfully so far (if ever) Comodo do not appear to consider this huge hit on clearing logs an issue as it has not been resolved or "hot fixed). Very disappointing and I will uninstall the Firewall as not acceptable for me, that any app should cause a slow down to such a basic Windows activity by 9 times (from 17 seconds (without Comodo Firewall) to 155 seconds (with Comodo Firewall installed)

9

HI DKO,

It should be fixed in upcoming version (version 9).

Hope it helps.

10

This is fixed in CIS 10 beta.