Sometimes I’m experiencing very heavy HDD access, even when my PC doesn’t seem to do anything. Today I decided to look into this (using Process Explorer and Process Monitor) and found a strange behaviour of cmdagent:
It caused the constant HDD access and full CPU load on one core, because it tried to access a file which I recently downloaded (using Firefox). The problem is: The file is 2.3 GB large. My Scanner Settings for real time scanning state that comodo should only scan files up to 20MB and it should stop after 60 seconds!
Since it obviously wouldn’t finish any time soon, I decided to close CIS. However, cmdagent remained active and scanning. So I started CIS again and disabled the three security levels. Still, cmdagent would not stop. Then I moved the large file to another partition and finally CIS stopped scanning.
Just an idea: Maybe CIS starts scanning the file while it is downloading and smaller than 20MB and then it doesn’t stop when it gets larger?
Edit - Additional info: The installation file (that 2.3 GB file) was corrupted. CRC error.
Regards
Atrocious
–
Windows Vista 64 Business
4GB DDR
AMD Athlon 64 X2 Dual Core 5600+
COMODO 3.8.65951.477
Hello, I would suggest that you try with CIS 3.9 RC2, it contains many many bugfixes and is soon to go public… (12 May scheduled, will receive a few fixes prior to that as well)
Here is direct download links (make sure you pick the one suited for your system):
I also have terrible problems with CMD using up 100% of my CPU.
there are a cople of other problems connected with it, becomming more and more in the last days and weeks
To start with CMD:
CMD communicates with the unregistered IP adresses 149.5.128.171:80 and 205.234.175.175:80.
When I blocked this adresses, they were unblocked the next time I switched to my admin account and back.
In fact all my entries in “Blocked Network Zones” were deleted. The same happens to the processes blocked with defense +. The applications I block are in a few cases I found out not shown as blocked in the Defense + history. So I m suspicius, they are blocked after all.
I still receive a couple of suspicious D+ Alerts: normal programs like help (HH.exe) or taskmgr asking permission to “modify the user interface” of cfp.exe. Also programs like Firefox.exe asking permission to execute Firefox.exe. When I follow the links in the D+ alert window, they are shown as identical processes.
There are other oddities like the windows help doesnt start and the other helps dont work.
Also my windows update shows 4 Updates last week, I clicked them all to be installed, after some rebooting during a shutdown i was told 2 were being Installed. But after the reeboot none of the recent updates was shown in System/Software.
I had Spybot installed until two weeks ago, uninstalled it as suggested in another CMD posting, but to no aveal.
can anyone please help?
I suppose “Anti Virus Help” meight be the wrong topic, but I wasn t able to start a new thread.
Version:
CIS 3.8.65951.477
XP Home
no other security software installed apart from process explorer and other Sysinternal products not running permanently.
These are IP addresses for the AV updater. Comodo seems to have outsourced it. Nothing to worry about.
The same happens to the processes blocked with defense +. The applications I block are in a few cases I found out not shown as blocked in the Defense + history. So I m suspicius, they are blocked after all.
Make sure you ticked the alert to never ask again. Do these applications show up as blocked under D+ → Advanced → Computer Security Policy?
I still receive a couple of suspicious D+ Alerts: normal programs like help (HH.exe) or taskmgr asking permission to "modify the user interface" of cfp.exe.
In what mode is CIS? Proactive? How is your Defense + setting (Safe Mode or Paranoid Mode)?
Aso programs like Firefox.exe asking permission to execute Firefox.exe. When I follow the links in the D+ alert window, they are shown as identical processes.
Nothing to worry about. That is not uncommon behaviour.
There are other oddities like the windows help doesnt start and the other helps dont work.
Also my windows update shows 4 Updates last week, I clicked them all to be installed, after some rebooting during a shutdown i was told 2 were being Installed.
Please make sure these are not hiccups with the Microsoft Update. It will provide an error number that you can use to troubleshoot. Also make sure to be present with the updates. SOme of them may sometimes have an installer that is not covered by the CIS policy; the av removal tool is one of them I think
But after the reeboot none of the recent updates was shown in System/Software.
Not all upates are shown by default in that list. Make sure you have the box ticked at the top to show them all.
I had Spybot installed until two weeks ago, uninstalled it as suggested in another CMD posting, but to no aveal.
can anyone please help?
I suppose “Anti Virus Help” meight be the wrong topic, but I wasn t able to start a new thread.
Version:
CIS 3.8.65951.477
XP Home
no other security software installed apart from process explorer and other Sysinternal products not running permanently.
When needed we will move it. Are you still having problems starting a new topic? If so try deleting the cookies for the forum and log back in again.
Sorry to say so but isn’tt Comodo interested in being trusted?
No they are not shown there.
Mode:
D+ was in clean PC mode until about a week ago an is now in safe mode. Firewall level is Safe mode in my account with restricted rights but in training mode in my admin account but I’m sure I didn’t switch it lower than safe mode.
I’m nearly always present when I download and install Updates and I received neither an error number nor error message but I don’tt really see that much of the installation process as the updates are only installed when I shut down XP during the shut down process.
The box “show updates” is ticked.
To the problem that programs like Firefox.exe asking permission to execute Firefox.exe. What worries me is that there werent such alerts during the first two month I used CIS.
To the quwtstion abaout starting a new topic: Blame on me, I still can’t find a button to start a new topic.
I am always starting the update manually and keep an eye. Do you get an error when installing manually?
When CIS is in Clean PC mode it will assume all files on your HD are safe. You will only get alerted when a new files is introduced. Since FF was already on your system you won’t be alerted.
About the IP addresses. The 149.x.y.z is the official download.comodo.com url. The other one is hosted some place else. In the initial search I had used Arin whois service but that was not as conclusive as the second search I did using Whois - IP Address - Domain Name Lookup . Thanks to John Buchanan for pointing me to the fact the 149.bla is the regular download IP address.
Truely odd about the new topic button. Clean cookies from within your browser and restart your browser. Does that help?
I´m really sorry I don´t see such a button. Searching the help and the forum also didn´t put out any usefull matches. Deleeting cockies and changing the PC didn´t help, too.
Where on the site is the button placed normaly?
Aaaaah, thank you, I seem to have overlooked it. Again thanks to everyone.
To the update question:
I deleted iexplorer manually because I couldn´t delete the iex 8 beta via system–>software. Then I couldn´t reinstall it. Even the iex 8 release didn´t do.
Updates only work using the automatic notification. I still get a window where I can choose which update to download, but haven´t seen any malicious software removal tool for month.