cmdagent and cygwin

CIS 5.3.176757.1236
Virus DB: 7580

I use cygwin quite a lot and when I start a shell (zsh), more often than not it takes a long time and the CPU spins at 100% with cmdagent.exe being the culprit. cygwin pulls in a few dll’s and starting a shell causes running a few of the cygwin executables. After the shell starts, starting it again is fast for a while but then it’s slow again. I suspect this is because of the stateful setting of the a/v. These cygwin files do not show up under ‘unrecognized files’. Any way to speed up this cmdagent real-time scanning or is this a bug in the A/V?

Can you take a look in the D+ logs and post a screenshot of them?

Also try giving cygwin the Installer/Updater policy in D+.

There are no events in D+ pertaining to any of the cygwin exe’s or dll’s. I do not think it’s appropriate to give cygwin installer/updater.

The slowness seems to occur when a new version of the a/v database is installed.

If that’s the case you can disable the automatic update of AV.

If you want to have more control over the updating of the AV then there is workaround. Make scheduled scans that scan a folder with only a small file in it and set the AV to update when doing the scheduled scan. That way you can control the AV updating.

Is there a way to tell what cmdagent is doing when it’s hogging the CPU? Is it doing an a/v scan? Is it trying to submit something to the cloud? D+? etc

This seems to have started with the upgrade to 5.3, I did not notice this problem before.

You can try to cross reference with the D+ logs (View Defense + Events) to see if there was something going on that wast being tracked.

There’s nothing in the logs really, my logs are fairly quiet. I now upgraded another machine to CIS 5.3 and I’m seeing the same issue.

cmdagent just crashed during one of these high CPU cycles. I submitted the crash dump to Comodo, hopefully a bug will be identified and fixed.

Did the bug report actually get through when sending by email?

If you know what scenario triggers the crash please consider filing file a bug report in the Bug Reports - CIS board following the format as described in FORMAT & GUIDE - just COPY/PASTE it!.

I emailed the crash dump and didn’t bounce so I assume it went through. I’ll file a bug too, though I can’t reproduce the crash, but I can always reproduce the slowness on multiple machines.