cmdagent constant I/O activity

Running Win7 X64, latest CIS, Proactive Security.

The timing may be coincidental, but since around the time that the 7 update came along, my computer gets sluggish once in a while. When I look at active tasks, cmdagent.exe is always doing some I/O activity, averaging about 30KB/sec.

This activity seems to be constant! i.e. it never stops. And, it even persists when the AV, FW, HIPS, and Auto Sandbox are all Disabled. I cannot imagine what it’s doing, given that when everything is Disabled it should be doing nothing.

I don’t know if this was the situation with V6, but this occasional sluggishness that I’ve been getting is what made me look.

Any comments?

Edit: now that I’ve started this thread, I find myself doing a bit more investigation. It appears that the activity reduced significantly (to less than 1KB/sec) when I closed my browser. More interestingly, it seems to have remained at this low level after I restarted my browser, with all the same windows that were open at the time that I closed it.

I am pleased, but let’s see how this holds up.


I can think of a couple of things:

  • initial scan
  • cache building

On installation, the first scan pretty much can’t be killed; even if you stop it, it is merely ‘paused’. I disabled both of the scheduled scans, and that stinkin’ task was just plain ol’ persistant. I let it finish and it hasn’t bothered me since.

The cache builder is spoda facilitate real-time scanning. Dunno how much of a performance hit is incurred with real-time scans. When in ‘statefull’ scan-mode, it only examines files that are accessed after the AV def DB has been updated. I spose if ‘on-access’ mode is implemented, the cache could mitigate the performance hit.

It looks as if the high activity starts when the browser’s FlashPlayer plugin starts. Until then, the cmdagent activity is much lower.

Thanks for looking.

What browser?

Using Pale Moon (Firefox variant).