cmdagent.exe CPU usage very high on initial login to Win XP user account


I installed Comodo Firewall today, selecting it ahead of Kerio even though I had just paid for the latter. My computer runs on Windows XP, SP2 and with all critical updates. I have two users set up, one for my wife and I and the other for my daughter.

When my daughter logs in to her user account and before she starts up any programs the CPU usage of cmdagent.exe is shown by the windows Task Manager as being in excess of 90%.

I have fairly normal startup processes such as the Adobe Acrobat reader starter, but the most relevant to this would be that I run Bit Defender Standard v9.

Can anyone help me with why this high CPU load might be occurring?

Thank you,


I may have mislead above. I checked again and find that cmdagent records >90% regardless of which user account is logged into. It appears as though it is taking any CPU cycles not used by anything else.


Hi Jeff, welcome to the forums.

I’m sorry you’re having trouble. Check CFPs Log to see what is being reported. When cmdagent consumes CPU like this it usually because it is being forced to work very hard indeed.

I’m not aware of any conflict between CFP & Bit Defender. But, if there is nothing in the Log to indicate what CFP might be doing, then temporarily disabling Bit Defender to see if this resolves the problem would be a good idea.

Also, are all of CFPs settings & rules at their default state or have you added/modified/removed anything?

I don’t believe I have changed anything but to be sure I will uninstall and reinstall with all default settings.

I’ve noticed the same high CPU usage here but only when I’m using P2P programs, specially utorrent. Why this is happening? I have the correct permission rules defined but the CPU use continues high. The normal Comodo rules are here. I just make my own and moved it up (see below)

When I used another firewalls to test this high CPU uses (Zone Alarm, Webroot, Kerio, Windows itself) only Kerio had same problem and I discovered that was the “resolve IP” option that caused this. Does Comodo tries ti resolve IP too? If it does, it can be safely disabled?


I reinstalled with default automatic settings and the CPU usage is high right from the time I log in to the user account. I haven’t used any P2P programs altough my daughter will want to in the future.

I turned of the dll injections but nothing changed.

I have attached a .txt copy of the log, unfortunately all the log entries run together so it’s hard to read but someone knowledgable may be able to detedt any issues.

Thanks for your help and I would appreciate any further advice.


Jeff, sorry about that monitor dll injections options - it was for Cucamonga’s post with P2P issues.

That text file is difficult to read! Also, you should block any private IP address with 'x’s or something.

Have you tried disabling the Block all outgoing connections while booting option to see if that helps? (Advanced Attack Detection and Prevention > Configure > Miscellaneous > …)

Yes, I thought your refernce was for Cucamonga.

The Bolck all outgoing connections… was already deselected.

I’m fairly new to this so I’m not sure what you mean by private IP addresses.


The text file that you attached in your earlier post - you should mask any private IP addresses for your own security so that others won’t know ;). I can’t really make out that file, but perhaps someone else can. It’s recommended that you modify it.

Thanks, I’ve deleted it for the time being. I’m squeezed for time at the moment so I’ll repost it when I can edit it appropriately.

The main entry in the log has been “Outbound policy violation, Access denied protocol IPMG, Control Rule ID =5”. I presume this is normal.

I’ve noted that occasionally the cmdagent CPU use does in fact fall to zero, but then returns to approx 100% without visible cause.


I presume you mean IGMP? Internet Group Management Protocol. It’s for multicasting. The firewall blocked outgoing connections using that protocol. But I’m honestly a newbie at this, so I’ll let someone else continue from here. (:WAV)

Yes I did mean IGMP. I would like to know whether that block would be considered normal.

I will be away from my computer for a few days so I’ll explore all this further when I get back.

Thanks very much for your help soybeaner. I appreciate it.

Now I have an cofession to make. I think I have found the culprit. I recently created a slipstreamed CD in order to reinstall Win XP on my computer. As part of that I installed Virtual Machine software VMWare Player and Altiris on my computer. In the process of our discussions above I uninstalled them. After rebooting it appears cmdagent.exe is no longer occupying the high CPU. It seems it may have been montoring the virtual network adapter, probably created by VMWare Player.

Thanks everyone for your help. I shall return to this investigation in a few days.


Thanks, man! Worked perfectly (:AGL)

Happy New Year!