Cmdagent.exe greatly delays opening of screensaver dialog box [NBZ ]

TOPIC TITLE
CIS 5 - cmdagent.exe prevents screen saver dialog box from opening on windows 7 x64

The bug/issue

  1. What you did: A clean boot with the comodo agent service disabled allowed the screen saver dialog box to open. After starting the cmdagent.exe, the dialog box wouldn’t open. I added shell32.dll and rundll32.exe in the system32 and the syswow64 folders to trusted files, computer security policy as windows system applications, and to image execution control exclusions. I also tried disabling Defense+ and permanently disabling. Still, the only way I could get to the screen saver dialog window was to end the task “cmdagent.exe”
  2. What actually happened or you actually saw: I saw the hour glass icon appear for about 5 seconds and I saw the rundll32.exe process appear and remain in the task manager.
  3. What you expected to happen or see: I expected to see the screen saver dialog box to allow me to change screen saver settings.
  4. How you tried to fix it & what happened: covered above.
  5. If its an application compatibility problem have you tried the application fixes?: not really an application.
  6. Details (exact version) of any application involved with download link:
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: start the cmdagent.exe process.
  8. Any other information (eg your guess regarding the cause, with reasons):

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: not really necessary because nothing happens.
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List: not showing in event log, active processes attached
  3. A CIS config report or file. attached
  4. Crash or freeze dump file: no crash or freeze

Your set-up

  1. CIS version, AV database version & configuration used: 5.0.163652.1142 AVdb - 6644, Internet Security config
  2. a) Have you updated (without uninstall) from CIS 3 or 4, if so b) have you tried reinstalling?: not an update.
  3. a) Have you imported a config from a previous version of CIS, if so b) have U tried a preset config?: not a previous config.
  4. Other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here. ) no
  5. Defense+ and Sandbox OR Firewall security level: safe mode but tried disabling and disabling permanently but no help
  6. OS version, service pack, no of bits, UAC setting, & account type: win 7 x64 uac off
  7. Other security and utility software running: Comodo Disk Encryption Beta, Diskeeper 2010 Pro Premier, Dual-Core Optimizer, Easy Tether, Eraser 6.1.0.2224, Free Arc 0.666, HashTab 3.0.0, HD Tune Pro 4.60, HTC Driver Installer, HTC Sync, ISO Recorder, Jetcast 3.2.4, K-Lite Mega Codec Pack 6.1.0, MagicDisc 2.7.106, nVidia stuff (PhysX, Sereoscopic 3D, StereoUSB Driver), Oracle VM VirtualBox 3.2.10, Parallel Password Recovery (RAR module) v. 1.5 Demo, PdaNet for Android 2.42, PowerISO, PunkBuster Services, SpeedFan, TightVNC 2.0.2, Topaz SigPlus Basic 3.95, Tor 0.2.1.26, Polipo, Slik Subversion, TortoiseSVN 1.6.9.19725 (64 bit), Unlocker 1.9.0-x64, Vidalia 0.2.9, Virtual Clone Drive, WinImage, WinMount V3.4.0831, WinPcap 4.1.1, Zip Motion Block Video codec, Daemon Tools Lite, Alcohol 120%, Folder Lock 6, HP Software, and Microsoft Visual Studio.
  8. Virtual machine used (Please do NOT use Virtual box): Oracle Virtual Box

[attachment deleted by admin]

Could you clarify please what screensave dialog you are expecting to appear, and exactly how you are invoking it.

Also why did you add shell32 and rundll to trusted files (I assume in Defense plus)? Were you getting alerts, if so what alerts?

Your CIS report suggests you are in defense plus paranoid mode is that correct?

PM sent

Defense + is in safe mode normally. I added rundll32.exe and shell32.exe to trusted files because those are the files that bring up the screensaver dialog window. The window I’m referring to is the one that allows you to choose the screensaver and optionally click the settings button to change that screensaver’s settings. I right click the desktop and click personalize, then click screensaver in the bottom right corner.

Although you have not imported settings, this is the sort of issue that might well be resolved by a clean re-install. You have given enough info for me to forward this without such a re-install, but I think it might be best to try it. Would you be willing?

The devs will also appreciate a screenshot of your logs after a reboot and after trying to open the screensaver dialog, even if they don’t seem to show anything, as they may reveal something indirectly related.

Meanwhile will await your response.

Best wishes

Mouse

Here are my log screenshots. Uninstall/reinstall of CIS 5 didn’t solve the problem. I used the universal web installer.

[attachment deleted by admin]

The firewall log is the same as the D+ logs you attached.

Please add utilities to your bug report. I see you are using D-Fend in the D+ logs. Not sure what it is but it seems to provide a virtual hd among other things. Looks like something that could interfere because it most likely installs a driver. It is important for the devs to know such things. Please add all other utilities to the bug reports that are driver based.

edit: oops on the firewall log. Too late to get it now.
D-Fend is a front-end for DOSBox. DOSBox does have the ability to mount a drive image for use in a DOS environment.

Other utilities that may possibly install drivers are as follows:

Comodo Disk Encryption Beta, Diskeeper 2010 Pro Premier, Dual-Core Optimizer, Easy Tether, Eraser 6.1.0.2224, Free Arc 0.666, HashTab 3.0.0, HD Tune Pro 4.60, HTC Driver Installer, HTC Sync, ISO Recorder, Jetcast 3.2.4, K-Lite Mega Codec Pack 6.1.0, MagicDisc 2.7.106, nVidia stuff (PhysX, Sereoscopic 3D, StereoUSB Driver), Oracle VM VirtualBox 3.2.10, Parallel Password Recovery (RAR module) v. 1.5 Demo, PdaNet for Android 2.42, PowerISO, PunkBuster Services, SpeedFan, TightVNC 2.0.2, Topaz SigPlus Basic 3.95, Tor 0.2.1.26, Polipo, Slik Subversion, TortoiseSVN 1.6.9.19725 (64 bit), Unlocker 1.9.0-x64, Vidalia 0.2.9, Virtual Clone Drive, WinImage, WinMount V3.4.0831, WinPcap 4.1.1, Zip Motion Block Video codec, Daemon Tools Lite, Alcohol 120%, Folder Lock 6, HP Software, and Microsoft Visual Studio.

I think that covers most of them and I had all of them working before, but I don’t know if they work now unless I change a few settings in order to get them working again.

I see you have Virtual Box running (albeit the oracle version). Unfortuately CIS does not work properly when VirtualBox is installed. If you uninistall VirtualBox does this stop happening? (VMware player/workstation is is good alternative that I am using without problems).

I have edited your bug report to include the utility and Virtual Box information. I would be grateful if you could check your bug report to makes sure there are no errors before I forward this. If there are please edit it and correct them.

Many thanks

Best wishes

Mouse

Maybe you were just impatient like I was. First time after installing CIS I also was thinking there is some problem with the screensaver dialog box. I just could not open it so few times I just closed this whole window. Then I decided to wait a little longer after I click on the screensaver dialog box. After maybe 10-15 seconds all was OK. No more “problem” after that at all. Now always open fast and easy. I assume it was some first time checking and maybe with cloud and my connection was busy downloading at that time.

However it was on XP 32.

PM reminder sent.

Mouse

Unfortunately it sometimes work and sometimes does not work. There is indeed some problem with that display properties window on my machine. Sometimes when I click screensaver tab it just freeze for long time but sometimes after that it just work OK. Sometimes can not open this at all. CPU up to 100% by cmdagent.exe. I have no idea why is that. Maybe custom screensavers and themes?

I add c:\windows\system32\desk.cpl to trusted files but no change. Nothing in unrecognized files.

How to fix that?

This is so far only problem I found int the CIS 5 which is so good and trouble free otherwise.

I will really appreciate any help.

I would recommend you to reinstall CIS 5. uninstall it, clean the remaining registries from CIS with CSC (comodo system cleaner) or any other. Then installed the CIS again.

here is the link to download the 64bit version

http://download.comodo.com/cis/download/installs/1000/standalone/cispremium_installer_x64.exe

Regards,
Valentin

That was problem with custom screensavers in my case. When I try to run them they were sandboxed, alerts etc. I removed them and seems that the problem is gone. Well, better be cautious than sorry so I prefer not to allow them. Not big deal as I never used these screensavers, so no big loss.

I have dozens of additional screensavers installed. One time I did wait about 15 min and Comodo falsely detected one of my screensavers as a virus. I then chose to ignore it and followed by disabling real-time scanning and the screensaver dialog appeared. Many of my screensavers no longer work, I’ll have to figure out what settings are required to make them work. Many are detected as false-positives for viruses.

I have used Virtual box for a long time and have never had any major conflict with Comodo. What is the nature of this problem? Uninstalling didn’t seem to change anything, but disabling real-time virus scanning did make the dialog appear after about a minute.

I found what setting was needed to allow one particular screensaver to run. There is the .scr file in syswow64 and an exe file in program files (x86). The exe needed to be added to the image execution control exclusions. This was for the Battleship Missouri 3D Screensaver. I think that the other ones will require similar settings. This is also one of the ones that gets detected as a virus.

My understanding is that there is a deep conflict in the ways the programs hook into the OS. This has arisen since CIS has hardened its hooks to prevent malware evasion. CIS’s behaviour with VB running is thereby rendered unpredictable.

So regretfully you will need to try this before this can be considered a genuine bug and moved to format verified.

I presume you are not saying this still happens with CIS uninstalled? You are saying it is not affected by re-installing CIS?

Seems possible that a large number of bespoke screen savers causes this. That might be the common factor. Does not happen on my machine (XP 32)

Best wishes

Mouse

I have tried with Virtual Box uninstalled; it makes no difference. The screen savers that get detected as viruses are from 3Planesoft and Astro Gemini. If I leave real-time scanning disabled, I can open the screen saver settings window. If I try to open the dialog box with real-time scanning enabled, it takes a very long time, like 15 minutes or more. If during that time I disable real-time scanning, it appears in about a minute. My gut says that every time I open that window, CIS must scan all of the screensavers before the window appears or finish the process of disabling real-time scanning. There are about 100 files between 10 to 20 MB.

edit: I guess what I’m really saying is that there is no bug. I just have too many screen savers installed. And, there is a workaround. Just use one of the third-party screen saver managers that gets installed with many of those third party screen savers. There’s one from Astro Gemini and one from 3Planesoft. Both of those work. (correction - The Astro Gemini screensaver manager works, but it seems the 3Planesoft one has the same problem.)