cmdagent.exe HIGH CPU USAGE ( CPF v2.4.18.184 )

From searching the forums, I’ve seen reports of high CPU usage by cpf.exe
but no references to cmdagent.exe

I’m posting to report that I’ve repeatedly encountered a problem where the PC becomes sluggish due to excessive (continual) cmdagent.exe CPU usage – hovering around 42% to 48% as reported by Windows task manager (or Sysinternals Process Explorer). This is a dual-processor PC; on a single processor the usage may be equivalent to 84% to 96% (I don’t know).

I haven’t been able to identify the condition or combination if events event which triggers the cmdagent.exe “bug”, but have concluded that when it occurs:

– exiting and restarting the GUI portion of the firewall (cpf.exe) does not resolve the problem.

– it’s not possible to stop/restart the “Comodo Firewall Service”

– in short, there’s no “fix” ~ a reboot is required.

Other details:
– I’m running CPF is in ‘learning mode’ with its highest alert setting

– both ‘network’ rules and application-specific rules are minimal

– logging is minimal (minimal logging frequency, so logfile access can’t be an issue here)

Hi frazzled. There are many posts about cmdagent.exe ~ cpu usage. Check this one out for starters:
** FAQs/Threads - Read Me First **:

Version 2.4 - cmdagent.exe and high CPU https://forums.comodo.com/index.php/topic,5499.0.html https://forums.comodo.com/index.php/topic,5972.0.html https://forums.comodo.com/index.php/topic,6160.0.html

This one’s more complicated than cpf.exe based on my own observations (because logging has absolutely nothing to do with it).

Thanks for the leads. I’ll followup in this existing thread:
https://forums.comodo.com/index.php/topic,5499.0.html

(scratching my head)
Searched the forums for “cmdagent” again just now and didn’t get any results other than this thread – the thread I’m replying to.

It’s the forum search “bug” as I call it. It hasn’t been working for months now… >:(. What I do is use the advanced search, and if the topic titles only option is enabled, the chance of it messing up is much lower.

Try dll injection, under Security- Advanced- Application Behavior Analysis- Configure- Monitor dll injections.
If it is that (i bet it is), you’ll ask yourself, as i, what am i missing with this option off. Besides the obvious.

What is missing besides its intended function, is really relative to your system setup and knowledge/confidence level.

Because I still have this problem from random time to random time, I thought “forget it” and disabled ABA altogether. I never had such a feature in the past with any firewall or security program, so having it now will, although be beneficial, doesn’t necessarily mean I need it.

I thought about that too lol. Pure Firewall- engage.
But then you look at interprocess mem. mod. - wait, i want that! (:LGH)

Well, that’s only applicable if you have malware on your computer or are susceptible to being infected. For us folks who are confident (arrogant?) then it’s all cool.(:KWL)

You could also potentially call it foolishness… The only secure computer, after all, is one not turned on. Ever. ;D

LM

There’s a thin line between foolishness and know-it-all’ism. As long as you’re sober and know what you’re doing then you don’t need to worry about pulling the cables.

Anyway, I bet Frazzled will be dazzled (:LOV) when (s)he sees we’re off-topic the next visit.

Heh, I think our ability to go off-topic should dazzle anyone! :wink: At any rate, looks like frazzled is back to be dazzled by our brilliance, but isn’t watching us at the moment. Perhaps the other thread…

LM

PS: That’s all from me…

That other thread would’ve been longer had I not deleted my own posts back then (and further confused readers).

Hey, nice Shoes!

???

During the past 5 years, the worst thing(s) that have hit my PC are the CRAPWARE Dell preinstalled on my system last spring. Other than that, the only remarkable incident was a worm carried as payload within a “Neopets Toolbar” installed to another PC on the LAN… which copied itself to this PC via a shared documents folder (but never had an opportunity to execute).

Neither the overall app nor any of the features was advertised as beng “beta”, so turning off “monitor dll injection” isn’t something I’d consider doing.

I installed the ComodoFirewall app, version 2.4.whatever.dot.morenumbers with the intention of running it full-bore. My “ground rules” while evaluating it include the conditions/restrictions that it may not “call home” for updates/patches and it may not “send back” any data collected during my usage.

I agree with a post I read a while back ~~ Comodo is developing a great, free firewall app…
… and, in return, we’re all onboard as great (free) beta testers. So far, for me “free” has meant many (6+) hours of fretting and hair-pulling and head-scratching trying to figure out which end is up. So, ThankYou Comodo… and Yer Welcome!

I’m not saying you should, or otherwise. I’m saying that’s the problem.

For me it’s MDI once in a long, random while (once every a week?), and other times it’s Monitor COM/OLE Automation that causes it, in which case a reboot nowadays resolves it. The more I observe it, the more random it becomes ???.

frazzled, I know you’re really digging into the FW (I’ve seen your posts). In your hair-pulling and head-scratching, some of what’s in here may be of help to you (then again, you may be past this point, so it’s just fyi - just in case). https://forums.comodo.com/index.php/topic,6167.0.html The top post in the thread has a link to the FAQ, where there are some links to different discussions on aspects of high CPU usage by different components.

LM

Okay, thanks! I got stuck on the “IF”

other times it's Monitor COM/OLE Automation that causes it
Wow, I'm not that slick at pinpointing causes. I guess I'll set my COM/OLE to manual instead of automatic {giggle} (sorry)

Haha, you reminded me of the day I was sitting there, jumping back-n-forth between firewall log and TcpView windows, wondering where the heck all the port 53 traffic was originating…

(Duh! TcpView resolves the hostname of the remote party for each connection)

I also have high CPU usage at times with cmdagent. Had it in the last few releases too.

My symptoms are that my hard drive will suddenly come to life and cmdagent will gradually increase CPU usage until it hits about 50%. Then disk activity will stop and the CPU will drop to zero or thereabouts for cmdagent. During the 10 or 15 seconds all this is going on my system is nearly at a standstill although I can bring up Task Manager to see my CPU utilization.

Through trial and error I’ve determined that the Component Manager is the cause in my case. Tried Learning and On and it doesn’t matter. The only solution was to turn CM off completely.

Now would anyone want to take a stab at the possible cause of my problem given what I just mentioned?

How you filed a support ticket this on? http://support.comodo.com

As per the help file and manual (which I won’t link because it’s too long to read 88)) it seems CM performs rigorous checks when ON and scans your computer to a certain extent every x minutes when LEARN. Either way, it’s true that it consumes cpu, but obviously 50% is an issue.