cmdagent starting multiple instances of msinfo32 with high cpu usage

It seems quite random, but often.

My cpu usage goes through the roof and when I check my task manager, it shows msinfo32 as the culprit.

The parent program seems to be Comodo.

I can kill the process in the task manager but minutes to an hour later and it’s running again and won’t stop without a manual kill from the task manager.

Been happening consistently for about a week now.

Can someone tell me what is going on and how to stop it?

You can try to turn off send usage statistics under logging settings.

Well, I turned it off (don’t remember turning it on, so I’m guessing was a post update default setting?) and I’ve watched it for well over 24 hours and it seems to have done the trick. Many thanks! Sorry, I didn’t check that myself, but Comodo has never caused anything like that without asking first.

I am the only one who didn’t turn it off?

The amount of CPU usage that was taking up was something I rarely see on my pc anymore aside from video rendering and virus scanning. I can download at 50 MB/S and stay under 20%.

What on earth was it doing? How much info was it sending?

I’ll bet my PC could upload all my files and stats in a couple of days at that rate of CPU usage with that frequency.

Been having this same issue since a Comodo CIS program update in mid-November. I’ve spent many days and hours researching why msinfo32.exe runs all of the time, and have had as many as three of this running at once. But one of them eats up CPU and memory, causing the computer to stop responding. msinfo32.exe: CPU goes up to 50%; memory usage keeps going up so high (as if it’s firefox.exe!) that it makes doing anything online impossible (see attached screen shot).

Windows XP 32-bit, Firefox auto-updated (no longer supported on XP). Now I’ve tolerated Firefox eating up resources all of these years, just by opening it, no browsing, one tab open on home page and right off the bat it sucks up 400mb.

But I do not recall msinfo32.exe constantly running and a duplicate running that proceeds to floor the CPU. Why would System Information Tool need to run all of the time anyway?? Do a lot of other programs cause this to run in order to check our hardware, etc…? If so, wouldn’t it only take a couple of minutes for the program to see what a pc is running and then close the msinfo32.exe?

In Task Manager, I End Process and a few minutes later, it pops back up. It happens so frequently that I can tell it’s running when the pc starts choking. I’ve even just turned the pc on, didn’t open anything, left it sit and the msinfo32.exe keeps running, like a light switch, off and on… I’ve seriously thought about -moving- that file temporarily, out of it’s directory but have been afraid that it would really ■■■■■ my XP. Why? So I could force what program(s) are triggering it to run, to see what’s causing it.

It causes the pc to behave like it’s been taken over remotely, like by a robot, trojan, virus. Simply scrolling a couple of clicks down on a webpage, sometimes the pointer won’t respond. Other times, I scroll and the page will scroll back up on it’s own as if someone else is doing it!

I’ve ran multiple Full Scans in Comodo, Malwarebytes, SuperAntiSpyware, nothing found. Found those extra-cool tools in CIS, like the Process monitor and Killswitch (that’s how I discovered the evil msinfo32.exe was linked to cmdagent.exe). Tried sysinternals Procmon (process monitor) but these programs have so much info, I don’t know what a lot of it means.

And Windows services are set conservatively (Thank You BlackViper!) Been setting up pc’s for many years by his guidance and never had a problem. So no Remote related services are enabled (at least by me).

My mother’s pc has the same programs as I do and her’s has behaved this same way. All she does is check email and play solitaire and when her pc stopped responding from this same exact msinfo32.exe, she just quit using the computer. Btw, her’s was affected in mid-November also so I’m pretty sure it’s related to whatever was changed in CIS then.

We like to rant about our horrible ATT DSL connection for years on end but this new problem makes things a lot worse.

I’ve not messed with any CIS settings - everything has always been left at defaults. Never had an infection in all of these years using Comodo either and Thank You! Outstanding program.

Since this problem, we’ve just assumed that our XP machines are getting slowly abandoned and expect that in the near future, CIS won’t be programmed to work on this OS anymore. So when these strange issues suddenly appear, we’re not surprised.

Thank You.

OK, here we go again.

Started again.

This time it was the new cloud settings, probably upload unknown files to the cloud.

CPU pinned when this is selected. Multiple msinfo32 running again.

I hope this gets fixed.

I’m turning it off for now. It seems to have reset itself once though and I had to turn it off a second time.

I’m having this problem on my system (Win 7 SP1, CIS v12.0.0.6818) - many instances, like about 8-10 - and it started after I added msinfo32.exe to the ‘Protected Objects’ —> ‘Blocked Files’ list in HIPS. Really weird because Comodo doesn’t stop the file from running even though it’s in the list. I also had it in ‘HIPS Rules’ (I vet every process no matter what it does) but have since removed it from the rules but still the same! Comodo let’s it run but it looks like the OS sees it hampered and opens more instances (before I added it to the ‘Blocked Files’ list and let it run normally there was only 1 instance running at any one time) and CPU usage goes through the roof.

So devs, why can’t I block this process?

And speaking about processes and having to kill them, anyone else notice that ‘Deny and terminate’ in the HIPS alert popup denies a process but doesn’t terminate it. Kinda redundant.

Hello MedNz,

Thank you for reporting.We will check this and notify you.

Kind Regards,

So, after nearly 3 weeks can we have an answer as to why we can’t block this process?!

OK, so I’m betting an arm and a leg that this is caused by Comodo. Take a look at this thread: Redirecting
There are 3 people affected who are running CIS. Coincidence? Highly unlikely and since I can’t block the process with CIS it appears the relationship with Comodo is somehow abnormal right from the outset. And if you look at that thread you’ll see this has been happening for more than 2 years so I think it’s time the devs looked into this bug and sorted it out.

You can use the following workaround for the time being:

So this workaround will allow me to block the process? Hmm. We’ll see…

So, on my system that’s having the problem - 7 SP1, CIS v12.0.0.6818, 64Bit - it’s crashed 3 times since I turned off the send usage statistics 2 days ago. I have sent reports every time so I hope you’re getting them. I will note that I added msinfo32.exe back into the list of blocked processes at the same time I unticked the send usage statistics box. Don’t know whether this has any bearing on the crashing so I will remove it from the list and see if it stops crashing.

Hello MedNz,

The issue with automatic re-enabling after reboot “Send anonymous program usage statistics to COMODO” option has not been reproduced in our test environment.
So could you please check your Inbox via PM and send us the requested logs for the deep analysis of the issue.
Have a nice day!

Kind Regards,

Replied to your PM.

BTW, there’s no reboot. I assume you mean CIS restarting. There is no visible restart. All functions remaing working although I think cavwp.exe closes and then restarts.

Hello MedNz,

Thank you for your response and could you please check your Inbox via PM.
Have a nice day!

Kind Regards,

Crashing on my other PC now. The frst time it crashed there were more than 20 instances of msinfo32.exe running (most of them taking up only hundreds of kilobytes of memory but 4 or 5 taking up 20+MB each) and it’s been crashing ever since, a few times a day for 2 days. On subsequent crashes I don’t see any instances running.
Most of the time it will re-check the “Send anon usage statistics…” box once I choose to send logs and the crash popup closes but not always. Would you like me to send logs as per last time? This PC is a 32-bit desktop running Win 7. Everything else is the same as far as CIS version goes.

Can you check the c:\ProgramData\Comodo\CisDumps fodler to see if CIS logged the crashes? Comodo will be interested to see them.

Empty unfortunately. I will keep an eye on it and let you know if any files are written to that folder.

Hello MedNz,

Thank you for your support.I had forwarded your logs to our developers for further analysis of the issue and they are working in it.Hope it will be fixed soon.
Have a nice day!

Kind Regards,

via WMI Performance Adapter wmiApSrv, msinfo32.exe runs with this info:
CIMWin32 root\CIMV2 %systemroot%\system32\wbem\cimwin32.dll

“C:\Windows\System32\msinfo32.exe” /nfo C:\ProgramData\Comodo\Cis\telemetry\msinfo32\msinfo_40559132465B13C6978040EDE221C93A0DF05CFB.nfo (but nothing is in this folder)

My cpu is at 50% until I suspend or kill msinfo32 with process explorer.
This is getting boring after ?years?
Any fix yet?

BTW, I have the net blocked with Comodo’s “firewall/block all”.
Does the net need to be active for whatever this thing is to work?