Cmdagent starts crashing repeatedly after a few months, cavwp involved?[V6]

A. THE BUG/ISSUE (Varies from issue to issue)

• Summary - Comodo Corruption Bug
• Can U reproduce the problem & if so how reliably?: Install Comodo, wait 2 months, observe that it becomes unusable after an update/restart/whatnot
• If U can, exact steps to reproduce. If not, exactly what U did & what happened: See my description below
• If not obvious, what U expected to happen: Shouldn’t corrupt at all
• If a software compatibility problem have U tried the conflict FAQ?: Have not looked at the software conflict FAQ
• Any software except CIS/OS involved? If so - name, & exact version: Hard to say, am I not allowed to use my computer while running this?
• Any other information, eg your guess at the cause, how U tried to fix it etc: Background process crashes, hogs cpu in infinite loop
• [color=purple]As noted, find attached Diagnostic dump. Note that the Comodo claimed a large number of Defense+ events. There are no reliable logs to speak of since the re-install though. There is a debug.zip attached with the configuration attached, your forum wont let me upload .cfgx

B. SETUP

• Comodo: Internet Security Premium 2013 6.1.275152.2801:
• Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: I turn everything on/off once in a while. Often I suspect that the Defense+ is just broken so I turn it off to install (legitimate) updates. However, I keep sandbox off by default, rarely use it. Try to keep it all on when I’m not using anything. Worth noting: this problem has partly to do with not being able to use the UI to enable/disable components. Here is my current configuration:

Antivirus:
Realtime Scan: Enabled
Scanning Optimizations: Enabled

Defense+:
HIPS: Enabled, Mode: Clean PC Mode
Behavior Blocker: Auto sandbox unknown as Partially Limited
Sandbox: Empty

Firewall:
Enabled, Safemode

File Rating:
Enable Cloud Lookup

• Have U made any other changes to the default config? (egs here.): No notable changes to default config
• Have U updated (without uninstall) from a CIS 5?: No, but had to recently re-install 2013 over itself after the update seemed to leave things worse off.
  [list type=lower-alpha][li]if so, have U tried a a clean reinstall - if not please do?: Yes, I have, this is a dump from before the fix
  [/li]- Have U imported a config from a previous version of CIS: I presume the re-install over 2013 didn’t remove my config
  [li]if so, have U tried a standard config - if not please do: …what exactly does “standard config” mean? Not using any software?
  [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: OS: Windows 7 SP1 x64 UAC On, minimal (6.1.7601.17514), Dell laptop
• Other security/s’box software a) currently installed b) installed since OS: Not really security software, but I have various 3rd party apps ready to go for when Comodo tanks. However, I don’t run any of them until it does.

I really think this is irrelevant but here there are anyways:

• Procmon
• Process Explorer
• Autoruns
• MalwareBytes (only turned on for the occasional scan - NO THERE IS NO ACTIVE COMPONENT, NO REALTIME SCANNER YOU CAN REST ASSURED YOU ARE NOT OFF OF THE HOOK FOR A PROGRAM THAT IS NOT BEING RUN)

I keep some antivirus software downloaded as well, e.g. Avira etc. in case I have to entirely remove Comodo and need to consult another AV product. However, I leave it uninstalled.

And of course I have an array of offline scanning disks (BitDefender etc.)
[/b]
[/list]

find below my original post

OS: Windows 7 SP1 x64 UAC On, minimal (6.1.7601.17514)

Comodo: Internet Security Premium 2013 6.1.275152.2801
Virus Database: 16082

Hi,

My install of Comodo Internet Security Premium recently broke (again)…it seems this product requires a re-install every two months or so.

I was able to get Comodo to attempt to repair itself by running it in safe mode, however, the program provides no way to initiate a repair. It then (out of safe mode) realized that Defense+ was severely broken, initiated a repair, failed, and generated the output found attached to this post.

Before Comodo broke, I noticed cavwp.exe exhibiting odd behavior. This is consistent with every time Comodo has broken or become unusuable in the past. Some active agent crashes in the background and gets stuck in a forever loop of some sort…doing god knows what…with no way to reboot other than a literal machine reboot.

A fresh install seemed to fix the usability problem. There is no other AV product installed. Comodo has failed me…for the 10th time is it?

Here’s to hoping the dump helps you figure out the problem.

[attachment deleted by admin]

Thanks very much for your issue report, and trying to put it in standard format, which is much appreciated.

Unfortuantely devs find it difficult to read bugs which have no promts, so I would be grateful of you use the full format complete with prompts.

It may look difficult but actually it’s really easy to do just follow the instructions here. That is copy between the dotted lines, and paste into a topic, then enter your information after the colons.

I would also be grateful if you would check to ensure you have answered all the questions including all sub-parts, and appended all requested attahments. You will find that the concepts are explained in red links in the format.

Best wishes and many thanks in anticipation

Mouse

Thanks…tried to make the changes you requested.

Is the original dump still attached?

My problems have gone away for now, but that’s not saying whatever broke in the first place won’t happen again in a month or two.

Next time it does break I suppose I’m better prepared to report a problem now that I’ve familiarized myself with the format/forums. Hopefully the file I attached is somewhere on here (I don’t see it).

If it helps, I noticed the other day that some setting seems to have changed that likes to auto sandbox stuff, which was messing with some installers. I do run a program version checker/installer, namely Secunia PSI, however that’s not strictly security software. I had to re-install that program as well recently, which makes me wonder if the Sandbox isn’t playing havoc with the fs.

I also notice times when the drive seems to be overly active, and I don’t know if this is cavwp going haywire again. Comodo seems to come up clean though, and the persistent infection tool doesn’t come up with anything.

Thanks, no problem and yes the dumps are in the CIS diagnostics report.

If possible I still need:

• the ‘watch activity process list’ please before forwarding,
• also please says what modules you had enabled were when the crashes occurred (and which level they are at (eg safe, etc))
• and give your configuration (accessible under advanced settings ~ general settings ~ configurations. That is where the default configs are, too.

And thanks for the additional information, I’ll lets devs consider what the conflicts might be, Secunia is not one I know of. There may be teething problems with 6.0 cavwp (some indications on my machine), though it should not cause a crash, just CPU/disk usage.

Many thanks in anticipation

Mouse

Can you also mention what these third-party apps are?

I’ve sent a PM reminder.

I’ll wait till tomorrow for response

Sent another reminder PM

Best wishes

Mouse

Thanks very much for your issue report, which is much appreciated.

We have moved it to the non-format bugs board for the moment, because it is not in the standard format or too much of the information we normally need to replicate a problem and fix it is still missing.

We realize some people may not have the time to do an issue report in standard format, and therefore offer the option of a non-format report instead. But the problem is much more likely to be fixed promptly if you edit your first post to create an issue report which reflects the guidance in the Standard Format topic. (You can copy and paste the format from this topic). The reasons we ask for the information we do are given in this post.

You can get your report moved to the format verified issues board simply by ensuring that it reflects the guidance in the standard format topic, and PM’ing a mod who is active on the bug board.

Best wishes

Mouse

I apologize for the difficulties.

I can give you the information you want, except the only information I have from before the crash is the stuff I’ve already supplied.

Nevertheless, as I’ve been seeing similar ‘teething’ issues with cavwp recently, I figure whatever issues I may have are being repeated.

So attached to this post is my configuration. I’ve also created another diagnostic report. I’ve had Comodo fail to update its antivirus once since I last posted (it was three days out of date). I’ve looked in the logs and seen some stuff defense+ about chrome trying to access svchost.

I try not to change my modules config much, but as already mentioned I do turn things off/on when issues occur. I cannot remember and cannot tell you what the configuration was when I originally posted. Nevertheless, here is the summary of what I currently have:

Antivirus:
Realtime Scan: Enabled
Scanning Optimizations: Enabled

Defense+:
HIPS: Enabled, Mode: Clean PC Mode
Behavior Blocker: Auto sandbox unknown as Partially Limited
Sandbox: Empty

Firewall:
Enabled, Safemode

File Rating:
Enable Cloud Lookup

Do I need to add all of this to the original post to get this back into formatted?

EDIT: went ahead and added them anyways, also the debug log wasn’t attached, can’t attach .cfgx files, you might want to fix that on the forums.

[attachment deleted by admin]

Thanks for the further information, and we are very sorry you are still having this problem.

Thanks also for the .cfgx file. I agree that the forum should support upload of such files, but unfortunately I am not a comodo employee, so there are many things I cannot easily change.

To forward this we still need a screenshot of your full ‘watch activity’ process list, preferably taken when cavwp is misbehaving, and accessible under Advanced tasks ~ Watch activity.

Also if you have any cmdagent crash dumps from the last time it crashed, those would be very helpful, but not mandatory as you may not have them after re-installation. (Does it actually crash - ie disappear from the process list or does it hang?)

How to find these dumps is explained in the red links in the format, as is how to create the ‘watch activity’ process list.

Best wishes

Mouse

Alright. I see if I can get a screenshot, but I don’t know how to make this happen on demand. It may be another week or so before I see something similar enough.

Also, I’m basically just wating for cavwp to hit 50% cpu usage over a long period of time (preferably while doing something else, the onaccess scanner should be just waiting till I’m away to run, so odds are not great that the watch activity list will capture any interesting behavior.

Thanks very much.

By the way what makes you convinced that the high CPU from cavwp and the installation corruption are related?

Can you please check and see if this is fixed with the newest version (version 6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.

Also, note that all bug reports in the Non-Format section of the forum, which is where this report currently is, are not looked at by the devs. Thus, if the bug you were experiencing is still not fixed please edit your first post so that it is in the correct format (found here, with all required attachments, so I can forward this to the devs and get this problem fixed.

Thank you. PM sent.

Can you please check and see if this is fixed with the newest version (version 6.3.294583.2937)? Please let us know whether it is fixed or you are still experiencing the problem.

Also, note that all bug reports in the Non-Format section of the forum, which is where this report currently is, are mainly not looked at by the devs. Thus, if the bug you were experiencing is still not fixed please edit your first post so that it is in the correct format (found here, with all required attachments), so I can forward this to the devs and get this problem fixed.

Thank you.

PM sent.

Can you please check and see if this is fixed with the newest version (7.0.313494.4115)? Please respond to this topic letting us know whether it is fixed or if you are still experiencing the problem.

Also, note that all bug reports in the Non-Format section of the forum, which is where this report currently is, are mainly not looked at by the devs. Thus, if the bug you were experiencing is still not fixed please edit your first post so that it is in the correct format (found here, with all required attachments), so I can forward this to the devs and get this problem fixed.

Thank you.

PM sent.

As this has been in the Non Format Verified Board for at least three major version releases, without enough information to forward to the devs, I will move this report to the Outdated section.

If you are still experiencing this issue, and would like this to be forwarded to the devs, please edit your first post so that it is in the required format, and has all required files attached. After this please reply to this post, and send me a PM with a link to this report.

Thank you.