Hi there
I searched on this forum but didn’t find anything so am posting here and hope there is someone who has run into this problem and has a simple solution.
Have just upgraded (via in-app upgrade) from CIS v5.10.31649.2253 to 5.12.x where I was having a similar problem whereby when I launched some (but not all) apps that use the internet, the system would immediately crash. I figured this to be an issue with loopback on 127.0.0.1 (and didn’t pursue a solution other than to uninstall, then reinstall and update CIS). Only after uninstalling v5.x did this problem vanish so it was definitely Comodo screwing with the connection. Anyhow, that issue is no longer present as I am now on 7.0.317799.4142 and I have the following two problems (presumably unrelated to the above crashing issue):
- Whenever I adjust a setting in CIS, add a rule, allow/disallow an app etc, and click ‘OK’ on whatever window I’m on to confirm the setting change, the following happens:
- cis.exe runs at between 20-50% for a short while (normal) then drops to normal, then
- cmdagent.exe does the same thing as cis.exe, but then
-
Windows’ ‘System’ process (visible in Task Manager) goes to 50% CPU usage and sits there for anywhere from 4-6 minutes or thereabouts. Needless to say if I uninstall CIS this does not happen and that is because with Process Explorer, I see that the process in question, ‘System’ (PID 4), has a number of CIS-related threads running. The culprit, ‘cmdguard.sys+0x1f09a’, is taking up all of that 50% CPU usage. For a short periods the PC can be lifeless - especially when cmdguard.sys starts to ■■■■■ a fit.
Note: If I change, say the HIPS setting, via the main window (and not under ‘Advanced Settings’), the CPU spiking does not happen.
My system is a desktop, Win XP Pro SP3 32Bit, P4 3.0Ghz w/2GB RAM. No other security SW installed. Previous Kaspersky KIS removed a few years ago and cleaned up 100% with Kaspersky Labs’ own removal tool. I have CIS AV in stateful mode, the FW with both a few and multiple custom settings, Auto-Sandbox is set to Partially Limited.
CIS exhibits this problem:
- with HIPS enabled or disabled
- with the HIPS setting ‘Enable adaptive mode under low system resources’ setting checked or unchecked
- both when running fresh with no saved configuration or with any of my saved configurations
- with logging both on and off
Note that I can, using Process Explorer, hit the ‘Suspend’ button and it will suspend the driver and its CPU usage will drop to zero. If I freeze it for the time it usually takes to return to normal, it will resume at its last state, i.e; CPU usage at 50% and continue until it has run its normal course of eating up the CPU for the normal length of time. Obviously I cannot kill the process as access is denied.
The stack for ‘cmdguard.sys+0x1f09a’ is as follows:
0 ntoskrnl.exe!ExReleaseResourceLite+0x2b4
1 ntoskrnl.exe!IoGetRequestorProcessId+0x583
2 ntoskrnl.exe!ExAcquireSharedWaitForExclusive+0x171
3 cmdguard.sys+0x21370
4 cmdguard.sys+0x1f10e
5 ntoskrnl.exe!PsCreateSystemThread+0x70
6 ntoskrnl.exe!KeInitializeTimerEx+0x1e6
Also, this seems a bit weird…under its properties, on the ‘Version’ tab, it states the version number as 7.0.55655.4142 but under ‘Other version information’ it states the version as ‘7, 0, 317799, 4142 built by: WinDDK’ and ‘Product Version’ is 7, 0, 317799, 4142. Maybe it’s supposed to be like this. Who knows.
- The second problem is that a number of apps - PowerDVD is one - sit on 50% CPU usage as well when they load up. They unfreeze after about 5-7mins on average and I can use them without hinderance after they unfreeze. Sometimes the PC practically dies and becomes unusable.
I have downloaded the offline installer - CIS PREMIUM (5962_fe) which I see is v7.0.55655.4142 - and will perhaps try that after following instructions to the letter in this thread.
Presumably the ‘55655’ denotes a slightly newer version than the current 7.0.317799.4142 which I have installed. Is this correct and would it be worth trying this installer?
I will also try to turn the AV and HIPS off completely, reboot then see if the problem persists.
In the meantime, if anyone could help it would be great.
Thanks
Mednz
P.S: As I unfortunately am currently living in mainland China, I sometimes cannot access the forum as you guys have banned certain IP ranges presumably due to spammers, but I will endeavour to reply to any questions and post my results of a reinstall as mentioned above.