Comodo cyclic access to usb harddisk device prevent os software shutdown before physical disconnect
The bug/issue
What you did: use “Safely Remove Hardware” before disconnecting usb hard disk device
What actually happened or you actually saw: vista os says device in use
What you expected to happen or see: vista os to succeed safely remove hardware
How you tried to fix it & what happened: user unable to fix since cmdagent.exe is compiled code.
If its an application compatibility problem have you tried the application fixes?: comodo cis update on and already updated.
Details (exact version) of any application involved with download link: not applicable
Whether you can make the problem happen again, and if so exact steps to make it happen: yes. plug in any harddisk device, browser and copy to another directory with windows explorer, then use Safely Remove Hardware.
Any other information (eg your guess regarding the cause, with reasons): cmdagent.exe is cyclicly opening a handle to e:\ (usb device) to do windows system calls to “CreateFile”, “QueryNameInformationFile”, “QueryAttributeInformationVolume”, and “CloseFile”. cmdagent.exe does this 4500+ times in less then an hour session. This affect all usb storage devices plugged in and cannot do os software usb shutdown before disconnect.
Files appended. (Please zip unless screenshots).
Screenshots illustrating the bug: use of Process Monitor from sysinternals.com show me that cmdagent.exe is the cause of this problem. jpg capture of realtime monitor ui attached.
Your set-up
CIS version, AV database version & configuration used:
I am using CIS 5.0.163652.1142. Virus signature db is 6604.
I am using a “new build” on my awesome ssd boot drive. Please assume this time, all software installs are right after disk format.
Vista 64 business edition on nv52 gateway amd 4gb ram + sp2 updated
fresh install of Comodo CIS re-downloaded last month and update turn on and updated.
Other then core vista taskbar apps, I just have comodo from comodo.com and freedownloadmanager from freedownloadmanager.com. Both are awesome apps btw.
I swap os and put win7 on my desktop, so I put vista64 on my notebook. UAC is on, most other corporate services with domain controller is off or setup to manually. If you read bug report, it should not matter if UAC is on or off. But in case it does, all security settings are at default from fresh install.
Also before bug write-up, I disable comodo antivirus and disable comodo defense+ with comodo ui. Process monitor stills grows GROWS GGRROOWWSS with report of cyclic access from cmdagent.exe from comodo’s directory.
Can you reproduce bug on your computer right now? just plug in usb memory drive, use windows explorer to do a file copy activity on that newly plug in usb drive, close windows explorer, and run “Safely Remove Hardware” to remove the newly plug in usb drive. If “Safely Remove Hardware” fails then you just reproduce the bug.
a) Have you updated (without uninstall) from CIS 3 or 4, if so b) have you tried reinstalling?:
a, fresh install of cis 5, cis 3 or 4 not present.
b, no, have not re-install fresh install of cis 5 successfully.
a) Have you imported a config from a previous version of CIS, if so b) have U tried a preset config?:
a, no import done, just use standard default install config of cis 5
b, yes, preset config of default installation setting of cis 5
Other major changes to the default config (eg ticked ‘block all unknown requests’, other egs here. )
no major settings or changes to default config at install time. During runtime, changes were made in accordance with cis 5 runtime user interface.
Defense+ and Sandbox OR Firewall security level:
Answer was in the absence due to fact that bug report post can be reproduce on current cis 5 release version to conflicting with windows vista system software feature function call “Safely Remove Hardware”. If answer is still required, either setting of enable or setting of disable of either cis 5 feature function known as defense+ or of cis 5 feature function know as sandbox will allow bug report to be reproduce.
OS version, service pack, no of bits, UAC setting, & account type:
Answer was in the absence because reporting user assume reported bug is independent of the system software for reproduction of bug by another user. The nature of the bug does not seem to be specific to the operating system software that CIS 5 was design to run on. What more can I say from the beginning with “Answer was in the absence” without words? User finds communication is two way when it comes to posting a bug report on a forum. If moderator is insistence on specifics, exact keypress type and sequence is of keypress during installation of CIS 5 and installation of windows VISTA is also important because of user error. Those questions werent asked. knock knock, Hello? who’s there? me orange? Orange who? Aren’t you (orange) going to open the door and beat me up?
Other security and utility software running:
no. Just comodo cis 5 for security. I minimize use of vista firewall and defender as best as I can…my computer is not that fast…old…not new…okay see?
Virtual machine used (Please do NOT use Virtual box):
no software virtualization of hardware involve. This setup complies with Intel Computing model that technology companies use to sell their x86 related products for people like me to do computing. Thus follows is a table that illustrate computing configuration in use prior to posting this bug:
hardware: gateway laptop nv52, 4gb ram, ssd boot drive
system software: windows vista 64 business edition with sp2
application software: Comodo CIS 5
Post moved to Orphaned/Resolved/Outdated Issues - CIS, I am sorry but I cannot ask or expect the Staff to read a bug report like this.
I am sorry you feel unable to follow the required Format which was chosen to provide all the necessary information that is possibly required in a easy to read way in one post.
If in the future you feel able to post a concise and accurate bug report in the required Format please do.