Hello.
After updating to Comodo Firewall standalone 10, my second internal drive wakes every now and then from sleep. Since i don’t want to ruin the drive by on and off every few minutes, i used sysinternals process to see what happens.
It seems the Comodo cmdagent.exe accesses all the time my drive D:. Not sure why. I have nothing but a backup in there.
Any ideas ?
See the capture.
Thanks
No replies from what i see.
Still, google reveals that several people report that for older also versions of Comodo.
I would just keep the drive unplugged and plug it in only when you are doing a backup. That should fix the problem, and it’s safer that way because in the case of ransomware, they may also encrypt files on external drives if detected. So if Comodo fails against ransomware or other malware (unlikely but nothing is 100% foolproof), then your backup also runs a considerable risk of being infected.
EDIT: Now I know you can still use some utility to block access to the drive, but it still isn’t better than simply unplugging it imo. But if you insist on using something like that, you might want to see if it is the culprit to your drive waking up by Comodo.
The drive is used for automated backup every night via Macrium Reflect. So i can’t unplug anything.
Also the real question is what is exactly comodo doing ? What triggers all that.
see my attachment
check virusscope settings and make sure that “monitor only the applications in the container” is on, I honestly don’t know what else in Comodo that is causing this. I will check out Macrium Reflect to see if there is anything that could potentially trigger that activity.
Do you observe this behavior only if Macrium is installed and running? Do you observe this behavior only if Comodo is installed? Need some clarification, because it is unclear whether this activity shown in your screenshots actually wakes the drive up or not. I know avast had some issue with this Macrium program not too long ago, could be a software conflict. It is possible that this can be caused by Macrium Reflect alone and Comodo is just monitoring the activity. Or Macrium is doing something that is causing Comodo to wake up the drive. Or comodo itself is randomly waking up the drive, need to know which of the three is the cause.
Anyways, go to task scheduler and view all of the attributes of the Macrium Reflect Task, maybe check to see if things like “Run whether user is logged on or not” or “Wake the computer to run this task” may possibly cause Comodo to interfere, and experiment by turning those off to check conflict. Perhaps the tasks cause the drive to wake up, or the task does something which triggers Comodo’s attention. I don’t see any settings in Comodo that could disable this behavior. I can’t help you much more atm b/c I am not familiar with Macrium Reflect.
Macrium has nothing to do with it, i mentioned because of the nature of the backup.
And the drive wakes up allright, because it is a WD Black 2TB and it is loud.
have you checked to see if Comodo Firewall alone without macrium causes the drive to wake up? if it is then it is a Comodo bug, if it is not then it is a possible application conflict.
but if you are sure it is caused by Comodo, in that case you should file a bug report. I can only make random guesses as to what actually goes on with Comodo waking up the drive. I doubt my guesses will get anywhere useful.
Ok, i think you are confused right now.
If i hover in proccess name column showing cdmagent.exe it shows the full path and program of Comodo. So it IS Comodo doing this. No doubt about it.
The question is why and maybe what makes Comodo to do this. Some sync maybe ? Because if you see my capture, you see Desired Access: Syncronize.
Please forget Macrium, it has nothing to do with it.
I have included the whole command path etc etc so it is more clear.
i can’t answer this question any better than you can
you should try disabling comodo components and see if you can determine which component is causing it
Are you sure it is caused by CFW? I get such operations with various apps. Try to uninstall CFW.
By the way, you could unmount/mount mentioned drive to avoid the hassle.
There is a problem with Comodo installed. Some drives are waken from Comodo and some are blocked from ejecting.
Example:
The application \Device\HarddiskVolume2\Program Files\COMODO\COMODO Internet Security\cmdagent.exe with process id 2384 stopped the removal or ejection for the device USB\VID_18A5&PID_0412\555552125500009.
Not sure why Comodo agent deals with external usb drives.