comodo has confilcts with explorer

everthing was fine until eplorer.exe was hogging 100% cpu usage so i started unistalling things to see what was cause conflictions,comodo is the programme that is conflicting.uninstalled reinstalled then it started gain any help would be an advantage

Hi danmiluk, welcome to the forums.

Your post grabbed my attention… Firstly, I’ve not previously heard of CFP causing any such conflict with explorer.exe.

A barrage of questions:

What’s your Anti-Virus app?
What version of CFP do you have?
What’s your OS?
Is explorer.exe always grabbing 100% CPU?
Is explorer.exe responsive to your commands?
What happens when CFP is set to Allow All, does explorer.exe still spin?
What is your Internet connection?
Do you have a LAN?

anti virus= avg fully updated
cfp ver= 2.4.18.184
os= wins xp sp2
no only if cfp installed
yes if cfp not installed
can’t do anything if cfp is installed
Lan
vigin broadband

I’ve ran spybot,adware,avg antispyware,avg anti virus all with cfp uninstalled cpu usage sit between 0-25 % nothing in any these,all updated then run,
ran cc cleaner& reg cleaner nothing unusual to report there either also had a look at my hjt log nothing unusual in there either .
So after all that which has taken me a while, I thought right,good to re-install did that then,cpu running ok then cfp starts to lod cpu usage 100% again,so i’m totally stumped,i’ve been using cfp for ages know with no problems until this morning then this happens.i’m on the laptop cause i’ve had to unplug the pc with no firewal

any help to get this prob sorted would be great
thanks

OK… I’ll come clean. I am concerned, but I didn’t want to cause panic & it may not be anything harmful (which it probably isn’t given the scans you’ve run). My first response was that I suspected explorer.exe was consuming loads of CPU because it was trying something (repeatedly & rapidly) that CFP was denying it by default.

Did you check CFPs Log (Activity tab)?

Also, with CPF installed it would useful to know if explorer.exe still spins with CPF set to Allow All (on Allow All, CFP is, effectively, disabled… not wise to leave in this state for any length of time).

AVG: AVG gets a mention in CFPs Help (the only AV that does)… but, that is for its email scanning (invisible connections need to be allowed I think).

LAN: Did you set-up a Trusted Zone in CFP for the LAN?

I can’t get it to do anything at all as soon as it starts to load now its doing my head in.going to keep on trying different eays of getting this

If you reboot into SafeMode, CFP will not be running. However, it is possible that you can still access the GUI and make the change to Allow All. Might give that a try.

LM

hi,

not any remembers anything all time.

try sysinternals, procview, so its explained what hook leeches.

Mike

since sysinternals is MS, might another know good one

I’ve managed to get it running but only if i stop it at start up.now i can’t turn on application monitor,component monitor,network monitor,application behavoir analysis.although i have blocked all on i can still access the internet i don’t ehat to do now.

meier12 i can’t makeout what you are trying to say

cheers

hi,

you posted explorer.exe is 100% running.

go to www.sysinternals.com get procview, thats a system hook analyzer.

because if explorer runs 100% its might not cfp related but just machine is slow as snake.

Mike

hi went on to the www.sysinternals.com get procview i get redirected to microsoft page then cant find proview.i don’t think it a hook up cause when comodo is uninstalled( theres another issue) pc runs fine???

That was the other part of Mike’s post (that you didn’t understand) - sysinternals became a part of MS (in the last year or so - I don’t remember exactly when), in the TechNet section. A more direct link would be: http://www.microsoft.com/technet/sysinternals/default.mspx
I think he’s probably suggesting Process Monitor (the names sometimes change a bit…) which you can find in File & Disk, Process, or System Information Utilities.

BTW, it is very common for security applications (like AVs and FWs) to install deep into the core of the system, as this allows them a higher level of control, reduced resource consumption, greater defenses, etc. Unfortunately, due to the way the system operates, this can sometimes cause conflicts. This is part of the reason for utilizing SafeMode to install or uninstall such applications - it’s not a cure, but it can help.

LM

go the file process monitorbut it keeps comming up with unable to load process monitor device driver/i’m going to try & download it again

its not as if i’ve not been using cfp before i had this for ages without any hitches

I know… that’s the really strange thing about it!

What other security applications, asides from CFP & AVG, do you have?

Mike (meier12)

You’re running 2.4… does 2.4 detect & prompt for PROCMON10.SYS when you run Process Monitor?

If so, this might be a problem for danmiluk. Since, I assume, CFP will be unable to prompt for that & will not allow Process Monitor to run as a result.

hi,

kali procmon10.sys is no actice handle of explorer.exe.

might you can tell source name or else to search for, i used procmon and procexplorer,

Mike

Mike

PROCMON10.SYS is a dynamic device driver deployed by ProcMon. When ProcMon is executed, it is deployed, loaded & then deleted. The loaded driver remains with ProcMon whilst its running.

re,

ah a misunderstanding, i thought procmon10.sys is a trace of comodo related to the post here explorer uses 100%,

it might be possible since this a ms tool it dont show up, do you have memory entries?

i mean you can use in procview the SEARCH and it should appear.

sorry for misunderstanding :slight_smile:

Mike

PS: i think i could debug such, but you know procview tells you its protected, might not usefull to post here?

re,

pure theory, if this .sys loaded like a .com with service ability,

would comodo notice if that “memory part” gather inet access?

Mike

Mike

You’re missing the point & running waaaay off topic. Question: Does CFP 2.4 detect & prompt for PROCMON10.SYS when ProcMon is executed?

If you want to ask questions or read about ProcMon then here’s the best place.