Comodo Internet Security / Cavwp Abnormal High CPU Load. Please Help???

A. THE BUG/ISSUE (Varies from issue to issue) [list type=decimal]

  • Summary - Give a clear summary in the topic subject, NOT here.
  • Can U reproduce the problem & if so how reliably?:
    Every single time the system went back up I get the same High CPU Usage Problem
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    a: System up, Noticed the high CPU Usage via ProLasso and Task Manager
    b: System goes down – SLEEP MODE.
    c: System goes back up when needed, same high CPU usage, via ProLasso and Task Manager
  • If not obvious, what U expected to happen:
    Obvious
  • If a software compatibility problem have U tried the conflict FAQ?:
    NA
  • Any software except CIS/OS involved? If so - name, & exact version:
    NA
  • Any other information, eg your guess at the cause, how U tried to fix it etc:
    using ProLasso to take down CPU cores affinity from 7 cores to 2, for cavwp file. System has never been fully rebooted or shutdown for over a week. [/b][/color] I’m using sleep-mode, which is similar to hibernation mode.

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)

  • Exact CIS version & configuration:
    CIS 6.3.302093.2976 - database version: 17784
  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
    All modules enabled
  • Have U made any other changes to the default config? (egs here.):
    Complicated, so a config file is attached.
  • Have U updated (without uninstall) from a CIS 5?:
    No
    [list type=lower-alpha][li]if so, have U tried a a clean reinstall - if not please do?:
    NA
    [/li]- Have U imported a config from a previous version of CIS:
    No
    [li]if so, have U tried a standard config - if not please do:
    NA
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
    OS - Windows 8.1 Pro 64 bit, UAC disabled, account type - Administrator, not a VM
  • Other securitys’box software a) currently installed b) installed since OS: a=Malwarebytes Paid and SuperantiSpyware Paid b= None
    [/list]
    [/list]

Enclosed now also added the Comodo AutoRun Analyzer Report, in addition to Comodo Diagnostics Report
Enclosed now also added the FRESH Comodo AutoRun Analyzer Report, in addition to Comodo KillSwitch Report

[attachment deleted by admin]

Does it use this high of CPU at all times, or only during a scan or update?

Also, do you have any other security or maintenance software installed on the computer? If so please name them.

Thanks.

Thank you for the rapid response…

Nope, it just started last couple of days, regardless if it scans/update or not. just by being loaded in memory I guess
.
SuperAntiSpyware/Malwarebytes are both present, BUT NEVER had any conflict with ANY of Comodo’s suits.

I did Skype update, from an MSI package tho, which caused me to re-register Windows installer, and it still won’t load Skype on startup. Unsure if those are related as per the windows dll re-registering.

With Utmost Respect,
Me.

Okay, to get a better understanding of this issue, and to forward it to the devs, please edit your first post so that it is in the format provided here. Just copy and paste the code. Then put your responses after the colons.

Let me know if you have any questions. I am absolutely willing to help.

Thanks.

Did even better, I hope… I made the description look like Q&A, in the manner that I saw in the links you have provided.
That said, please note that, in the last week or so, I stopped doing a full system shutdown and instead opted to use sleep-mode, so the system could start back up, on its own, at a designated pre-defined time.

Another issue, is if I try to completely uninstall, I lose the connection ALTOGETHER. Only after re-installation, I am to get the connection back (in other words, like a catholic wedding, if I opted to use a diff antivirus, I can’t, since once Comodo is uninstalled - I do NOT have any web connection or surfing ability whatsoever). – That basically ‘forces’ the consumer, to ‘get stuck’ with a product, if they ever wished to replace it with another. (needless to say that apart of it, I am VERY satisfied from your product and always praise it to others).

ProLasso, is a process priority optimization and system automation utility. Priority optimization, affinity optimization, core optimization, automated rules, automated power profiles; you name it, and Process Lasso does it!
Anyway, Here’s the Report, and I hope it’ll be satisfactory for both issues… << taken from website description, and is being used as well. (link including Description: Bitsum. Real-time CPU Optimization and Automation ).

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Comodo Internet Security / Cavwp Abnormal High CPU Load.

  • Can U reproduce the problem & if so how reliably?:

  • Every single time the system went back up I get the same High CPU Usage Problem:

  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    a:System up, Noticed the high CPU Usage via ProLasso and Task Manager
    b:System goes down – SLEEP MODE.
    c:System goes back up when needed, same high CPU usage, via ProLasso and Task Manager

  • If not obvious, what U expected to happen:

  • Not applicable:

  • If a software compatibility problem have U tried the conflict FAQ?:

  • No compability issues has been found as far as my checks:

  • Any software except CIS/OS involved? If so - name, & exact version:

  • 1. MalwareBytes. Ver. 1.75.0.1300, build date: 04-apr-13:

  • 2. SuperAntiSpyware Ver. 5,7,0,1018:

  • Any other information, eg your guess at the cause, how U tried to fix it etc:
    [/ol]

  1. using ProLasso to take down CPU cores affinity from 7 cores to 2, for cavwp file[/list]

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)

  • Exact CIS version & configuration:

[li]Product Version: 6.3.302093.2976 - database version: 17784

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:

  • 1. Enable HIPS, for everything (defaults), for safe mode.:

  • 2. Auto sandbox ON for partially limited. (on the behavior blocker all options are ticked ON basically:

  • 3. Firewall (option ticked OFF).:

  • A.Create rules for safe application .:

  • B.Set alert freq… .:

  • C.Set new on-screen… .:

  • D.Block fragmented IP traffic .:

  • E.Do protocol analysis .:

  • 3. Firewall (option ticked ON).:

  • A.Enable firewall .:

  • B.Do not show popups… .:

  • C.Enable trustedconnect - for Unsecured wireless network only… .:

  • D.Turn traffic animation effects .:

  • E.Filter IPV6 traffic .:

  • F.Enable anti-arp spoofing .:

  • G.Filter IPV6 traffic .:

  • H.Filter IPV6 traffic .:

  • Have U made any other changes to the default config? (egs here.):

  • As per mentioned above, ALL OTHER options, have been left as is :

  • Have U updated (without uninstall) from a CIS 5?:

  • No:
    [list type=lower-alpha][li]if so, have U tried a a clean reinstall - if not please do?:
    [list type=lower-alpha][li]Have tried full CLEAN reinstall:
    [/li]- Have U imported a config from a previous version of CIS:
    [/list][/li]- No:
    [li]if so, have U tried a standard config - if not please do:
    [list type=lower-alpha][li]Not applicable:
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
    [/list][/li]- OS - Windows 8.1 Pro, SP - Not Applicable, 64 bit, UAC setting - Completely Disabled, account type - Administrator, V.Machine used - Not Applicable:

  • Other security/s’box software a) currently installed b) installed since OS: a= b=

  • Not Applicable: a= b=

With Utmost Respect,
Me.

My instructions may have been confusing. If you just copy the code and hit preview you will see that it looks very similar to the post you created. However, it is slightly easier to follow. As my instructions were confusing I edited your first post into that format. Please look it over and make sure I have not made any mistakes.

Also, there are a few things which are requested. One of these is because your configuration is so complicated. Can you please export your configuration, put the configuration file in a zip file, and attach it to your first post? If you have any questions about how to do that please feel free to ask.

Also, are the versions of Malwarebytes and SuperAntiSpyware you have installed the free or paid versions?
In addition, can you please let me know all of the anti-malware software which used to be installed on your computer, but are now removed? This is especially important for an issue such as this.

Also, can you please attach a diagnostics report and KillSwitch Process List (Created while you are experiencing the problem) to your first post? If you have any questions about how to do this please feel free to ask.

Thanks.

Thank you for editing your first post. I moved some of the information around. However, some more pieces are still missing.

I still need a list of all anti-malware programs which used to be installed, but are now removed.

Also, I did not see a diagnostic file attached to your first post. To create this Open the main CIS GUI. Then left-click on the question mark icon. From the drop-down menu Select Support and then Diagnostics. This will run and give you the option to create a diagnostics report, which you should then attach to your first post.

I also need the KillSwitch Process List, which can be created by flipping the main screen to the tasks side. Then go to the section for Advanced Tasks and click on Watch Activity. This will offer to download and install KillSwitch. Allow it. Then, after it is open, click on the menu called KillSwitch. In this select “Save Current View”. This will save the file with your current running processes, which you can then put in a zip file and attach to your first post.

Let me know when you have been able to create these by responding to this topic.

Thanks.

All requested info, has been added to first post.
Also included the Autorun Analyzer Report as well. Which also showed mixed content about trusted and unknown file ratings.

THANK YOU so very much for your patience with me, and for the time you invest. That is greatly appreciated, true professionalism.

Do you think, I should also just set aside, the sleep mode for a sec, and initiate complete full shutdown and restart, since the system really actually “pause and continue” from where it was “powered down” by sleep-mode? Can it be as simple as that?

The MalwareBytes, Comodo, SuperAntiSpywere, are the only one being installed when I get a fresh system up, I have no need for others, So your product does an outstanding work.

P.S:

As noted now in first post, I trust Comodo implicitly. this is the first thing on my mind to put when installing ANY system, and never permanently removed. (which, again, it cannot be removed here anyway, cause if it is, even for a reinstallation procedure, for some reason, and I have no idea why, it will prevent ANY time of ISP/Web connection ALTOGETHER) - which should probably be reported as a bug of it’s own.

With Utmost Respect,
Me.

Thank you for attaching these. However, the Process List still is not attached, at least as far as I can tell. This will be able to tell the devs exactly which processes are running during this time. This can be created by flipping the main screen to the tasks side. Then go to the section for Advanced Tasks and click on Watch Activity. This will offer to download and install KillSwitch. Allow it. Then, after it is open, click on the menu called KillSwitch. In this select “Save Current View”. This will save the file with your current running processes, which you can then put in a zip file and attach to your first post.

After creating this I think it’s a good idea to try restarting the computer. Then, observe the behavior of CIS. If everything seems fine then we’re on the right track. In that case treat it like you did before and see if after a while the problem returns.

Please attach the file and then see what effect restarting has.

Thank you.

Hi,
Added the files requested. In the zip file, there are 2, fresh killswitch files containing the processes and programs.
1 (COMODO KillSwitch.csv) Was just saved as is, the second (COMODO KillSwitch2.csv) was saved with “current
view” option as well, whereas I also expanded the services tab too.

Also enclosed a fresh copy of the Comodo AutoRun Analyzer file as well.

I will reboot and will render the findings/results/comparison between the before and after performance as well. If it won’t be during the next couple of hours, will do it first thing in the morning.

Thank you kindly for all the efforts and time… if there is one thing I can say is, I wish other companies had the same professionalism and willingness to help as you and the product you stand for.

With Utmost Respect,
Me.

No problem. Let me know what you find with the restart.

Also, and I’m not sure if you’ll find this to be a good thing or not, but I do not actually work for Comodo. I am a volunteer moderator. Comodo has given me the ability to process these bug reports and, if they are found to be replicable and actual bugs, I can add the information into a tracker program which is viewed by the devs. Thus, after I forward this report to the devs you are largely in the hands of Comodo staff. However, I am not actually staff myself. Sorry, just wanted to make sure there were no misunderstandings.

Let me know what you find or if you have any questions.

Thanks.

After a complete and full shutdown (NOT just relaying on waking up from hibernation or stand-by/sleep mode), it seems that cavwp.exe cpu utilization has gone down to between 0% to 3%, through Windows Task Manager. Stable, so far.
I don’t know why i didn’t think about it till now, doing a simple normal FULL shutdown that is.
Seems that, so far, the specific problem for this topic/thread, seems to have been solved - for now.
Maybe, a small edition for it is to automatically reset/refresh itself, if it detects a stand-by wake-up, instead of a full, normal reboot or shutdown.

One last issue remains. Comodo integrates into the networking, in such a way, that when it comes to high (cable connection) bandwidth speed, that has no dialer and is permanently on by default, it will cause the connection to be permanently gone/disabled IF Comodo needs to be updated/upgraded, or temporarily removed for whatever reason (including for the purpose if a simple fresh re-install). There is NO way, whatsoever, to connect to the internet AT ALL. That also forces the consumer, to get “stuck” with one’s product forever (could be something worth thinking about - in the way it incorporates its network into the system).

I hope you can have them updated on that issue, for it to maybe be addressed in the future.

I’d like to thank you for your time, effort and patience as well. You shade a good light on Comodo.

I have yet to discover how to mark this topic solved/locked though…or I would have done so.

With Utmost Respect,
Me.

That’s great to hear this fixes it. Please let it run without restart, like you did before, and see if the problem returns. If it does let me know (before restarting it). There may be another file which would be helpful for the devs, assuming it happens again.

I don’t think I’m entirely understanding you about this. By default Comodo Firewall will block the connection until it is able to filter the traffic. This is intentional to make sure nothing bad can sneak through. Is this what you are describing, or is there another issue?

Thank you.

No need. For a few days I’d like to leave it where it is. If the CPU does end up throttling to that high of a percentage if left without a restart I would classify that as a bug, which is therefore worth reporting. Thus, please let me know if the CPU still throttles if left without a restart for about a week or so.

Thank you.

Has the CPU use skyrocketed again yet? Have you noticed anything wrong?

Thanks.

Sorry for the late response.

I have tried a few days going with the suspend/stand-by mode as suggested. So far, it remain stable and the CPU usage, went down.

I’ll make note to myself, to make a FULL shutdown and restart, at least once every once in a while.

So far the high CPU usage, did not reproduce :slight_smile:

Thank you so very much for everything you have done.

The only thing remains, is that maybe they can check, why once installed, if it were to be even just temporarily uninstalled, it will disable the entire connection, with no ability to even making a new one, till it’s reinstalled/updated. (at least when it comes to permanent high connection bandwidth, with no dialer).

Otherwise, this post can be marked closed/solved (if only I knew how).

Kind Regards,
And With Utmost Respect,
Me.

I’m not entirely understanding this issue. Do you mean that if CIS is removed your internet connection does not work unless CIS is reinstalled? If so, that is certainly not intended behavior.

Yes, it is so.

Once Comodo is removed, EVEN for the sake of reinstalling, Once the reboot is done (actually, the connection is lost when the uninstallation procedure is initiated), there is NO internet connection available whatsoever. NO way of creating a new one either.
Even if I reset DNS, DNS cache, Full ipconfig reset, no go, doesn’t work. once Comodo is back on, once it reinstalls the drivers, on the reboot, the connection is back, as if it has never disappeared.

So once Comodo was installed (as I always install on each and every OS I have), it’s like a catholic wedding, has to be on, till “death”… giving no options to retain internet connection at all, if removed.

With Utmost Respect,
Me.

This is certainly not expected behavior. It sounds to me like the driver is likely not being removed. Please try reinstalling CIS by following the advice I give in this post. Be sure to also check the drivers after rebooting into Safe Mode. If I am right you will likely find a driver left over, which should have been removed. Remove it.

Then boot into normal mode and reinstall CIS. I think you will probably see that after that the internet works correctly for subsequent uninstalls.

However, please check this and let me know what happens.

Thank you.

So far, since apparently the low CPU usage hold, going through the uninstall, reinstall procedure, will be time consuming, while, for the moment, finally, it seems ok.

So my thought are… to keep it as is, for the moment, till such time that I may “have” or be bound to do so. I can wait till there is
a new version of the suit, and then, instead of trying to “update/upgrade”, to follow the steps mentioned for a complete removal
as advised, and see, if following the steps, restores the connection, and then reference on a new post, the link to this post as well.

I have also saved both links and downloaded the removal tools as well. If there was and all-in-one tool, specifically made, to
forcibly automate a “remove on boot” of all drivers in question (integrated, or not, into the uninstaller), instead of all the reboots
currently needed to be taken, that would really make a significant improvement (but that’s just my opinion).

<< Just trying to follow the " don’t fix what ain’t broken " mind of state, as long as it’s finally seem to be in a stable working
condition again. Uninstallers, by nature, should impose a full drivers removal and previous settings reset, so maybe, future installations, can save the networking settings prior to the change, like in a quick snapshot, and then upon removal, to reinstate them (just a humble suggestion).

It is clear to me, that unlike many other technical help-desk ppl, you are one of the more, if not best professional person, in both your patience, dedication, willingness to help and level of expertise. ;D

With Utmost Respect,
Me.

Okay, in that case I think I can move this report to Resolved.

However, if the CPU issue returns please see my above advice as to what information is required in order for the devs to study and fix the problem.

As for the probable driver issue, the uninstaller is supposed to remove all of these drivers without requiring a reboot. However, as with all software, sometimes everything does not go as planned. That is why nearly all security software (which will always nestle itself as deep within the computer as possible to resist removal until the right time) also have 3rd party removal tools. This is sadly a common problem, although usually the internet connection still works afterwards. Also, I advise so many reboots to save you time. Technically you do not need to do any of it in Safe Mode. However, if you don’t I often find that not everything is removed and users thus have to do more work. That’s why I advise so many reboots.

Let me know if you have any questions.

Thank you.