I was having a problem with my computer not releasing non-paged memory (it took me forever to get to that conclusion and then to find the culprit). I used poolmon to see what driver was not releasing the memory and it turned out it was something called the Remote Storage Port driver, poolmon tag-Rptr. Internet searches on this information yielded nothing. But on another forum someone had a similar problem and had narrowed it down to the anti-virus or firewall programs they were running. They uninstalled each one and then checked poolmon to see if the offending pooltag and memory loss had stopped. I did the same thing and it turns out that it was Comodo! It was consistently running 120-122K of non-pooled memory which was why I thought it was the culprit, and it turned out to be the one. I really like the program though and was wondering why this was happening and what the Remote Storage Port driver was for (the other strange thing is that searches of the computer didn’t find the driver file, named rstorptr.sys.
cmdagent consumed up to 48,000,000 non-page pool up until system freezes 8 days after fresh boot. This problem is consistant disabling CIS and the non-paged vs. paged kernel memory stays well below the paged roughly 1/4. Serious memory leak apparent. Any ideas?
Having a similar problem with cmdagent…consumed 48,000,000 non-paged pool until system freezes. Why haven’t they addressed this problem with memory leak yet?
I reported the same leak issue in this thread → https://forums.comodo.com/comodo-endpoint-security-manager/memory-leak-in-cesm-v151-t59182.0.html
They say they are “looking into it.”
jaaduke, I’ve only redirected you to this forum thread.
According to you feedback, problem is in CIS product, so it will be investigated by CIS team.
Thanks.
For what it’s worth, I have duplicated the problem on a different server with the latest version of CIS, so the leak occurs with both the v1.5 AND the v1.6 versions. The common thread seems to be that both servers have both CIS AND Oracle DB and application server.
Based on information from the poolmon utility, it IS however the CIS product that is leaking non paged pool memory and NOT any of the Oracle products.
I am using Windows XP Pro with Comodo Firewall Free 4.1.150349.920 running Firewall and Defense+ components only (not the Antivirus) in a fairly paranoid mode. I was seeing this same issue after about 24 hours of uptime: My System Event log was filling with Event ID 2019 “The server was unable to allocate from the system nonpaged pool because the pool was empty.” and the system was unstable/halting.
I have found by trial and error (and monitoring with poolmon.exe the process tagged 'Rptr’s steadily increasing Diff between Allocs and Frees) that the unreleased nonpaged pool memory for ‘Rptr’ does not increase at all if I disable from the Defense+ Monitoring Settings ‘Protected Registry Keys’ in the ‘Objects To Monitor Against Modifications’ section.
Thought the info may help those investigating, or suffering the issue.
Thanks, we will take into account your case.
This still seems to be a problem. I am using windows XP Prowith Comodo product version 5.0.163652.1142. After several days my system is frozen with event log error message 2019. Any update would be appreciated, as I cant continue to use product if it continues to kill my computer.
thanks,
blu…
This topic moved to format verified, without a standard format bug post as the topic predates the reporting criteria.
If any one would like to do a report in standard format it would be greatly appreciated however.
I will add this to the mods bug tracking system too, [Edit] if there is another report for version 5.
Mouse
Hi.
I am run Comodo Firewall Version 5.9.219863.2196 on Windows XP SP 3 (Version 5.1.2600 Service Pack 3 Build 2600) and see big memory usage from nonpaged pool.
Rptr Nonp 132293 20475 111818 181638904 1624 [cmderd][cmdGuard][cmdhlp][inspect]
This ~ 181 MB (181638904) and limit nonpaged pool on my computer is 262 144 KB.
Computer work as mini server. It has dchub, web and ftp servers.
Sometimes in computer event log appears event with id 2019 (The server was unable to allocate from the system nonpaged pool because the pool was empty.). Last time - 16:00 23.01.2012.
Log poolmon for 15:00 23.01.2012:
Tag Type Allocs Frees Diff Bytes Per Alloc Mapped_DriverRptr Nonp 733912 604889 129023 202055496 1566 [cmderd][cmdGuard][cmdhlp][inspect]
Proactive security is fully disabled (by check box and reboot). Run only Firewall. As Antivirus I use Avira Antivirus Personal.
PS my native language is Russian, sorry for bad English.
A. The bug/issue
- What you did:
Nothing. - What actually happened or you actually saw:
Very big memory usage by pool tag Rptr. Part of log poolmon_28.01.2012_ 6_00_03,63.log:
Tag Type Allocs Frees Diff Bytes Per Alloc Mapped_Driver
Rptr Nonp 179173 112287 66886 101461400 1516 [cmderd][cmdGuard][cmdhlp][inspect]
Total Nonp 1953236979 ( 0) 1952866665 ( 0) 370314 134434448 ( 0) 0
Total Paged 1196770158 ( 0) 1196576055 ( 0) 194103 108228080 (36772864) 0
- What you expected to happen or see:
Number small then 20MB. Not 100 MB (101461400) or over. In columns Bytes. - How you tried to fix it & what happened:
Update to last version. Does not fix problem. - If its a software compatibility problem have you tried the compatibility fixes (link in format)?:
Its not software compatibility problem. - Details & exact version of any software (execpt CIS) involved (with download link unless malware):
Antivirus: Avira Free Antivirus ( Avira Free Antivirus for Windows free download ) - Whether you can make the problem happen again, and if so exact steps to make it happen:
The problem arises spontaneously. The exact cause is not found. - Any other information (eg your guess regarding the cause, with reasons):
Computer work as small server with dchub, web- and ftp-site. This create some network activity.
~100-300* outbound connections
~2000-3000* inbound connections
- Data based on first tab CIS application.
B. Files appended. (Please zip unless screenshots).
- Screenshots of the Defense plus Active Processes List (Required for all issues):
http://dl.dropbox.com/u/59346227/comodo_active_process_list.png
- Screenshots illustrating the bug:
http://dl.dropbox.com/u/59346227/comodo_memory_usage_all.png
http://dl.dropbox.com/u/59346227/comodo_memory_usage_week.png
After last data on this graph computer has three 2019 Events in System Event Log and hangs. No reports or BSOD. Fully hangs. Run after manual reset by button “reset”.
3. Screenshots of related CIS event logs:
N/A.
4. A CIS config report or file.
N/A.
5. Crash or freeze dump file:
N/A.
6. Screenshot of More~About page. Can be used instead of typed product and AV database version.
http://dl.dropbox.com/u/59346227/comodo_about.png
http://dl.dropbox.com/u/59346227/comodo.zip - Summary data for create graphs. Include information based on 411 logs. Excel 2003 format.
C. Your set-up
- CIS version, AV database version & configuration used:
5.9.221665.2197 - a) Have you updated (without uninstall) from from a previous version of CIS:
yes
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
no - a) Have you imported a config from a previous version of CIS:
no
b) if so, have U tried a standard config (without losing settings - if not please do)?:
no - Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
Fully disabled Defense+. - Defense+, Sandbox, Firewall & AV security levels:
D+= Inactive, Sandbox= Inactive, Firewall = Safe Mode, AV = Inactive/not applicable. - OS version, service pack, number of bits, UAC setting, & account type:
Windows XP SP 3 (Version 5.1.2600 Service Pack 3 Build 2600) x86, Administrator. - Other security and utility software currently installed:
Avira Free Antivirus - Other security software previously installed at any time since Windows was last installed:
Outpost Firewall Free Version - Virtual machine used (Please do NOT use Virtual box):
No.
Thank you very much for your report in standard format Enyby, it is much appreciated.
Just to elimate one possibility, would you be kind enough to re-try your measurements with Avira uninstalled? (Preferraby using a forced uninstaller though that’s not essential). They are listed here. This is just to eliminate the possibility that CIS and Avira are fighting each other.
Then I’ll PM the development team to see if we can get some feedback.
Best wishes
Mouse
Avira work only as antivirus. Others functionals disabled.
I am try to uninstall her.
Thanks Enyby, I appreciate it.
(They can interact even with all functions disabled)
Best wishes
Mike
Without Avira:
poolmon_02.02.2012_ 9_00_03,82.log: Rptr Nonp 250373 150463 99910 154333512 1544 [cmderd][cmdGuard][cmdhlp][inspect]
poolmon_02.02.2012_10_00_13,93.log: Rptr Nonp 257706 150463 107243 167650240 1563 [cmderd][cmdGuard][cmdhlp][inspect]
poolmon_02.02.2012_11_00_09,47.log: Rptr Nonp 261990 163057 98933 152549240 1541 [cmderd][cmdGuard][cmdhlp][inspect]
Situation not changed. It’s not conflict with Avira.
Thanks for checking I’ll PM a dev on Monday.
I wonder if this happens running anything else but Oracle?
Best wishes
Mouse
Thank you.
That happen? None of the product Oracle, with the exception of MySQL, which has already bought Oracle, on this machine is not working.
Thanks for feedback
Mouse
Hi guys,
Thanks for your kindly help.
I have read the issue, but we can’t reproduce the issue.
Please guys who encounter the issue help me to do a test with the attached file.
If you reproduce the issue, please contact me ASAP! my MSN: greenfield_wang@hotmail.com
The unzip pwd:cmdo.
Thanks,
Rick ■■■■
[attachment deleted by admin]