Computer startup speed


I’ve installed CIS 6 yesterday, and after a rather hard time removing 5.x I succeeded. The new version ran nice and barely had an impact on system performance. I had acces to my desktop (after password entry) in just under a minute. After installing CIS6 everything was rather fine, at the beginning my startup speed wasn’t affected. Now it takes much more than a minute and nearly 3 minutes for comodo CIS 6 to load. I don’t realy care about the startupseed of window, but I’m realy concerned about the slow startup time of my AV. Whilst it was loading up I managed to download the EICAR virus test file and CIS 6 failed misserably in blocking it. Only after waiting untill the widget showed up AND doubleclicking it the alarm went off.

I’m a little bit doubting on a reinstall of CIS 6 because of the trouble I had with CIS 5.x. (I got a CFP error, Registry errors, and lost LAN-connectivity because the driver for LAN wasn’t removed). Anti-error noticed there were problems but couldn’t solve them.

Are there any known startup issues with CIS 6 and possible remedies?

Sincere regards.

I notice the same slow downs on cistray startup, not every time but mostly if I logon as soon as the logon box is there CIS takes to long to load.
If I wait till the Harddisk activity is gone and then logon al things start in a split second.

Win7, x64 Enterprise here.
CIS ProActive security policy.

I’m glad I’m not the only one with the problem, I adviced CIS to my roommates and its used at our home, it would be rather annoying if they all lagged.
Are you planning on a fix, do you need a logfile of something?

CIS does not have a webshield so it won’t catch a virus when it gets downloaded. However it will catch it when you scan the folder you downloaded it in or you will try to execute it.

The actual protection is done by the cmdagent.exe which gets started early in the boot process. As long a this is running you are protected.

Please post a bug report here

I won’t know for sure until I remove CIS, but I’ve gotten to the point where I can say that I probably won’t notice any difference with or without CIS.
What I did:
Delete the logs and restart my machine. After logging in, wait for about 2 minutes so that all of the delayed services have started. Now look at the “Defense + logs”, and manually create the rules. To make this easier, export the logs first, so that you can copy & paste missing log entries (registry). Paste using “ctrl+v” keys. Right-clicking doesn’t work. 2 questions you might have:

Action - Create Process
Open the rule for the “Application” and add the “Target” to the “Run as executable” ruleset

Action - Modify File - \Device\Afd\Endpoint & \Device\Nsi
Open the rule for the “Application” and add any file to “Protected Files/Folders”. Edit the added filename and paste the \Device. Make sure that there are no spaces before & after the pasted entries.

I’m using the Proactive Security configuration, HIPS setting = Paranoid Mode".

Restarting startup applications & services helps to create rules without having to do it manually.

Okay for Paranoid mode I can expect such behavior, it should auto-learn them tough as did version 5.x
But I’m running ProActive Safe-Mode and that also seems to block certain behavior, probably related to the same code.

Please also file a bug report for this issue on Paranoid mode.

I’ve put HIPS on safe mode, I guess thats the best option.
Where can I find the Log files and which ones do you need?

If you open the GUI and click on ‘Tasks’ then it will flip and show you the ‘View logs’ option.
If you open that you can select the Defens+ on the ‘Show’ part it’s a drop down list.

That might be harder than it sounds, all of the records are empty.
Is there a windows or TMP location where the logs are stored?

Running Windows 8 Pro x64 i found the log files in in
hidden folder c:\programdata\comodo\firewallpro
see attached screen shot you will see the have an .sdb extension.

[attachment deleted by admin]

I have great startup speeds. but i don’t start using my computer till i see the widget and all my other systray
icons have loaded in the bottom right. and my hard drive is not running a solid hdd light, just blinking. that’s when you should start using the computer. after it boots completely…

Hey, DrHaze,

Thanks for showing the folder, I just found out I had still had to disable the Timefilter in comodo Logs.
I know I should wait before using my computer, but that’s where the trouble starts, There’s a long time between comodo to load fully and the previous icon to show up (altough it’s getting better).

I’ll post the logs in the forum Ronny suggesteds.


This are the logs from comodo Defense+ Ronny asked me to post here.

EDIT: I might be jumping to conclusions, but I think it might have to do something with HIPS, the moment I enabled it, it slowed down startup speed radically. Altough, when I dissabled it, it hadn’t an influence on startup speed.

[attachment deleted by admin]

Thanks, I merged your post with the original thread, else people would not know where your single post belonged to.

I also have the feeling HIPS is part of this, I’ll run a few tests also with it disabled.

I also notice a few applications are run as Sandboxed As Partialy Limited, can you verify those and see if they are safe?

If they really are I think the Xerox developers use strange names for their executables, they smell like malware at first sight…

C:\Program Files\Xerox Office Printing\Printer Software\XCQLUZ.EXE
C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe
C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe
C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe

If you are unsure about these please upload them to to let them get scanned by ~40 av’s.

And the easy way to see these is to flip the GUI, Advanced Tasks, Watch Activity
That will install Killswitch which will show you which applications are limited by the behavior blocker.

Sorry for the wrong forum entry.

No problem, it’s quite a large forest here with boards :wink:

I didn’t mean to suggest that CIS was having problems. The reasons why I had problems was because I also turned off “trust applications signed by trusted vendors” & “create rules for safe applications”. CIS did it’s job of blocking during startup because there was no rule to allow things, logged what it blocked, but was not ready to ask me to create the rules. I’m not going to file a report on this because the end result might be less startup protection. Freddy doesn’t seem to have the same problems that I had, since there’s nothing in his logs.

If I go to HIPS Paranoid, I normally boot and shutdown like 4 times and start a few applications while having CIS in training-mode.
Then review the entries created and go to Paranoid, this will prevent ‘startup’ blockers from causing your system to hangup or block during boot.