A. THE BUG/ISSUE (Varies from issue to issue)
Can U reproduce the problem & if so how reliably?:
The problem is occasional. It seems to mostly be caused by Thunderbird(I have a big account of business email… more than a few Gb) and the rest by random programs (Id say 30% of the problems affected thunderbird, the rest are random, but usually Chrome or Firefox are the most affected too). However, there is no way to replicate this every time.
If U can, exact steps to reproduce. If not, exactly what U did & what happened: 1:Make sure Asus AI Smart Tool is installed on a compatible system, downloaded from here: http://support.asus.com/download.aspx?SLanguage=en&m=Tools&os=29 2:Run Windows 8 (Latest up to version), wait it for finishing loading all the background apps ( I have a SSD so it doesn’t take long) 3: The most likely way to replicate is to first Run Thundderbird (with my large email account) 4: As soon Mozilla Thunderbird shows the “enter master password” prompt… the mouse will start to studder and then all 3 of my hard disks will look like they are reading A LOT (this is not normal, as Thunderbird almost always runs instantly except when this bug appears, it seems to be a combination between thunderbird or other apps + comodo CIS)
If not obvious, what U expected to happen:
Thunderbird to ask for the password, enter the password normally with no slowdown and enter the program normally.
If a software compatibility problem have U tried the conflict FAQ?:
It is not exclusive of Thunderbird. It does happen with Chrome, Firefox, and other programs less often.
Any software except CIS/OS involved? If so - name, & exact version:
Seems to happen mainly with Mozilla Thunderbird, but also with Google Chrome (with many tabs open) and Mozilla firefox (many tabs open).
The program causing this is the ASUS AI smart tool. Removing this fixes the problem.
Any other information, eg your guess at the cause, how U tried to fix it etc:
Disabling the protection modules of CIS does not make this completely stop from happening. However, it does happen less often. The only way to entirely prevent this from happening is to uninstall the ASUS AI smart tool. If the firewall was loading at same time as the AI tool, it would cause these huge slowdowns which particularly affected password protected programs (like Mozilla Thunderbird).
Random programs causes CIS and “Local security authority Process” service to insanely start chewing memory and hard disk. (clearly a memory leak in Comodo). the Local Authority Process usually lasts 15 or 20 secs then all the reading and processing is on Comodo CIS programs.
When this happens it chews through all of my 16Gb of ram, then start to use all available virtual memory as well (causing insane visible 100% reading and writing on the task manager). During the hard disk writing the entire computer freezes or stutters awful, with severe mouse skipping. This usually lasts up to 30 minutes… the only real way to resolve this is forcing a shutdown of the computer (via SHUTDOWN button on my computer case, computer shuts down normally).
B. YOUR SETUP
[ol]- Exact CIS version & configuration:
Comodo Firewall 7.0.317799.4142
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Firewall in SAFE MODE, auto sandbox in UNTRUSTED, HIPS to CLEAN PC mode.
Have U made any other changes to the default config? (egs here.):
Only added a few rules, like programs into the safe group manually, also bitorrent apps authorization for firewall.
Have U updated (without uninstall) from CIS 5 or CIS6?:
I uninstalled the previous version and then installed CIS7.
[li]if so, have U tried a a clean reinstall - if not please do?:
Yes, but it did not help.
[/li]- Have U imported a config from a previous version of CIS:
No, redid them from zero.
[li]if so, have U tried a standard config - if not please do:
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 8, Enterprise N (64 bit) UAC Disabled (all managed by Comodo), Administrator Account, No Virtual Machine on this Installation(it is a physical HOST for various virtual machines )
Computer Specs: Asus Z87-A, 16GB DDR 1600 Corsair, Intel Core i5 4670k, Crucial M4 128Gb SSD, Hitachi HDT7210 1 TB, Samsung HD103SJ 1TB HDs SATA. Dual X Sapphire 7950 HD
Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=NOD32 x64 version 6 b=none
Thank you for reporting this. Let me see if I am understanding this correctly.
Every time you open Thunderbird, which handles are very large account, you see this memory drain. This also happens often, though not ever time, with Chrome and Firefox. It is also seen with other programs, but not as often. When this happens all of the 16GB of ram is used up and the computer becomes unresponsive. Even with completely disabling the AV, Firewall, and Defense+ components this still happens from time to time. Is my understanding correct?
If that is correct, what is happening to the CPU usage? Does it go up as well?
Also, can you please provide the exact names of the processes which cause this?
not everytime, but there is a big percentage of probability.
let’s say out of 10 powerons, 2 or 1 of them will have this bug of memory drain for thunderbird.
chrome and firefox chance is way lower(id say it happens once every 40-50 powerons) .
Interestingly: looks like despite having no antivirus module installed… something causes Comodo to go bonkers and read/write insanely.
and yes… disabling as in set to “disabled” in the context menu of COMODO.
Interestingly, even if you quit from the comodo application during the bug (all the subprocesses shutdown correctly except 2, including the service), this background app is the one that is doing the insane writing/caching/memory draining.
CPU usage spikes, but there doesnt seem to be a way to check correctly, as the PC almost completely freezes… it doesnt update the CPU rates with full accuracy… but yes, there are moments with 100% (all 4 cores). The interesting is, how one core after another starts to fill up until all 4 hits 100%.
I wonder if its related to the bug I’ve seen since Version 7 came up… that even if no antivirus module is installed with COMODO… you still get warnings of “Malware detected on file XXX” by defense+ when using some nocd for old games (nocds for compatibility that do not work with windows 8 or 7. Also note that nod32 reports these correctly as false positives)
Thank you for clarifying this. I have edited the first post. Please look it over and let me know if it is still correct.
Also, if you have not yet tried reinstalling by following the methods I describe in this post please do try reinstalling by those methods. Often they can solve problems like this, which a normal uninstall and reinstall cannot. Let me know if that is able to solve this.
If reinstalling by following those methods is not able to fix this then please see the below questions and requests for information:
Is the process which is eating up the ram cmdagent, or is it another process?
Also, you mentioned that sometimes this resolves itself after 30 minutes. Does this always happen, and when it does is the computer absolutely fine afterwards.
Also, please create a diagnostics report and attach it to your first post. If you are not sure how to do that please feel free to ask.
In addition, please create a KillSwitch Process List and attach it to your first post. If you are not sure how to do that please feel free to ask.
Also, I don’t know if this is possible, but if you can open KillSwitch during this time please try to make a Full Dump of the process/processes causing the problem. If it will not let you do it for those particular processes, please do it for another process which may be related. If you are not sure how to do that please feel free to ask.
Sorry, I somehow missed that you had attached the diagnostics report. The one you attached is absolutely fine.
As you sometimes get a BSOD for this, it actually gives a very good opportunity to collect a lot of information about what is going on here. Please make sure that your computer is configured to create a Complete Memory Dump. Kernel does not contain enough information. Instructions on how to create a Complete Memory Dump are given on this page.
Then, if this causes a BSOD again (after reinstalling by following the methods I suggested) put the Complete Memory Dump in a zip file and upload it to a File Sharing Site. The one I have found works best is Mega, as it allows very large files to be uploaded, is reliable, and free to share links (after creating a free account).
Let me know how it goes and if you have any questions.
I have reinstalled COMODO FIREWALL as per the instructions… no traces of COMODO were left visible.
But I noticed a few things…
In the new version of COMODO (Latest)
a) the DEFENSE+ module is not visible (Should repeat the process but download the CIS full version? Note that I want full protection managed by Comodo except the antivirus module, which is applied by my NOD32 antivirus)
b) popup menus are BLANK on a CLEAN installation of the firewall. (attaching Screenshot) Note that only the first tier of menus are invisible, if you hover… sometimes it popups the child submenu which is visible correctly.
I’m wondering whether NOD32 may be part of the issues you are experiencing. If you wouldn’t mind trying something, I’d like to rule that out as a possibility.
Please reinstall Comodo Firewall once again (you don’t need to install CIS, CF is fine) by following the advice I give in this post. However, before restarting the computer into Safe Mode please also uninstall NOD32. Then restart into Safe Mode. In Safe Mode run the removal tool for CIS and the removal tool for NOD32 (linked to from the reinstall topic).
Then reboot into normal mode and install Comodo Firewall. Do not reinstall NOD32 yet. With just Comodo Firewall installed please see what the behavior is. If everything seems absolutely fine then you can try reinstalling NOD32 and see what happens. I realize that this is a bit time consuming, and more than a little annoying, but I hope this can help to get to the bottom of this.
So far no problems.
Still uneasy to do not have DEFENSE+ available in the program. I think i might be removing this and redownload the full CIS.
I swear I miss the old Firewall when they had very specific modules for specific programs.
now its “CIS” or “Castrated” versions. not fun to have the AV shoved when you do not need it… same with komodo dragon and geekbuddy (thanks god you can still uncheck them)
That is the interesting thing, I downloaded it, It had comodo geek buddy and all the extra software, but it said nothing about defense+
right now the firewall settings only shows 2 things FIREWALL and AUTO SANDBOX, no DEFENSE+.
unless in the new latest version DEFENSE+ is now auto sandbox only.
note that in the settings the HIPS and DEFENSE+ section is visible.
But the installed program clearly is only asking me for INTERNET ACCESS and sometimes the ACCESS rights (with the auto sandbox prompt)
In that case everything is fine. The main screen only shows the Auto-Sandbox. It does not show the HIPS part. You do have all relevant components installed.
As for whether CF should be asking more question, can you please describe how you have configured CF? I can tell you that by default it should be very quiet. That is largely because the Behavioral Blocker allows all programs which are in the Trusted Files List, and the Trusted Files List is very large.
Okay, in that case it sounds like everything is currently working okay.
What I would recommend doing is run with this configuration for a few days. If everything seems fine with the memory usage, after a few days, then reinstall NOD32. Then see if the memory issues return after adding NOD32 to the configuration. That should allow us to figure out exactly what’s going on. Of course hopefully the problem does not return, but following this approach should let us pinpoint what is most likely causing it.
NOD32 as been up and running and they seem to be working fine… no slowdowns or anything like that.
infact Windows boots a bit faster.
Maybe COMODO got corrupted and my other attempts to reinstall were not successfully (left trash behind that corrupted the new installations?)