Defense+ logs every other second a memory access in cmdagent.exe

Please see attachment. What does that mean?

xamp-control.exe cannot be submitted as a suspicious file because a message says it is in the safe files database.

[attachment deleted by admin]

It means that xamp-control.exe is trying to gain access to cmdagent.exe’s memory & CFP/CIS is rejecting it. If you didn’t know cmdagent.exe is CFP/CIS’ windows service. I’ve no idea why it wants access. Since you use it, you’ll probably have a better idea anyway (giving its functions & abilities). You can give it access within CFP/CIS, but depending on what it actually wants you probably will not be able convince CFP/CIS to allow it.

[i]PS Oops. How rude of me…

Hi bege, welcome to the forums![/i] :slight_smile:

Hi kail,
thank you for your quick response.
To be honest, I have no idea, why xamp-control.exe tries to gain access to cmdagent.exe’s memory.
xamp is an apache-/ftp-/mail-server package, and xamp-control.exe is a simple control panel for these applications. I checked it with Spybot Search & Destroy and AVG Anti-Virus - no results.

Today I also found unlocker.exe to try the same access. Unlocker.exe is a tool to unlock files that i.g. have not been unlocked after a crash of the application they have been worked on.

Why do applications try to gain access to cmdagent.exe at all?

Why? Most (I cannot answer for all developers & their creations, obviously) processes do it because it is part of their operation/function… whilst others may be a bit lax in their approach (only needing access to certain processes memory). Another reason might be for checking for available system resources (not only files can be locked). Other processes (like Process Explorer) are just plain nosy (on purpose). But, in general cmdagent.exe guards its memory zealously (for obvious reasons) & whilst it will not let anybody peak inside, it doesn’t usually cause a problem.

I’m familiar with Unlocker (use it myself) & that probably does it in an attempt to verify that the process actually has the lock that the OS claims it has… or perhaps it’s polite & asks nicely first. ;D

As far as XAMP-Control is concerned, I believe that has the ability to stop & start processes/services (maybe other things as well? priorities?). Perhaps it interrogates each process to see if it falls within its control or is looking for something else (system resource). Of course, that’s a wild guess. You’d need to ask the developers to be certain.

Hi kail,
that’s exactly what it does. And it seems not to be satisfied with being rejected by cmdagent.exe. So it tries again and again and …
Unfortunately this makes the defense+ protocol unreadable after a short time.

Thank you very much for your detailed answer. It makes very much sense to me.


I know several tools that behave in that manner and I intend to ‘de-clutter’ my log files and I hope to get a bit stress from comodo refreshing the log each time an event like this access memory fault happens.

BUT I don’t know how to allo some choosen tools to access this proteced memory. I checked the COMODO GROUP in the rules section but I do not know exactly where I have to turn the ■■■■■.

Can you enlighten me please?

Welcome to the Forum, diverxl.
This is simply a memory sharing issue being reported.
The solution is below:

Select Defense+/Advanced/Computer Security Policy.
Scroll down to Comodo Internet Security, select Edit/Protection Settings.
Interprocess memory Access (Active Yes) select Modify/Add/Running processes.
Scroll down to locate the application. Click it and click “Select”.
Then just “Apply” to each window as you exit.

HI John,

thank you for answering so fast. That solved my probs :slight_smile: