Excluded file locked by cmdagent [CIS config file attached]

The bug/issue

  1. What you did:
    I was running an application and getting a lot of errors because it could not write to its log file.

  2. What actually happened or you actually saw:
    Looking with process monitor at file events in the relevant directory, I noticed there were huge numbers of events from cmdagent.exe and a small number of events from the app itself.

  3. What you expected to happen or see:
    As the directory is in the list of exclusions I didn’t expect to see any entries from cmdagent - and certainly not thousands of occasions when cmdagent has the file locked.

  4. How you tried to fix it & what happened:
    I tried turning the realtime scanner to disabled - but this had no effect.

  5. If its an application compatibility problem have you tried the application fixes here?:
    It is a problem with cmdagent locking files, which it should never do, and processing files in its exclusion list.

  6. Details & exact version of any application (execpt CIS) involved with download link:

  7. Whether you can make the problem happen again, and if so exact steps to make it happen:
    Problem has got worse recently but it happens at random.

  8. Any other information (eg your guess regarding the cause, with reasons):
    The create event from the app was failing with a sharing violation and just before that there was a create event from cmdagent.exe with the corresponding close just after the failing call from the app. So the app was failing to open the log to append to because cmdagent had it locked.

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug:
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List:
  3. A CIS config report or file.
    config attached.
  4. Crash or freeze dump file:

Your set-up

  1. CIS version, AV database version & configuration used:
    5.4.18982.1355 8927 - or there abouts (you would get better information if I could copy it from the about box)
  2. a) Have you updated (without uninstall) from CIS 3 or 4:
    no
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
    not applicable
  3. a) Have you imported a config from a previous version of CIS:
    no
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
    no
  5. Defense+, Sandbox, Firewall & AV security levels: D+= , Sandbox= , Firewall = , AV =
    D+ = clean pc
    sandbox = enabled
    Firewall = safe mode
    AV = stateful and also disabled
  6. OS version, service pack, number of bits, UAC setting, & account type:
    Win 7 SP 1 x64 UAC = default, account = admin or standard.
  7. Other security and utility software installed:
    Process Monitor (from www.sysinternal.com)
    Attached is a PML file - if you open it with Process monitor and filter the path on C:\Games\Pride of Nations\VGN\Logs and then look for the result “Sharing violation” down near the bottom.
    It shows cmdagent opening the file then PON opens the file to read and closes it, and then opens the file to write and fails and then cmdagent closes the file.
  8. Virtual machine used (Please do NOT use Virtual box):
    none

[attachment deleted by admin]

[attachment deleted by admin]

Thank you for your bug report in the correct Format.

Moved to verified.

Thank you

Dennis

Found a fix - installing avast!, disabling AV and defence+ and rebooting makes the system usable.