Heavy Hard Disk Activity

New to this forum, so hi everybody…

I use CPF since 6 months and everything is OK. This product is very good. I tried some others.

But I have a problem about “Heavy Hard Disk Activity”. While CPF is running, my HDD is always working. If I quit CPF, it backs to normal. I looked at task monitor with I/O input and output columns. Capture is here.


Why CPF.exe writes 2,6 GB to HDD in 1 hour?
Why CMDAgent.exe reads 267 MB from HDD in 1 hour? Are these normal?

Also I noticed that lsass.exe reads and writes continuously. Is this normal?

Any suggestion?


Hi aXes. A few others have noticed the same. I don’t know about lsass.exe, but cpf.exe (v2.4) uses a lot of I/O because of the logging. If you disable (part) of the logging, I’m sure you’ll see a difference.

To soyabeaner,

You are right. I changed the network rule #5 from “Block & Log” to “Block” and rebooted my computer. Then heavy HDD activity of CPF is ended.

Now I am freed from the frequent “click” sounds of my HDD. My computer is more silent and fast now!.. But I cannot see alerts anymore.

I think, programmers of Comodo can find a new way to logging for CPF without so heavy HDD activity. They are great because CPF is great!

Thanks for helping…


I hear the occasional “click” from the computer i am using, i thought it was a cheap drive and was about to go soon. I did not think programs can cause a physical sound from hard drives.

I was just about to report the same issue, heavy disk thrashing with Comodo installed, i did some benchmarks and saw that disk performance was reduced by about 6% with CPF installed, now i know why. Developers really should create some sort of database instead of normal log writing.

Actually, there is another method that might work ;). cpf.exe’s cpu usage won’t be as high for sure, and the alerts should still be in your log window. Set the C:\Documents and Settings\All Users\Application Data\Comodo\Personal Firewall\Logs[b]logs.log[/b] file to read-only.

You can also create rules that block some of the log entries without logging ABOVE the default block rule. Let’s say that you want to block the ICMP alerts except for those allowed by default.

Action : Block
Protocol : ICMP
Direction : In/Out
Source IP : Any
Destination IP : Any
ICMP Details : Any

Now you’re not gonna see any ICMP alerts in the log.

On Tuesday there will be an update, so let’s see if it solves anything… 88)