Hi CPU consumption by cmdagent when running browsers

Good thought, might help, but I am unsure whether this will affect whether CIS scans browser add-ons. D+ should still give some protection though. Anyone know?

You can always try some of the other solutions in this faq, too.

Solving high CPU problems.

To really diagnose what is happening we’d need to know more about your system and settings, you could for example answer some of the the bug report questions to give us this:

(I think you have answered 2 already, so just leave this out). It would also be good to know processor speed and RAM,

  1. CIS version, AV database version & configuration used:
  2. a) Have you updated (without uninstall) from from a previous version of CIS:
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS:
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
  5. Defense+, Sandbox, Firewall & AV security levels: D+= , Sandbox= , Firewall = , AV =
  6. OS version, service pack, number of bits, UAC setting, & account type:
  7. Other security and utility software currently installed:
  8. Other security software previously installed at any time since Windows was last installed:
  9. Virtual machine used (Please do NOT use Virtual box):
  1. a) Yes
    b) Yes
  2. a) no
  3. no
  4. defense=safe mode (exclusions(dkservice.exe,chrome.exe)), sandbox=off, AV/firewall=safe mode
  5. windows xp sp3
    7.auslogics boostspeed
  6. no clean windows xp install
  7. nope…

AMD FX 4000+ 2.41 ghz 2 GB RAM, and dont bother anymore its just old computer

OK there are a few problems you can sort here:

  • Programs accessing cmdagent in memory. If you go through your D+ logs you should be able to find quite a few of these. If and only if you know they are safe you can allow them to access CS in memory as described here.
  • You seem to be running quite a lot of installers without allowing them the privs they need to install software properly. Check whether they are safe, and if so allow the unlimited access the installers normally request. If they don’t request this maybe you have switched off ‘automatically detect installers’, probably when you switched the sandbox off. If you have you need to apply the installer/updater policy to such installers in the Computer Security Policy D+ rules. Otherwise program installations may be incomplete. Possibly you have some incomplete browser installations.
  • You may be be installing or running software direct from browsers, without saving the files first. This is undesirable security-wise, and may lead to high browser CPU when the installers are blocked from doing their stuff
  • You are running quite a lot of files that are not immediately recognized by CIS as safe, so you need to check unrecognized files regularly and make those you trust, trusted files
  • Adding your suspicious file to AV exclusions and adding it to the D+ trusted files list should prevent CIS from re-scanning it constantly

You might find that CIS works better for you if you revert to more default settings. Running with the sandbox switched off demands quite a lot of thought and quite a lot of knowledge about CIS, and software more generally.

Are you sure your Firewall logs show nothing? With your setup, I’d expect something in there…

Best wishes

Mouse

thanks for help… problem is i’m behind a nat of router and since i got router i had never any entries even though its on safe mode… can you explain bolded part i use all predefined policies of comodo where u see i dont use correct one?
also problem is i don’t have any unrecognized files in logs

ty again for help…

[attachment deleted by admin]

You are running installers, eg Flash player, and these are asking for extended permissions, thus generating log entries, eg ‘access Com interface’.

You might be allowing these, or they may be being blocked silently. Even if you are allowing the ones in the logs there may be others which are being silently blocked (CIS very occasionally does this), or in which the installer times out before you allow them.

This is all probably happening because you have disabled the sandbox, and therefore automatic installer detection.

If you apply the installer updater policy to installation files before you run them this will not happen. You do this in the computer security policy ~ D+ rules, making sure you place the rule above any all applications rule.

(The other points i make are maybe more important than this one, though it may be relevant).

Best wishes

Mouse

but it asks me when unknown installer starts installing isnt that the same thing?

If it is giving you a unlimited access alert, and you are allowing it that’s fine. Some of your installatiosn are generating log entries that should not be generated if you had allowed an unlimited access alert - eg Flash installation.

You may find it helpful to read the ‘guide to the sandbox’ - see my signature for a link.

A thought from another trace is that the situation may improve if you clear the browser caches. Not sure why this should help cmdagent, but worth trying none-the-less.

Guess probably best now to leave you to try out all the things we have discussed… then feed back.

Hope one of them helps

Best wishes

Mouse
Best wishes

Mouse

just to tell you after enabling sandbox, it automatically fixed cmdagent lol thats strange

Thanks for the feedback. Interesting.

Possibly the sandbox alerts/notifications lead you to grant some files the permissions they needed? Or maybe the sandbox suppressed attempts to access cmdagent in memory.

Best wishes

Mouse

yes, seriously its strange before it was cmdagent on 60%-100% cpu usage and now its at most 40% and very rarely… i think that u are right that sandbox supressed to access cmagent in memory…
tyvm for help and suggestions… never thought that sandbox on off is a problem…