High CPU usage 100% RAMDisk 12.2.2.7036

Hi all, I use Comodo Firewall and cmdagent.exe consumes 25-75% of CPU (1-3 cores out of 4) for more than 1 hour time to time.
An reboot temporarily solves the issue but it returns.
This starts after reinstalling CF, another reinstall (after using cleanuptool) does not solve the issue.
I even re-created (i.e. build from scratch) my configuration but no avail :frowning:

My configuration is as follows:

Comodo info
Comodo Firewall 12.2.2.7036
Firewall - Enabled, Custom Ruleset (alert level: very high)
HIPS - Enabled, Safe mode
Auto containment - Disabled
Viruscope - Enabled, for all processes
Antivirus - Not installed

Windows
Windows 10 Pro 2004 64bit

Other security software
Avast Antivirus Premium (Firewall component not installed)

Machine specs
Intel Core i5-7400 3.0 GHz, 4 cores
16GB RAM

Thanks.

already tried to use only the comodo internet security?
Conflict happens in between softwares security (this may be the cause of excessive processor consumption) :-TU

try use only comodo internet security or wait devs to talk to you

Thanks for replying :slight_smile:

Conflict might be, but I use this combination (Comodo and Avast) for years without issue.
This just starts since recently, after reinstalling Comodo during tracking down another problem.

If it is really a conflict, I’d want to track down the real cause of CPU hog and ask both devs to solve it, rather than just uninstall one and hush the issue up.

You could use SysInternals’ great tools “Process Explorer” and “Process Monitor” to try to figure out what causes cmdagent.exe high CPU load. Maybe cmdagent.exe is trying to read or access something on your system but something is preventing or blocking it from doing that. With the mentioned tools it would be possible to find out what cmdagent.exe during high CPU load is trying to do on your system. That information would very be helpful to know.

Thanks, I always use Process Hacker and have both tools on hand so I’ll check I/O and other things when it returns.

IIRC there is no major I/O measured by Process Hacker when CPU usage is high, but tools you suggested (especially Process Monitor) might shed light on it.

Ok now I got an interesting one. Process Monitor shows cmdagent.exe is repeatedly trying to access R:, which is a RAM drive.
R: has environment variable TMP, TEMP and Internet Explorer cache directory.

Anyone anything rings a bell?

Just some wild guesses…

Is R: read-only perhaps?
How about set permissions on R: for System applications or CIS itself?
Maybe try to logon as admin and set admin permissions to R: to see if that lowers CPU load.

Looking at your Process Hacker screenshot, what’s the full text of INVALID PAR… in the Result column?

R: is writable, but I have another RAM drive S:, which is considered full by explorer. (I use NTFS compression so it indeed has some more spaces to use)
I disabled “USN journal logging” on S: via Everything (I don’t know exact meaning of this, but I don’t care as S: is just a temporal log drive) and CPU usage dropped instantly. :o

As for your question, it says “INVALID PARAMETER”.

It seems high CPU usage is caused by some I/O problems, but S: is created just a few days ago (i.e. problem started before creation) so S: must not be a root cause. I’ll keep an eye on this.

I doubt it’s anything to do with the Ram Drive in particular . . . .

Similar setup on a machine here:
Same OS version
Ram Drive R: at 2GB
All Temp / Tmp variables set to R:\Temp
FF, Opera & IE Explorer cache & Temp files all set to R
Print Spooler set to R

Only obvious difference is CIS 7036 running in a Modified Safe Mode on this one

Thanks for testing!

Difference might be these:

  • My R: is about 900MB and S: is only 128MB (and full according to Explorer)
  • RAM disk utility, I use I-O DATA RAM Phantom EX
  • Viruscope is enabled for all processes (not only contained one)

Ignoring the S drive:

Ram Disk by Primo . . . (free trial by the way)

Viruscope here enabled for all

I’d give it a shot, which will at least narrow the problems down a little

Hi NON_jpn,

We do not recommend customers to use several security products simultaneously, because their combination can cause compatibility issues, performance as well.

Please disable other security software, restart and check. If you still have this issue then performance logs are required for further investigation. Check your PM for instruction.

Only disabling might not be good enough as it may leave other security software services running. Uninstalling the other security software is the best approach to check if the issue still persists.

There are third-party AV / CIS FW combos that work perfectly well together. I’m using such a combo for many years.

Thanks everyone for assistance :slight_smile:

Currently disabling USN journal logging on R: stops cmdagent.exe from CPU hogging.
In next days I’ll check things you suggested (disable/uninstall Avast) and report back.

I disabled Avast (using Avast’s “passive mode”) and tested again, having the same issue.

For now I don’t have enough time to test further, but I created requested logs by C.O.M.O.D.O RT. Infos will be sent via PM.

Hi NON_jpn,

Thanks for providing the requested log. Will forward the log to developer for investigation.

A week passed, any news on this? Thanks.

Hi, I also encounter the same random high CPU usage by cmdagent.exe after upgrading to win10 2004.
Restarting somehow fixed it, but after an hour or so, the cmdagent.exe randomly spiked and stuck at 100%CPU usage.

Before I updated to win10 2004, everything is fine.

I only have Comodo Antivirus and Firewall enabled. Other HIPS,website filtering etc are disabled.

At first, I thought it was Win10 2004 upgrade that causes the random cmdagent.exe 100% cpu usage.

After few days, I realised it is my upgrade of comodo to version 12.2.2.7036 that caused the issue.

To trigger the cmdagent.exe 100% cpu usage:

  1. Install open source ImDisk Toolkit ImDisk Toolkit download | SourceForge.net
  2. Run IMDisk RAM Configuration, set it to 14 GB, check “allocate memory dynamically”, set drive letter to R: , file system to NTFS, check “Launch at Windows Startup”. UNCHECK “Create TEMP Folder”. Click OK.
  3. Install Qbittorrent and use it to download stuff to the R: RAM drive. Size doesn’t matter, as long as there are around 100 - 200 zip files.
  4. Now, randomly move the some of zip files from RAM drive to HDD. Move them back and out.
  5. Continue with Qbittorrent downloading of small files.
  6. Around 30 - 60 minutes later, cmdagent.exe will start with 1 core maxed cpu utilization, then spread to 2nd core and eventually all cores.

Any idea how to solve it?

Out of curiosity, do you have the scan network drives option enabled? I should be disabled by default as that use to cause performance issues.

E