High CPU usage in CPF.EXE ver.

Since CFP v3 isn’t ready yet I switched back to CFP v2.4 yesterday. Today after a UT3 demo release I set up a dedicated server just for testing purposes and I immediately noticed that CPF.EXE takes a lot of CPU (~50%) when UT3 server is running. I was troubleshooting this issue and I found out that it is caused by logging entries when the default rule in network monitor is fired: ‘Block IP IN or OUT FROM IP [Any] TO IP [Any] WHERE IPPROTO IS ANY’. After disabling ‘Create an alert if this rule is fired’ in above network monitor’s rule the CPU usage went back to normal for CPF.EXE (mostly 0% but sometimes it jumps to 3% or 5%).

I suppose that the CFP 2.4 is no longer developed and the whole dev team is concentrated on CFP v3 but this is serious issue and it should be investigated and I hope it will be. Logging firewall’s events shouldn’t consume a half CPU power.

CPU: P4 3.2 [ at ] 3.7GHz; 1 GB RAM DDR2; WinXP Pro SP2 32-bit + online updates.

[attachment deleted by admin]


I haven’t read any of the following posts, but they’re all related with cpf.exe taking to much CPU, so you might take some time to read it:

It’s maybe not about a UT3 server, but it might explain how to solve the problem.


Thanks, Ragwing :).

I should use search myself. Anyway, it seems to be a known issue and the current workaround is to disable logging or some security layers. From those two I choose the logging. It’s kinda disapointing that this known problem hasn’t been fixed since february. I hope that CFP v3 won’t be affected with this issue. I had a chance to test the CFP v3 beta some time and I have to say that the logging feature isn’t its strongest part( I had to disable it too; too many I/O operations 88) ).

Thanks again and have a great weekend ;).

I have been repeating so many times:
Leaving v2.4 unpatched with so many flaws for such a long time is extremely counter-productive and damages the product enormously!!!

I had been working as a system programmer for about 20 years (and thus I have some slight awarness about complexity and range of your work) and after short testing of v3 I became convinced that the final, stable and reliable version is months and months away from being introduced.

Don’t you see it, Melih, yourself?

You started a v3 as a totaly new project, completely different from the previous version, very daring I agree, but very far from being finished. HIPS module of such extension is so rare (if not unique) that it alone will take months to test, improve and approve. Meanwhile, in v3 beta, you still did not even satisfactorily finished such a single task as log module (which is still far away from being useful as it should). How can you suppose that you will manage more complex tasks in decent time frame, let us say by the end of year? (which is, btw, very far away from initial expectations, isn’t it?)

Please, reconsider your attitude, and renew support for your existing product.
Otherwise you are damaging not only the firewall name but also the Comodo name as such…