High disk usage - weird behavior

Hi,
Using Windows 8.1 x64. The latest CIS is installed. 2 external drives are attached to the PC. Every night, exactly at 12am, one of the external drives is getting overloaded for a couple of minutes then crashes. Every day, same time, same drive… The resource monitor shows the cmdagent.exe is a suspect of this strange behavior. The drive is excluded from being scanned by AV. There is no scheduled activities running at this time.
Everyone’s help will be appreciated. Solutions, ideas…pls

What version of CIS are you running? Version 5.x? Cmdagent.exe did also did the av scanning with the older versions. Later it became a separate process (cavwp.exe).

Under Windows 8 add mcbuilder.exe (in the system 32 folder ) and TiWorker.exe (winsxs*\TiWorker.exe) to the AV exclusions. With CIS 8 these processes make the av on access scanner very active. That’s is very annoying on a older netbook; that’s why I found them).

You can also use Resource Monitor from Windows to try to find out to what process cmdagent.exe is responding. I find it often useful to let it sort disk usage and see if you can correlate a process with a lot of disk access to high cpu usage of cmdagent.exe.

The CIS version is 8.2.0.4703. The system is pretty new as well - one year old with 12 gig of DDR 3. I tried to exclude these files as suggested but at 12 am the same thing happened again - drive usage jumped up to 100 % then crashed. I found 2 processes that used my external drive at that time: 1. cmdagent.exe and 2. cavwp.exe. I’ve purchased my PC last year with pre-installed McAfee ISS. The whole story has begun when I decided to uninstall McAfee and to install Comodo IS instead. McAfee was removed using their special tool so there is no leftovers of McAfee left in the system. It’s Dell PC btw.

Can you check with Resource Monitor what process is active with high disk usage other than cmdagent.exe?

It looks like there is a task scheduled at midnight for your external drive even though we cannot immediately find it. Do you have a back up program or indexer that could access your drive at a fixed time?

Can you also check with Autoruns if there are McAfee drivers, services or executables left? There should not be but I just want to be sure.

Apart from identifying what is upsetting cmdagent.exe we may be looking at a bug.

In the topic start you say

one of the external drives is getting overloaded for a couple of minutes then crashes
I assume it is cmdagent.exe that crashes. Is that correct?

Last night I decided to disable Comodo AV and HIPS for 15 min just before midnight. 12 am - nothing happens, PC is running smoothly and flawlessly. 12.05 - everything is OK. 12.10 - no changes. At 12.15 when AV and HIPS turned back on the disk usage jumped up to 100% and crashed few moments later . Resource monitor caught two files on the scene: cmdagent.exe and cavwp.exe.
I checked the system again for McAfee leftovers but neither files nor drivers were found in. Also, I checked all triggers in the scheduler and found nothing suspicious.

Do both cmdagent.exe and cavwp.exe crash? Can you check if CIS is logging its own crash in c:\ProgramData\Comodo\CisDumps?

Is there no other process with high disk usage active when the problem occurs? I am working from the assumption that another process is making the CIS processes go haywire.

Can you double check that there are no scheduled av scans by CIS? Do you use a back up program of any kind?

I have asked to other mods to come take a look to see if we can get to the bottom of what’s happening.

I am not sure whether both files causing the crash or maybe only one of them. Tonight I’ll try to capture a snap of the Resource monitor window. Looking to the c:\ProgramData\Comodo\CisDumps directory I see a few .dmp files and most of them are 0 kb in size. Only 2 files have 65 kb and were created one in Aug.30.15, another one is on following day - in Sep.01.15. They were created at the same time - 12.11 am.
The drive is excluded from AV activities. No backups are set for this drive (I do them manually once a month)

Can you attach the crash logs? I want to take a quick look at them.

Other than that I think we know enough for a bug report. If you have the time and energy please consider filing a bug report in the Bug Reports - CIS board following the format as described in Required Format For Reporting Bugs.

Reporting of bugs is strictly moderated to make sure Comodo gets clear bug reports. So, please make sure you closely follow protocol. That way your report will certainly be seen by Comodo staff.

I got a tip to check the file system of the external drive in case a problem with the file system makes CIS go haywire.