high processor usage when install comodo 2.4 firewall...need help!!!!

need help…after upgrading from 2.3 to 2.4 version, the 2.4 firewall eat up my processor usage till my com lag when watching movie…from the task manager, it show the processor usage history show times can reach 100%…whats with it…previous version works fine for me…how to solve it?

This is just a guess, but try turning off Monitor DLL Injections in the application behavioral. Please see this other thread on the same issue.

omg…still the same after i turn off the monitor DLL injections…got any others new idea???

Yes, try temporarily turning off the entire app behav feature itself. Also check your logs if there are unusually large amounts of entries or so.

wat u mean the unusual entries…way i notice is everi minutes also have numbers og lod files have been generated…

In the other thread some other users have reported high CPU because there were too many connections being logged. If you disable logging, see if that helps any.

Might be a good idea to export and post your logs.

now the processor usage is low only if i disable the network monitoring log file and the application behaviour analysis…so wat should i do now…just keep on disable these two function…?why this only happen to the 2.4 version and not 2.3 version???

Seems like we all have different reasons for the high CPU usage :THNK.

You should export your log to a html file and post it here so that we can analyze what they are. You should also re-enable the Application Behaviour Analysis (ABA) since that was just a test and you don’t want to compromise your security setup like that.

here is the log file…

[attachment deleted by admin]

Comodo made some changes to the way that CFP monitors and logs communications, starting with the 2.4 Beta releases. Doesn’t mean the computer is communicating differently, just that CFP seems to monitor/report it differently.

All those nbdgram entries on ports 137, 138 are coming from within your network, is my guess; they’re generated by the router/server. If you go to Start/Run, type ‘cmd’ then at the dos prompt, type ‘ipconfig /all’. This will allow you to confirm that the IP listed in the alerts is within the range of your network.

I had a lot of those entries, too, at work. I created a Network Monitor rule to block all network IPs except those I need for DNS, DHCP, Gateway, etc, with no logging enabled for that rule. Placed above the bottom block & log rule, it catches that traffic & blocks it before it hits the bottom, and doesn’t log the block.

This rule would look like:

Action: Block (DO NOT CHECK the “Create an alert…” box; this way it won’t log the action).
Protocol: IP
Direction: In
Source IP: IP Range (set the range based on the ipconfig info, starting at one point above the highest you need for DNS, etc, and ending at the end of the range. For example, xxx.xx.xx.4 thru xxx.xx.xx.255)
Destination IP: Any (or your specific computer’s IP, if it doesn’t change)
IP Details: Any

Click OK. Reboot the computer.

That should help keep all those entries from cluttering your log file.

LM

There is alot of port 137 & 138 in there… are you on a cable modem? If so, do you have a router between you modem and PC?

137 & 138 are used alot in network sharing and hame resolution of shares and what-not.

Turn on all functions/features and edit the last “Block All” so that it does not log… and see what the CPU is like… possibly there is a logging issue with this version? And if there is, having a hardware router to filter out some of the internet noise before it gets to your PC/Comodo may work wonders for how much even needs to be written to the logs.

hmmm, after reading what Little Mac had to post before I pressed my post button… I have a couple other thoughts…

If 172.17.68.X is on your LAN, and not a WAN IP… and your log reports blocks on rule 5… then you do not have a trusted zone setup for your LAN… add that and you should be happier.

But I’m not going to recommend that yet because I’m thinking you’re on cable with no router, and your cable ISP assigned you that 172.17.68.X IP… braver than I… I don’t recommend routerless browsing.

Buy a router, have it assign your PC a 192.168.1.X number, add a trusted Zone for that LAN IP range, and surf with a truckload of more confidence/security.

  • Hardware firewall - inbound protection from the world
  • Software firewall - protection from inside the LAN, and controlling all software access.