Higher than expected cmdagent CPU usage [Issue Report]

The bug/issue

  1. What you did:
    Clean install of 5.4.189068.1354, imported Internet Security settings saved from 5.3.175888.1227
  2. What actually happened or you actually saw:
    Very slow backup using XXClone and very high CPU usage by cmdagent, Moderately high CPU usage by cmdagent during daily operation. I do backups with clean boot and nothing else running or in startup, except display and mouse.
  3. What you expected to happen or see:
    Much faster backup, Lower CPU usage by cmdagent in general.
  4. How you tried to fix it & what happened:
    Disabled Realtime AV (had been set to Stateful), thereafter backup and cmdagent CPU usage became normal.
  5. If its an application compatibility problem have you tried the application fixes here?:
    In that cmdagent CPU usage is higher under regular operation, and that the degradation, I now know, started with 5.3.175888.1227, I don’t believe it’s specific to XXClone. It’s just much more noticable due to the high file activity.
  6. Details & exact version of any application (execpt CIS) involved with download link:
    For testing general problem, v0.58: http://www.xxclone.com/xxclone.zip
  7. Whether you can make the problem happen again, and if so exact steps to make it happen:
    N/A. Regular operation problem.
  8. Any other information (eg your guess regarding the cause, with reasons):
    Please see my initial post and EricJH’s response:
    https://forums.comodo.com/news-announcements-feedback-cis/cmdagent-taking-up-cpu-slows-down-everything-t69191.0.html;msg515149#msg515149

https://forums.comodo.com/news-announcements-feedback-cis/cmdagent-taking-up-cpu-slows-down-everything-t69191.0.html;msg515181#msg515181

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: N/A
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List: N/A
  3. A CIS config report or file: Appended
  4. Crash or freeze dump file: N/A

Your set-up

  1. CIS version, AV database version & configuration used:
    5.4.189068.1354, 8619, see Appended
  2. a) Have you updated (without uninstall) from CIS 3 or 4:
    No.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
    N/A
  3. a) Have you imported a config from a previous version of CIS:
    Yes.
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
    I believe my config is standard.
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
    No.
  5. Defense+, Sandbox, Firewall & AV security levels:
    D+=Safe , Sandbox=Enabled , Firewall =Safe , AV =Stateful
  6. OS version, service pack, number of bits, UAC setting, & account type:
    XP Pro, SP3, 32-bit, N/A, Administrator
  7. Other security and utility software installed:
    None.
  8. Virtual machine used (Please do NOT use Virtual box):
    No.

[attachment deleted by admin]

It occurred to me there is a much simpler test of the long delay and high CPU usage. When backing up I happen to catch a very long pause when copying the Robotask program files directory. Download Robotask, install, then copy the directory to another drive. I was able to count slowly to 27 (an eternity in backup time that should only take a few microseconds) while Task Manager indicated cmdagent had the CPU pinned at nearly 100%. The same happened when I deleted the copied Robotask directory. I can understand why this type of program would cause the AV much consternation. I can also understand that it would be impossible, or nearly so, for the developers to deal with this. I remember one of the malware infections was to place a file named explorer.exe in the Windows directory. CIS has no way to know whether a file is a legitimate copy or a recent infection.

On the one hand I am grateful CIS is doing such a thorough job, on the other, it is an unfortunate consequence of the world we live in.

Thank you for your Issue report in the correct Format.

Moved to verified.

Thank you

Dennis

Today I noticed Secunia PSI was running very slow. I had noticed it before but now I knew where to look. Sure enough, there was a lot of CPU usage by cmdagent. So it seems as though any high file activity is slowed down by cmdagent.

I don’t want to turn off Realtime altogether, but at the same time I don’t particularly want to have to remember to turn it off and then remember to turn it back on again.

Is this something peculiar to my system, or have others been experiencing the same thing?

If it’s of any help, I can now give you a quantitative indication of the amount of slowdown. Yesterday I did a full backup of my system drive, without Realtime, and it took 14 min. 25 sec. Under 5.3.175888.1227 it had been taking about twice as long, approx. 34 min. I had thought this was due to more junk on my system, but something still didn’t seem right. I looked at various things, such as my writeback settings, but didn’t think about Comodo. Then under 5.4.189068.1354 (the last one I tested it on, I’m now on 5.4.189068.1355) it was twice as long again, approaching an hour. Now I knew something was wrong and eventually landed on Comodo’s Realtime.