How can I kill cmdagent

How can I kill the resource hungry cmdagent when I don’t need him?
He really knows how to annoy me, when he suddently grabs all my processor power, without telling me what he is doing, or give me a hint in the log. When I do nightly backup’s or defragmentation, I don’t want him to slow everything down. I have tried to disable everything by right clicking the tray icon. He doesn’t care and keeps on annoying me. When I then switch back to normal operation, he is really mad and want to restrict all programs and send them to cloud analysis (even notepad). I give up, restart the computer, and promise myself too look for another AV tool. I have also tried to exit Comodo via the tray icon. Cmdagent doesn’t care, he keeps on hogging the resources. I have a long time ago disabled the annoying sandbox. I will now also permanently disable defense+, in the hope that cmdagent will stop annoying me. I hope he is not a part of AV or the excellent firewall…

Did you have enhanced protection mode turned on? (its off by defualt)

Defense + > Defense + Settings > Enable enhanced protection mode.

Also what are you system CPU and Ram amount?

Yes enhanced protection is off. Defence+ is at at the moment in training mode. Cmdagent is now peaking the cpu again!!! I am on the Comodo forum site, maybe it is packed with malware… I will look at the defence+ log. No, nothing there as usual. Does anyone know how to see what the cmdagent is doing?

do you have any intrusion attempts listed on the main page under D+?

No, absolutely nothing. Last event was the dangerous universal extractor, attempting to create new files during the extraction. Such behaviour must obviously be stopped by D+

does it seem to do it during av sig updates??

No, as I explained in the first post, it happens when I change D+ security level via the tray icon.
When I disable D+, cmdagent remains active, I don’t understand why. When I then return to safe mode, cmdagent gets paranoid and detects everything as malware behaviour, and I get flooded with popup’s.

cmdagent.exe is an active process required by all components of CIS.
Regarding high CPU have you got any other active Anti-malware programs running that could be conflicting with CIS?

No, no other av/firewall.
Well, I think I will switch D+ permanently off. I have spend way too much time on it, during the year it has been installed. I actually hoped that D+ would be improved by time. Now cmdagent is peaking again! for…40seconds. Looking in log for D+/AV/firewall…Nothing. This is absolutely not acceptable.

Hi Nuser,
Sorry to hear of your problems.
Something doesn’t seem quite right for this to be happening, maybe try a different configuration right click icon choose between internet security/proactive security.
All else failing I would consider a new uninstall/reinstall latest version 5.8.213334.2131 just in case something is buggy/corrupt with the current installation.
V5.8 has been noted to be very resource and user friendly in most set-ups.

Also note that training mode should only be used for very short durations, as this could open your machine up to malware.

if you are willing, you can download teamviewer and I can help you out by doing a remote connect. http://www.teamviewer.com/download/TeamViewerQS_en.exe you can then turn it on PM the id and password when you have it open.

Thank you for all the reply’s.
It seems that I am not very good at explaining the problem. I will try again, sorry if the explanation is long.
I have had CIS installed for approximately a year now. D+ has caused me many problems, while the AV and firewall runs nicely. The firewall is excellent, probably the best there is. I have been dealing with problems like D+ not accepting a common program as Process Explorer and many other obscure problems. I have always thought that D+ is too ■■■■■■■ system resources, but after the latest program update, there was a noticable improvement. But it seems to me that the learning time for D+ is extremely long, it takes days before cmdagent calms down. This is acceptable, but it is not acceptable that a new learning period starts if the security level is changed. It is also not acceptable that D+ goes in ultra paranoid mode when re-enabled from disabled mode. The only way out is to reboot the pc, and after reboot it seems that a new learning period starts. It is also very frustrating that there is no way to see why cmdagent is so busy. I have learned that D+ is extremely sensitive to memory access attempts, and how to handle it. As you also can see, this is not a problem that was introduced after a program update. I have now disabled D+, I don’t have patience for another learning period.

While you may say, its the defense+, and the antivirus would run well, i would say, its in contrast the antivirus which is letting cmdagent annoy. Did you try what happens without the antivirus?

But before you test this, make a scan of your computer with an up to date virus database (because of your mentionings about malware notifications of defense+(?).)

When i make a new rule set for comodo, i dont use trainings mode. I start a program (and for easy use, you can give a “treat application as safe answer”), answer one (or if i want more) questions, and everything runs at once.
You know when you start something, and you allow this for the future. Treat this as trusted, its like using trainings mode. But trainings mode allows this the whole time its on… for everything. And it would store this learnings! Thats why you should not use trainings mode. But its easy to tell in the question window, treat as “something of these examples”, and remember my answer. (Did you pressed the button, “more options” once in one question window? That gives you the options i am talking about.

Thats it. You made yourself work, because you didnt see the easy way :slight_smile:

EDIT: Also you can backup your settings. Under more, manage my configuration. Dont forget to use the activate button.
But i would use a new setting for an backup. Its easier and safe to make a reinstall of comodo and make a nice setting for backing it up. Before you make the setting, you could consider to switch to proactive security under konfiguration.

Yeah, clockwork, you are absolutely right. All the troubles I have had, was always related to D+, so I didn’t try to disable the AV this time… I have now disabled the AV and have D+ in safe mode. This combination makes cmdagent behave acceptable, with only a very few peaks. Most noticeable is the boot up time, which is now not extended due to heavy cpu load from cmdagent. This is very nice to know, but rather useless. I don’t intend to switch the AV off permanently. The AV log doesn’t show anything unusual. Only some false positive detections from the last full scan.
But why do I now have trouble with the AV? Again…It would be very handy to have the possibility to see what cmdagent is doing when he occupies the computer. I could of course switch to another AV program, but I guess that will cause me even more trouble. I hope someone has a solution to the problem.
Here are some of my settings: Proactive security, AV now disabled otherwise stateful, sandbox off, D+ safe mode, scan memory on start disabled, heuristics scanning level low, sheduled scanning disabled. Further on I have disabled scanning of many programs which gives false alerts, and Comode will not whitelist them. One example is several Nirsoft programs.

Its your choice. But as an antivirus is doing all the time something, its performance hunger will affect you very often.
To have comodo in safe mode is a situation, where an antivirus can safe you against a digital signed malware. I had to change the antivirus. But i try it again from time to time.
Without antivirus is no solution. But ~70% cpu using for anything, thats a no go.

Since a while i am using avast free. Only the datasystem protection part, without behaviour blocker, without avast sandbox (!this is important against incompatibillities).
And compare this to your actual experiences:
avast needs up to 30 mb ram, and uses the cpu around the day only for some seconds. It doesnt scan things in statefull mode again and again.

If you want a suggestion, i would suggest this program together with comodo. I used another one regularly before, several others from time to time. But this is my favorite now. And when you use just the antivirus part (data system protection), you have a very light AND good security together with comodo firewall and defense+

I dont tell this to advertise avast free, i tell this because you will not be disappointed about your comodo security part any longer :slight_smile:

NOTE: As you seem to be easy at hand with disabling something the hard way :wink:
NEVER disable the tray icon process of avast. In the auto start menu it would appear as the only entry for avast. But if you erase this entry, only the tray icon will not come up anymore, while the program will run. And if you would have to disable the avast, you couldnt anymore. While i had to try to manage these two, before i found out about the avast sandbox incompatibillity, i made this mistake to resolve a freezing. Man i was wrong :smiley:
I had to use windows safe mode after to uninstall avast.
My last try was, disabling the avast sandbox. That hit the spot. (Although i had not enabled the comodo sandbox at that time. I just tried.)

But this should only tell you: It is possible to solve things, when you look carefull and with patience.

The mistake that people often do is, that when they replace an antivirus with another, while having a host intrusion protection running, they add all the shiny things of the new one.
But replacing means: Take away one part, and take another similar part on its place.

You dont remove with the comodo antivirus a behaviour blocker, a web shield, a instant messenger shield ect.
So dont “replace” such things. And you will avoid un-necessary incompatibillities with remembering this fact :slight_smile:

Clockwork, a big thank you to you. This is the first time I see this sort of reply. There are hundreds of posts here about the same thing: Excessive cpu usage. Before Comodo AV I also used Avast and was actually very happy about it. There was a very fine balance between protection and use of recources. I installed Comodo because of the excellent firewall, and funny enough I decided to install D+ and AV as well, to avoid conflicts. Ever since that, cmdagent has done his best to annoy me. Now you tell me that I can use Avast AV together with my favorit, the Comodo firewall. Please give me further information of how to do it… Do I need to remove CIS and then re-install only the firewall? Is your D+ on or off? Can I use my settings back-up if I re-install only the firewall? Please give me a detailed “user guide” of how to do it. A big thank you in advance.

Faq on CPU usage here.

You can use Avast with CIS, but there are problems to overcome. There are many topic on overcoming them.

Best wishes

Mouse

Frankly, i dont want to use an antivirus where i have to know tiny links to solve problems other programs never had. Btw, the problems arent solved.
When people disable the antivirus of the suite to solve problems, then its not because the people have missed to know links.


Avast: Data system protection (this looks like what we are going to replace comodo antivirus with), everything else was not installed (user defined installation). Disable the sandbox! Make the settings.

Comodo: PROACTIVE policy
Firewall (custom mode), defense+ (safe mode/paranoid mode … dont forget the “Treat as” slide window in the question windows, and you are the trainer who needs to give one answer).
Insert avast, if necessary to the safe files list of comodo (per folder, x include subfolders).
DONT use the trainings mode.
NEVER use the trainings mode, or the “trusted” for anything related to the firewall!! Programs need only OUTgoing rules to run if they need internet connection.
Use stealth port wizard setting 3 (hide me from everyone), so you dont have to answer unrequested ingoing traffic questions.

I dont use any of the sandbox.

After you used the trainings mode before, i would not suggest to backup the actual setting. At this point, what is wrong with making a clean start. But you should go through each window and look what is there. Dont use default!! On each page is a “whats this about” help link.
One time carefull setting will safe you a lot of time and worry in the future :slight_smile:

Going through the setting means: Do i know what this means? Do i know that this mark should be/miss there?
If you have unanswered questions, feel free to ask.