Isn`t the antivirus taking too much CPU often, even in statefull mode?

This is no bug report or asking for help. Its a topic to discuss the performance of the antivirus.
(Last line of defense, but biggest eater at table).

I just took comodo antivirus for a moment again. But any good will went away after i saw the cmdagent taking cpu of, lets say “50%”, each time i open firefox, or other programs.
Not to mention that it has been on statefull. And updates have been “sheduled to once a day with the workaround”.
Its even too much using of cpu for a first scan, and comodo is with statefull inspection much more cpu using than another antivirus without statefull inspection would be in the first run.

When i use my old antivirus, like now, i can open firefox as often as i want, the spike of its guard is like 1.5% cpu using, and very seldom. I tried it right after i re-installed it again after the comodo “test”. And it has anyway no statefull mode at all.

The statefull inspection of comodo looks like a feature, but in fact, its like a patch against maybe more cpu wasting otherwise. While on statefull it tops allready all negative expectations, … by far.

Hmmm…I thought AV was the first line of defense…or maybe second if you count something like web guard…

Sometimes it can be the first line for the user.
For comodo its the third line. This makes it so paradox. “For useabillity only”, but hogging the cpu.

I never understood the campaign against antivirus. I never had a problem with my antivirus.
But when i install comodo antivirus, i want to disable it and trust in the defense+ … if i had not to cover up new entry files with a scan first.

What’s your hardware like? I have similar experience on a ‘old’ Windows XP system Pentium4 2.4GHz

You calling 2.4 GHz old? You want to try CIS on 1.2 GHz. Even my newest computer is only 2.0 GHz ;D. I know what you mean though, old tablet is feeling it’s age now.


I got a similar complaint from a user today. These pics were taken 29 and 16 seconds apart, on an Athlon XP PC running XP SP3 while opening a database application. Subjectively, previous AV went nowhere near 90% CPU and didn’t take as long. If I get time I should be able to try it with the old AV from a backup HD tomorrow to compare.

[attachment deleted by admin]

I wonder if Stateful data is transfered between sessions. If not, there is your problem. You have to perform persistent caching to really remove the impact of the scanners.

What sessions? You can literally start firefox or others, and close them. Next start of firefox, cmdagent has a big business again.

As you speak about “remove the impact of the sacnners”, this is what this topic is about.
Statefull means: Until next update the unchanged but allready scanned files will not be scanned again.

If this would be the case, what is cmdagent performing each time with those anyway too high cpu usings?

And about persistent caching. Every 30 minutes comodo searches for an update. So the intervall of happened updates determines the “time of reduced impact”… while i prefer no impact at all.

I suspect cloud issues here, indeed it shouldn’t (AV) rescan if in stateful and no DB update, but I’m afraid the cloud code is part of D+
Also command-line analysis can have impact because of the trail of files that are opened if FF starts.
Can someone fiddle around with D+ scan cloud etc settings to see if it leaves the CPU alone at repeated start-ups of FF?

Reloaded backup image including previous AV which happens to be Avast 6.
The difference is stark.

I tried starting Firefox, first with Avast caching turned off, and actually had a bit of trouble getting screenshots of CPU activity during the short time it was happening. (see first 2 attached).
With caching turned on, starting FF for the first time there was a relatively long spike of high CPU activity on opening and a little on closing too, but on following occasions there was no apparent AVASTSVC.EXE activity.

Now back to CIS set to ‘Stateful’, every time I start FF, CMDAGENT.EXE gets quite excited for long enough to easily take a sequence of pics of a selected area of screen (3 pics attached).
I don’t understand what it is working on if it doesn’t have to check FF again and again.

[attachment deleted by admin]

Thought of that. Sure can. D+ disabled "permanently’

[attachment deleted by admin]

Can you run a process monitor logging on cmdagent during FF startup?

If the antivirus part of comodo is uninstalled, all is back to normal.
Cloud wasnt enabled.

An antivirus should not use that much cpu in any way or moment. In fact, i installed comodo to benefit from the statefull. Got opposite effect.

Now i installed avira, and in the magazine description it said: Unfortunately avira doesnt care if it scanned a file before.
But what to say, it runs “50 times” better (seldom 1% cpu useage compared to about 50% of comodo in statefull), even if avira misses to have this feature at all.

Just to be sure, are you seeing this issue with the latest 5.8.x.2111 ? or are we talking about 5.5.x.stable here?

The actual official version of comodo.

Well if we wish to report this I’m sure dev’s will want to know if this issue is still there in latest 5.8 RC version.
Someone able to test this?

I can’t test anymore till Monday. Version is - current stable release.

Cannot replicate under 5.8 RC2.

Moderate level of cpu when FF starts for first time in session.

Almost none on restart.

XP sp3 x32, FF 4.01

Only when you do a Scan.

If comodo integrates this feature then the problem will be solved i suppose