Massive memory usage by cmdagent after login

hi… i am facing a problem after upgrading to v3.9 from v3.5

After the login process is over and after the startup programs have finished loading, the memory use by cmdagent spikes up. Task manager shows ‘Mem usage’ as ~75,000 K and ‘VM used’ as only about ~6,500 K. After few seconds, the cmdagent settles into Mem usage ~2,500K and VM used ~34,000 K.

The problem is that on my 256 MB RAM, for those few seconds the Physical RAM usage goes up to 100% and system becomes unresponsive. Effectively, my login period has increased. Did no see this happening with v3.5.

Is cmdagent doing some startup scan that was not there in v3.5? I have only three startup programs - Comodo, Avast and WinPatrol.

Something you could try to see if it helps is go to Anti-Virus/Scanner settings–>Uncheck the scan memory on start box.


I should have specified. I have only the “Firewall with Optimal Defense+” installed, not the Anti-virus.

One thing i checked was, the Comodo summary window shows System status as
"Comodo internet security is initializing… " with an orange color scheme, during the seconds the system is unresponsive.

The system becomes responsive after the memory use by cmdagent settles down to 2,500K/34000K (Memory use/VM use) and the Comodo screen switches to showing “All systems active” with green color.

Is there a minimum RAM requirement specified for v3.9? Because, the extra time added to each login process due to CIS initializing is serious enough for me to consider shifting back to v3.5

I am having the same problem, cmdagent starts chewing up memory like crazy after login and the computer gets incredibly slow when it gets up to 1.5gb (and keeps going). I have disabled the firewall and the antivirus via the sliders and disabled defence+ using the checkbox yet the problem persist. Before that I tried Matty_R’s suggestion without success. Although on my computer Comodo doesnt start eating memory until after initialization.

I noticed this first when I started downloading a torrent of the ArmA 2 demo (2.8gb). Dont know if I didnt notice the memory chugging as the download started or if it started as the demo started to download.

This is on a newly formatted PC with XP 64 and no other security program installed. I had downloaded all available updates through windows update a boot or two before the problem arose.

Intel Core2Duo E6600 [at] 3ghz
MSI P6N SLI Platinum
Corsair XMS2 5300 2GB

EDIT: READ EDIT2 Uninstalling the antivirus part of comodo solved the problem. I’ll just go back to Avira. Since cimmind does not have the antivirus installed his problem is not solved.

EDIT2: Nope, reactivating Defence+ and Firewall and rebooting after uninstalling the Antivirus part gave me the same problem again. I’ll try disabling Defence+ again.

I have the same problem and it was not there with 3.8.

Other programs I use are in my signature.

It takes 5 times the normal start up time from 3.8

Maybe a 3.9 bug?


Did the two last posters upgrade from 3.8 or did you do a clean install of 3.9?

I did a clean install of version 3.9.95478.509 but I dont think I updated it further than that because of the performance troubles it was giving me (and I wanted to have a fully functional firewall and antivirus protection before connecting to the internet).

Don’t remember, probably an upgrade.

Is there a way to tell?


Only your memory.

Not all updates from 3.8 to 3.9 were successful. A small minority gave problems. In case of an upgrade install I suggest to do a clean install of the upcoming 3.10 which should be released today (July 2nd). For 3.9 and up it is best not to import a configuration of 3.8 or older because of changes to how the rules are stored (this will stores rules faster with less CPU impact).

To be sure all CIS related is gone follow this tutorial (forget about removing the Legacy keys as they are too much work):

Uninstall CIS and reboot. Then run [url=]Comodo System Cleaner[/url] to get rid off registry keys.

Then delete the Comodo folders under Program Files, Program Files\Common Files, C:\Documents and Settings\All Users\Application Data\ .
For Vista/Win7
Users%username%\appdata\local, Users%username%\appdata\roaming\ and \Users%username%\appdata\local\virtual store

To be even more thorough open Device Manager and set it to show hidden devices under menu option View. Then see if there are Comodo driver(s) left in non Plug and Play drivers. If so select the driver → click right → uninstall and reboot.

Now delete the following:
C:\boot.ini.comodofirewall (this file may not exist).
WARNING: Do not mistakenly remove the original “boot.ini”.

a. HKEY_CURRENT_USER\Software\ComodoGroup\CFP and HKEY_CURRENT_USER\Software\ComodoGroup\Comodo Internet Security
*(If you have other Comodo products installed, delete only the values
for CFP)
c. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
d. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
e. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdHlp
f. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Inspect
g. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
h. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
i. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdHlp
j. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Inspect
k. KEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services
l. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services
m. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdHlp
n. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Inspect
o. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent
p. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard
q. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp
r. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
s. HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro
t. HKEY_USERS\S-1-5-21-1202660629-746137067-2145843811-1003\Software\ComodoGroup\CFP
kk. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFP_Setup_3.0.14.276_XP_Vista_x32
ll. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFP_Setup_3.0.14.276_XP_Vista_x64
mm. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFPLog
nn. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CPFFileSubmission
oo. HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro

*Note: It may not be possible to remove these “LEGACY” keys. If you cannot delete them, leave them in the registry. However, I have subsequently found that you MAY be able to remove these keys in Safe Mode by using a third-party registry tool. To permanently remove them may also require modifying the Permissions for each key. See:;msg119226#msg119226

Now you should be good to go.

Let us know how things go.

Hi… My original problem got lost in the later posts that raised the issue of 38 to 3.9 upgrade. That had nothing to do with the thread anyways.

Just updating to report that the problem seems solved as of now. What i did was turn off the Windows Firewall. In the 4-5 boots since then, the problem (temporary freeze of computer for a minute or so just after logon) has not occured. Will update if it does occur.

What all i did about the problem:

  • Set Sysinternals Process Explorer to start with Windows startup. This showed me in real time what was happening.
  • Initially, there is a spike in ‘Working memory size’ by Avast (ashserv.exe). Then after it cools off, the memory use by cmdagent.exe suddenly increased massively and the physical ram usage stayed at maximum for nearly a minute or so. Curiously, during the time the CPU use was minimal, and also there was no massive read/write activity. That set me thinking that probably its a conflict.
  • Did a little snooping around and idenified that the Repository folder in the System32>Wbem folder was getting modified each logon. As Wbem folder has to do with Windows Firewall, thought it may have something to do with the freezing.

Just hope i have’nt compromised safety too much by turning off Windows Firewall.

It is not recommended to run two firewall at the same time as unexpected things may happen. Needless to say that Comodo firewall totally trumps Windows Firewall anyway. So you did the right thing by turning off Window Firewall.

Regarding the WBEM folder:

These are the files used for Windows Management Instrumentation, or WMI, which is Microsoft's implementation of Web-based Enterprise Management (WBEM). Those files are part of Windows and are used to query the state of the machine and other information. You should leave them where they are so that any program you have that uses WMI to query for information will continue to work properly.

The activity you see for this folder is perfectly normal Windows behaviour. Nothing to worry about.

I recently noticed the exact same behaviour, cmdagent.exe uses over 1GB topping at around 2GB of RAM (which is half the RAM available) at random intervals making my machine incredibly slow.

I am using the free Firewall + Anti Virus V3.10 (did a clean install) on Windows XP x64 (completely up to date).
There must be something triggering the outrages spikes in RAM usage but I haven’t found anything which would trigger this on my machine.

Edit: It just happened again as I was playing TF2.

Well I came across a partial fix, by moving all files from the My pending files list to the Trusted files I managed to reduce the RAM spikes to 1GB max. (for now, I haven’t seen it go higher yet).
But this clearly isn’t a real solution to the problem as the core of it persists (a massive random spike in RAM usage to unacceptable amounts for an anti-virus program).

Well since anyone even if he/she is remotely involved with the company/support failed to respond I decided to ditch this anti-virus program… I know I merely use the free version but if it is even too much to ask that someone at least tells me they don’t know a solution to the problem (especially as my partial fix has proved to not work in the end) I should stop caring as well, it is clear Commodo doesn’t care and it is time for me to chose a decent program where there at least willing to help someone when the software causes a problem.

I hope this company gets it’s act together in the future but I know I will be avoiding anything related to Commodo from now on and will advice anyone even considering one of your products to do the same.

Here is another tip. Add the pagefile to the AV exclusions; it can be typically found in c:\pagefile.sys.