For some time I’ve had cmdagent.exe going on a rant for 90 secs or so for no apparent reason. It is often started by the opening of an application. By using Systinternals Filemon it is evident cmdagent.exe continues scanning a bunch of executables that are not in service, would not be running on their own, are irrelevant to the application just started and some have not been used in years. IMO the only scanning that should be taking place is of active files. What is going on? How do I stop this? Running XP.
When starting an application it may load a whole bunch of dll files. Depending on whether the AV i set to On access or Stateful the amount of files scanned may vary.
Are there typical applications that choke cmdagent.exe? On what hardware are you running? I have noticed that the AV may be stressful for older hardware.
At the moment almost any app starting will get cmdagent.exe going. Firefox typically is unusable for 20 secs (can’t even click a link). I put in a forum suggestion that Comodo have an option to view what it is actually doing. That would make it easier to provide useful information on threads like this, as well as a tool for the user to resolve the issue. 3rd party tools such as those of SysInternals don’t necessarily give the true picture.
Today, I got a virus warning on a system restore file (which curiously has disappeared from the log). Whether it was a genuine infection I don’t know, but system restore files are not accessed by anything other than when a restore point is made/used, or apparently when Comodo decides to look at it! The last restore point was created yesterday.
I’ve tried removing all the rules and re-populating as needed but it made little if no difference. One solution that seems to work is to change to another AV/Firewall software until that craps out but it’s so tedious going that route. In recent years I’ve gone AVG to Avast to Comodo.
Having a long list of unrecognised or submitted files may impact CIS performance. See if cleaning out helps.
A file in System Restore points is not a problem in its self unless your system would restore to one of the infected restore points. When on XP you can open System Restore folders to allow the AV to remove it. This Microsoft KB Article describes how to.
Also make sure to run clean up tools of security tools you had installed in the past. You can find a list here: ESET Knowledgebase .
Are you on older hardware? Is your AV set to On access or Stateful?