Over 3 million I/O disc reads for cmdagent. Is this normal?.

I had been reading through a thread on another forum regarding low virtual memory. I decided to check out some of the advice given and followed one of the posts instructions on I/O Reads and found the following. The majority of them were from the small 100’s to the small 1000’s but three in particular stood out.

(1) lsass.exe-----System-------Mem/Us = 1,164k-------I/O Reads = 6,060,204.
(2) csrss.exe----System-------Mem/Us = 3,128--------I/O Reads = 776,169.
(3) cmdagent-----System-------Mem/Us = 5,824-------I/O Reads = 3,052,505.

Now I know that cmdagent is to do with my Comodo Firewall Pro but are the amount of disc reads normal?. I Googled the other two and found that they are both genuine Windows files but would like an opinion on whether the disc reads are too high and what I should do about it.

Again thanks in advance,

Hi Bluesjunior

Yes, that is nominal (I didn’t say normal, since there isn’t such a thing). I/O Reads also includes Network Adapter reads (according to MS). So, you’d expect CFPs CMDAGENT to be high on the list of I/O Reads.

Edit: Although, I’m struggling to understand why LSASS has double that. LSASS is MS’s Local Security Authority Service… I’ll need to look this up.

Yes, LSASS is meant to deal with local security and login policies. Are you running a web server? Is LSASS.EXE consuming high amounts of CPU?

What’s your active AntiVirus & please confirm your OS? Thanks.

Thanks for your reply Kail,
My OS is Windows XP Home Edition SP1 updated to XP2 and up to date via Windows updates. My AntiVirus Is AVG7.5 Free Edition.

I thought it was pretty high as well. I googled the lsass.exe one and it is the proper windows file and not the malware one. Not being very PC literate I am afraid I don’t know anything about what this file is for or does but seeing so many disc reads (whatever that is) I thought I should ask someone more knowledgeable.

I’m not sure if it has anything to do with how long, but when was the last time you rebooted the computer?

Well… there is an infamous virus that strikes Windows in this area… it is known as the Sasser virus. There is more on it, and more importantly what to do, here. I must admit, that I thought MS released a security patch (which you probably have) to close this hole.

Edit: Sasser Worm (I forgot the worm bit).

Hi all:
I had two days ago a similar problem : after a “disable system restore” in Windows XP , I rebooted the PC and the result was that I noticed an abnormal disk activity.
After 15 minutes the disk usage came back to normality: the task manager showed a very high disk usage by cmdagent.exe (version 3.0) . About 1.7 GB virtual memory usage with 1 GB phisical memory, and with the related windows message of “low virtual memory”. (:NRD)

Other boots didn’t solve the situation. I had to disinstall end reinstall Comodo firewall in order to get the normal usage.
Someone has an explanation for this strange and dangerous behaviour?