[b]Please be careful to choose the right set of instructions (for CIS 5.x or 6.x) or you may lock-up your computer (reboot to resolve if you do!).
CIS 5.x
[ol]- Disable Defense+ by moving the level slider in D+ ~ Settings to disabled
In Process Explorer, select View->Lower Pane View->Handles.
In Process Explorer Process window, click on cmdagent.exe in CIS 5.x
At this stage, in the lower pane, you should be seeing handles opened by cmdagent.exe. You are particularly interested in “Type= File”. Try and get as many of ‘type file’ on screen as possible and leave it visible
Open CIS and Run a Scan → My Computer. Do this overnight perhaps.
Wait until the cmdagent hangs or the morning When it does you may get a crash dialog. Don’t answer this dialog. When the scan hangs, please go to Process Explorer and
Without deselecting cmdagent, check the Lower Pane for open “File Handles”. You may or may not be able to scroll at this point - hence my suggestion about getting as much as possible in view. One of those handles are causing this issue. Probably an archive file. Make a list of the handles (if you can scroll, do) or take screenshots.
If you cannot get a list of handles right click on cmdagent in process explorer and take a full dump using the menu.
Please append file-list, or if you cannot, the dump. If you are willing to right click scan each of the files in the file handle list in turn until you get a crash and append the zipped file that causes it, so much the better, but this is not required.[/ol]
CIS 6.x
[ol]- Open CIS and Run a Scan → My Computer. Do this overnight perhaps.
Open Killswitch from Advanced tasks ~ Watch Activity.
In Killswitch right click on the cavwp.exe process (if two, the one consuming most CPU, which is the one that appears after you start to run a scan) and select the handles tab
At this stage, in the lower pane, you should be seeing handles opened by cavwp.exe. You are particularly interested in “Type= File”. Maximise the dialog to try and get as many of ‘type file’ on screen as possible and leave it visible
Wait until cavwp.exe hangs or the morning When it does you may get a crash dialog. Don’t answer this dialog. When the scan hangs, please go to Process Explorer and
Without deselecting cavwp, check the tab for open handles of type “File”. You may or may not be able to scroll at this point - hence my suggestion about getting as much as possible in view. One of those open handles are causing this issue. Probably an archive file. Make a list of the handles (if you can scroll, do) or take screenshots.
If you cannot get a list of handles right click on cavwp.exe in killswitch and take a full dump using the menu. If you get a refusal, you are trying to dump the wrong cavwp.exe, try the other one
Please append file-list, or if you cannot, the dump. If you are willing to right click scan each of the files in the file handle list in turn until you get a crash and append the zipped file that causes it, so much the better, but this is not required.[/ol]
Complete OS DUMPS
To report BSOD’S and complete OS freezes please set your computer up to record Complete OS dumps, not minidumps or kernel dumps.
Setting up your computer to collect Complete Dumps
Windows XP users should follow the advice given on this page to configure their computers to create Complete Memory Dumps.
Windows Vista users should follow the advice given on this page to configure their computers to create Complete Memory Dumps.
Windows 7 users should follow the advice given on this page to configure their computers to create Complete Memory Dumps.
Windows 8 users should follow the advice given on this page to configure their computers to create Complete Memory Dumps.
Windows 10 users should follow the advice given on this page to configure their computers to create Complete Memory Dumps.
How to generate a manual memory dump when computer stops responding
If testing CIS, it’s a good idea to have the ability to force a blue screen in the case of a total computer freeze so you can create a dump file for QA.
To perform a complete memory dump a BSOD is induced so please save all work first!
Select “File” menu > “Save As…” menu item > At “Save as type” field, select “All Files (.)” > At “File name” field, type : name.reg
Run name.reg file which you saved previously & Restart system
To initiate a crash, make sure you have saved all data in all user files then hold down the RIGHT Ctrl Key and press Scr Lk key twice
Wait for memory dump to be created, this may take some time.
NotMyFault tool
Download the NotMyFault tool : NotMyFault - Sysinternals | Microsoft Learn
For example, run Command Prompt as administrator.
At the command line, type NotMyFault.exe /crash, and then press ENTER.
Saving dumps
Complete OS dumps can be the size of your physical memory (RAM), but can compress well if you zip them - maybe down to to 10-20% of that size.The less apps you have running the more they compress. That’s still pretty big of course so you need a big upload account to upload them. I use https://mega.nz for this purposes as they give away 50Gb, and have few other restrictions, although they do require free registration.
Comodo Property Page
You can diagnose issues with File Rating technology by enabling a page extension that presents gathered file data in JSON format. Such data is very useful to developers and power users when narrowing down issues. A moderator may request a copy of such information.
Important note: To avoid any risk, since you are working with Windows Registry, please create a system restore point by following this guide: [Create a system restore point]
How to generate a diagnostic report.
When creating a bug report or when asked to provide a diagnostic report, you can do so by opening the main UI of CIS/CFW/CAV and click on the ? symbol to find the support menu item, then click on the diagnostics menu item to start the diagnostic report process. When it finishes click on create report even if no problems were detected. Then a save window appears in which you can choose where to save the report which will be saved in zip folder format. You would then attach that zip folder to your post.
Attached below are the different themes showing where to find the diagnostic task.
1)Download Process Monitor from here for Windows Vista and higher and
Process Monitor from here for Windows XP
2)Extract the downloaded .zip file and run Procmon.exe by “Run as administrator”
3)Select Enable Advanced Output from Filter Options menu
4)Click Options and select Enable Boot Logging
5)You will get Boot logging options window. Enable Generate thread profiling events and set to Every second. Click Ok to confirm your settings
6)Reboot the system
7)Allow the system to fully load windows and any associated startup programs
8)Now again run Procmon.exe by “Run as administrator”
9)You will a prompt window with information about a log of boot-time activity being created. Click Yes to save the boot log.
10)Choose a location and save the boot log, a .pml file will be generated.