High CPU in a CIS file, usually cmdagent.exe
[ol]- Occurs every time a file is opened. Real time AV scanning of a large file. Switch real time scanning to stateful in AV ~ Scanner Settings (works from second opening onwards). Reduce real time AV file size limit and heuristics level and/or exclude badly affected files from scanning under Scanner settings ~ Exclusions (both mean some reduction in security).
Occurs when an application or utility is running, but not when it is not. Note that applications may consist of hidden files (eg services) as well as programs with user interfaces.
a) The program may be trying to access CIS in memory - this will be in D+ logs. Allow this if you fully trust the file.
b) There may be another application incompatibility. Follow the FAQ for resolving application incompatibilities.
Occurs when a CIS scheduled/manual AV scan is run.
(a)Too many scanner options on for power of machine. Reduce number of options set, max file size, or heuristics level in Scanner Settings. (Some reduction in security).
(b)Hanging on scanning of a particular file. Determine the file or files causing the hang and exclude using Scanner Settings ~ Exclusions, then report as a bug.
Occurs with every AV database update. Update to CIS 5.8 or Bring AV updates under your control..
Occurs continually, or seemingly randomly, or when another AV scanner is run..
a) Conflict with another installed security program, or conflict with a previous incompletely uninstalled security program. For solution see High CPU in third party security program.
b) Corrupt CIS installation. Uninstall using the CIS uninstaller then the forced uninstaller tool. Re-install using a standard configuration (eg proactive or Internet Security).
Occurs at startup, and may also involve svchost.exe or services.exe. Large number of startup programs running on low power machine. Reduce number of startup entries. Untick scan memory on startup in AV real time Scanner Settings. Adaptive mode is kicking in. Disable adaptive mode in D+ Settings. (Some reduction in security).
Occurs when the computer is using all or most of its available memory or otherwise using a lot of windows resources. Adaptive mode is kicking in. Disable adaptive mode in D+ Settings. (Some reduction in security).[/ol]
High CPU in application files
[ol]- With events in Firewall log. Blocking of an application’s attempts to access the internet. Make application trusted in the firewall module - making special rules if required, eg for settings for peer to peer file exchange programs.
High CPU in third party security program.
Conflict with CIS or another installed security program, or conflict with a previous incompletely uninstalled security program. (There may or may not be entries in CIS or another security program’s logs). Check whether this is the source by uninstalling the other security program, running the forced uninstaller for the program if incompletely uninstalled. Follow the recommended options in the FAQ for resolving conflicts between security programs.
SOLVING HIGH CPU PROBLEMS
CIS can cause high CPU due to CPU consumption by CIS files, or application/OS files. The first step towards resolving this is to determine what file is consuming the CPU. To do this observe the file in taskmanager. Then check when it occurs and whether it results in CIS log entries. Armed with this information follow the relevant link below. Then REBOOT, as some settings changes need a reboot.
Solving specific CPU problems
[ol]- High CPU in a CIS file, usually cmdagent.exe.
Solving general high CPU problems
The following can be used together or separately.
Note: Malware being contained/restricted by CIS can cause high CPU in either CIS itself, secondary component(s) or the actual malware. So caution is always initially required when dealing with any high CPU problems. Please ensure before you do anything that any unrecognised file involved is not malware.
[i]Please help us improve this FAQ by posting suggestions to the ‘Help materials - Feedback topic’ here.
This FAQ has been prepared by a volunteer moderator – with input from many other moderators (Thanks everyone, especially: Kail, HeffeD). It has been produced on a best endeavours basis - it will be added to and corrected as we find out more. Please note that I am not a member of staff and therefore cannot speak on behalf of Comodo.[/i]
Updated: 30 October 2011, to reflect changes up to CIS version 5.8.xxx
Additional bit on CPU settings
IF NEEDED, in stubborn cases
[ol]- Consider re-installing before applying low cpu settings. This will resolve a lot of problems that the config file cannot as it removes the registry clutter or corruption that often causes CPU problems. Do a complete reinstall as described here. Then apply the low cpu settings using the low cpu config file, or apply the proactive configuration and manually create the low cpu settings.
Consider switching off real time AV using the security level slider, or removing all scheduled scans. Defence plus is strong enough to protect you if you are a) disciplined enough never to allow an alert unless you are sure it’s safe, and b) expert enough that you will not block things too frequently for convenience as a result.[/ol]