Strange behavior of cmdagent.exe

Sorry for the title but I don’t know what to write.

I use W7 and newest Comodo & D+
I tried to download a new world of warcraft patch (~1,6GB) with utorrent into a folder, that is encrypted with truecrypt. Normally I have no problems using torrents into this folder but since this torrent, CIS behaves strange - unfortunately I didn’t test other torrents.
This is what happens:

  • D+ shows the warning that utorrent wants to modify the downloaded .exe
  • I click allow
  • Few minutes later, D+ asks again → I allow
  • I disabled D+
  • Few minutes later, same warning message (every few minutes…)
  • I closed utorrent → warnings still coming every few minutes (see screenshot)

When I had a look with processmon it shows this: - 42799_dbehaviour_122_1173lo.jpg

cmdagent.exe tries to open - over 100x times per second - this file, and thus my system process (with truecrypt driver) takes 50% cpu all the time (not here in this screen - task manager is there, to show that utorrent isn’t running)

Now ten minutes after closing utorrent, everything seems normal again.

Any ideas?

First of all uTorrent is not being recognised as a safe application. Did you recently update uTorrent to the latest version (v2.0)?

Second. Disabling D+ works best when setting CIS to “Deactivate the Defense + permanently requires a reboot” (Defense + → Advanced → Defense + Settings).

No I use 1.8.5 and didn’t update in the last weeks.

But anyway; when choosing ‘disabled’ in the tray icon from D+ it normally doesn’t show anymore warnings - here it does.
And it does not explain, why cmdagent.exe tries to read several hundred times/second this specific file.

To be sure D+ is fully disabled you will have to use the route I described in my previous post.

Did you recently change your configuration from Internet Security to Proactive? That could explain why it gets logged now.

I am not sure about the interaction with Truecrypt. I know that Truecrypt protected drives are seen as mounted drives and like USB disks and sticks and network attached drives not regarded as safe by design. So I am wondering if that would also apply to a protected folder as well. :THNK