[Testcase]AV problems with XP after January 17 or 18

This week I have noticed a growing number of complaints here at the forums about the performance of the AV with v 3.13 usually on XP. Looking further into it I assume there are two problems at hand:

  • general performance problems with high CPU usage of cmdagent.exe at various times
  • performance problems and stalling likely related to AV updates from January 17 or 18

This test case is about the AV update related problems. I did a little test in which I used an older AV database (3516) from before last weekend and didn’t have the problems I described before in this post: https://forums.comodo.com/antivirus-bugs/have-bug-after-update-19-jan-t50416.0.html .

That is a very strong clue there is something wrong with the AV updates. Who of you is willing to test with the older bases.cav version number 3516? Remember it introduces a minor security risk and is done for your own responsibility.

Here are the steps to take:

When reporting back let me know what OS you are on and whether things have changed or not.

Keep in mind there will still more than likely be a baseline of CPU spikes caused by cmdagent.exe but stalling without is expected to be gone and there may be less CPU spikes by cmdagent than before.

The only problem I’m having is very slow program startups. I tried the v3516 database and I can’t see any difference. MS Office programs are the worse. Mozilla Thunderbird is also very slow. Adobe Photoshop is another one of the problem programs. I tried the Stateful setting (I usually use On Access) and it made no difference. Disabling CAV fixes the whole mess. Once enabled, the slow startups return.

WinXP Pro SP3 fully updated.
1400 Mhz AMD Athlon Processor
1 GB Ram

I really think the 3516 base file is where the problems started. I had no problems at all until that became the new base to start from so going back to that base is not likely to help. Although things did get progressively worse with each update after that. I’m sticking with Avast! for now. I don’t have the time to test anything.

Hi Guys,
When you say on-access is making system slow, by nature system gets slightly slower in case there are lot of non-safe files running in system. But considering recent reports like one mentioned here:

The only way for us to find out if there is any specific signature which is taking lot of time, is to unit scan a file and see if it is taking more than expected time.

Following will help us:

  1. When you see system is unusually slow compare to past, identify the action
  2. Check which all files/applications may be getting scanned via CAV due to that action
  3. Try to unit scan (right-click scan) and see if scanner is taking lot of time to scan file
  4. If you do find such files, please upload here

In general any file which is in comodo’s safe list or signed by signer who is in CIS’s trusted vendor list, does not get passed to scanning through malware signatures and due to that AV updates should not have any impact on scan time for safe files.

Therefore cases where it is reported that launch of Microsoft Word/Excel is slower should not be due to CAV. Same is true for all products from Mozilla as it is in CIS’s trusted vendor list.

So identification of unknown files, not in comodo’s safe list, will help us resolve this problem.


I reinstalled the AV to try this out.

I do not have cmdagent.exe tasking my CPU to 100% on startup using the 3516 database.

I also don’t notice any significant slowdowns when opening applications, but I should note that I didn’t have this problem previously when using the current database (Don’t know the DB number) after cmdagent.exe finally released its stranglehold on my CPU. Once things calmed down, my system would operate normally until the next time the database was updated, during which the excessive disk I/O would render my system inoperable until the update was complete.

These results would support what I reported in another thread that the problem (100% CPU usage on startup) doesn’t occur on my machine until the AV database update occurs. And even then, it is the subsequent automatic update that causes the problem, not the initial manual update. After installing CIS and I do the manual database update which requires a restart, there is no problem with the startup. This is the point where CIS reports that the AV database has never been updated. After a short time period, the automatic update occurs, which fixes the “never updated” status. This is when the problems start occurring for me.

So to recap, a database change is apparently causing the 100% CPU usage on my machine, but I never noticed any system slowdowns when using the problematic database. I also saw no quantifiable difference between stateful and on-access scanning modes.

Win XP Pro, SP3. (Up to date as of two days ago)
AMD Athlon 64 X2 dual core 4200+, 2.2GHz

No other security applications installed for the test.

I have Trusted Vendors unchecked. I just re-checked it and there’s still no difference in startup time for the programs I mentioned. I manually scanned Winword.exe, Frontpg.exe and thunderbird.exe. Winword.exe took 9 seconds and the other two took less than a second. I’ve attached my copy of Winword.exe.

[attachment deleted by admin]

Then, why does disabling CAV cure the problem?

I tried that Umesh. The individual .exe files in my Installers folder will scan very fast, but when I opened that folder I would always get one of the following problems. There are 50 files in the folder. Most are .exe installers and the rest are archives, either zip or 7-zip.

  1. The Icons for the .exe files would never show
  2. The folder would stop responding and sometimes would completely crash explorer taking my taskbar with it.
  3. Nothing in the folder would show and I’d have a blank white window
  4. In all cases, trying to close the folder resulted in a totally frozen machine that would either return to normal after about 5 minutes or not at all requiring a hard reboot.

The problem does not seem to lie in the individual files but in the number of them contained in the same folder. Changing from Stateful to on-access made no difference. Only completely disabling CAV fixed the problem. Avast v5 has no problems opening the same folder and everything else on my system seems to open and load faster as well.


Please run this file and go to
Defense+ → My Own Safe Files
select from running processes and try to add to safe list, if CIS says it is already in safe list, it means it recognizes it as safe.

Please confirm what you find.


There has to be some unknown modules active in the system if you see cmdagent.exe taking up CPU time.
Can you please confirm if any active files are not in safe list as i explained:


Is it possible that we can get all files in that folder to simulate it?
I can provide FTP login via PM to you to upload files.


yes I could do that

Sent you login via PM, please zip it and upload to root.


My Own Safe files list is totally empty. I don’t remember it ever having anything in it. I have never added any files to it.

I meant, can you please try to add to My Own Safe Files list and see what CIS says?
If it says it is already recognized safe file or not.


Okay my zip file just finished uploading to the ftp server and I replied to the message with some more info.

OK, I was a little confused. I tried adding Winword.exe, Frontpg.exe and thunderbird.exe to the list. It accepted Winword.exe and Frontpg.exe, but it said that thunderbird.exe was already a safe file.

Adding them to the list has no effect. Word still opens very slowly.

It also accepted Photoshop.exe with the same results, very slow opening.

BTW, Winword.exe and Frontpg.exe are Trusted Applications in my Computer Security Policy.

Thanks, i will see if we can re-produce.


I have this accurate trouble too.
But can not simulate testcase to catch fails.
I tests on several PC and on Virtual Machines but have any difference results.

Hi Umesh,
I tried this with Excel and Word and it was already on the safe list.