[Testcase]AV problems with XP after January 17 or 18

Hi Umesh,
how do I check which all files/applications may be getting scanned via CAV due to that action?
I also don’t get the point number 3. Where do I right-click?
Thanks
Hans

Comodo has just updated DB to version 3694 and again starting an Excel and I was waiting 10 sec for Excel to start. CPU was at 50%, see attached printscreen. After that, Word and Powerpoint starts immediately. So it could be some shared .dll file which AV doesnt like. Is there any way how to check which files/applications are scanned via CAV?
My system>
Core 2 Duo E7300
4GB RAM
XP SP3
Office 2003

[attachment deleted by admin]

Gosh, I am just writing fourth post today

Hello EricJH,
so I just did what you wrote in the first post in this thread. And I have to say IT DID SOLVED the problem with slow Excel, Word etc. I am now on DB version 3516 and programs start more quickly. No 10sec hickups etc. Can I stay on this DB version or is it a big security risk?
Thanks, hope this will help to locate the issue
Hans

hi guys!
just want to report that I have a problem with slow explorer too.
Sorry but I don’t have time to play with databases now.

I use freecommander and when I enter the folder with a lot of installer files (media players, web browsers and stuff like this, all is 100% clean) it takes a LOT of time until the icons appear, somethings wrong there.
Sometimes it hanges completely, so I have to disable CAV, then it resumes.

Cannot really say if other programs are slower, but I’v noticed some general slowness and high cpu utilization of cmdagent.exe in last week or so.

I have win xp pro 32bit sp3, the latest CIS (581) and the latest database.
I also use spyware terminator resident module, but killing it doesn’t affect the slowness…

If necessary, I’ll try to do the above mentioned trick with older database. maybe in next few days.

hopefully this will be solved soon. Personally I was happy, that signature database is finally under 90MB, but now other problems appeared…

As i see explorer slow, it’s remind all my new issues …

When i running a game, the launcher is slow, and all apllications begin to not responding. CPU is not running a lot. I disable CAV an all works.
For one other pc, it’s bug randomly.

I update database to 3516, all works.

I have two pcs with this problem, but not running on xp, they run on vista.

The risk is not that big because there is always Defense + that, when handled properly, can help you to catch unknown bad guys.

Thanks for the confirmation. Apparently it is not just XP related.

Hi Umesh,
this is not the case with DB 3701, which I am running on at work right now. I just did primitive test of copying the whole Office 2003 directory to another disk. And all files copied smoothly appart from Excel.exe, Winword.exe, Powerpnt.exe, Msaccess.exe. Coppying stopped for 5sec at each .exe file. And it was due to cmdagent.exe as it showed in Process Explorer. So there is definitely something wrong.
Firstly, scanning 5MB exe file for 5 or more seconds. Is that a normal?
Secondly, safe list seemed to be ignored.
Hope this helps you more to solve the problem

Hans

Hey Umesh,

is there any timeframe when this bug may be expected fixed? Thanks.

Petr

Hi Gents,

Well, we wanna join to the companionship of “slow-down problem”. We have several PCs in the office. All of them have CIS installed. We have noticed a slow down of launching applications last week after an AV database update. As we’ve detected the problem I’ve switched off the auto AV DB update on 2 PCs. These are using the version 3628 database. All of the PCs (suffering from the slow down) have newer AV database as they’ve downloaded it automatically.

We have noticed the following symptoms:

• login is very slow
• the icons on the desktops are appearing very slow after login
• the 1st launch of any software where the size of the executable file is probably larger than 20MB is incredibly slow (3-5 minutes!)
• the 2nd launch of any software where the size of the executable file is probably larger than 20MB goes SMOOTHLY
• launch of any software where the size of the executable file is probably LESS than 20MB is OK
• 1st right click on the desktop raises the menu very slow (ca. 2 mins.)
• 2nd right click on the desktop raises the menu normally
• if we disable the AV engine, everything works fine

All of the above points to a problem in the AV engine or database 'cos only those machines are affected by the problem that downloaded the AV db after version 3628.

Sys. spec’s:

Op.sys: all machines have Windows Xp Prof. (Sp3).
CPU: either 3,4 GHz Intel HT processors or Intel Core 2 duo 3GHz
RAM: 2GB or 3 GB
HDD: SATA I or SATA II
CIS: v. 3.13.126709.581

And the problem doesn’t affect only MS Office products.

Last note: we have downgraded the AV db to v. 3516 as proposed above.
The problems are disappeared.

So it looks like the AV DB or the engine acts like usually a virus does

On a serious note thanks for your contribution.

Hi All,
Those all, who are seeing performance issue after 17th Jan, 2010, please use following steps to help us determine possible reason:

Test Case A:
Step 1:
Download http://download.comodo.com/av/updates313/sigs/bases/bases_3635.cav
SHA1: e5c3498cf4652c289cd7785ae7710c63b34a8505
Size: 90.7 MB (95,109,067 bytes)

Step 2: Rename this as bases.cav
Step 3: Disable automatic AV updates using Antivirus–>Virus Scanner Settings
Step 4: Go to Windows Safe mode and replace bases.cav present in /scanners/ by downloaded bases.cav
Step 5: Re-start the system and check if you still see the problem

Test Case B:
If you think performance is normal after using bases_3635.cav,
Please download
http://download.comodo.com/av/updates313/sigs/bases/bases_3636.cav
SHA1: b7978112cf371fb20d5539f4973b27a04c33df6f
Size: 90.8 MB (95,313,925 bytes)

and take same steps as you did in previous case ‘A’ starting from Step 2 and see if performance degrades again.

Please post results here as what you see.

Thanks
-umesh

Hi,

With the case A, it’s ok, with the case B, is not.

Hi Umesh,

Case A - 3635.cav - works well
Case B - 3636.cav - freezes as in my notes below drafted earlier:

Reverting to 3516.cav fixed things for me - thank you .

My system - HP laptop with windows xp sp3
Comodo Internet Security version 3.13.126709.581

Symptoms as previously described by others and problem starting last week: extremely slow to load programmes including Task Manager which I used to test my configuration changes. System freezes entirely if attempting to open too many programmes at once.

With Comoda anti-virus enabled and starting Task Manager, Task Manager is listed as an active application/process by Comodo, but does not appear on the desktop for about 5 minutes on both Stateful and On Access settings. The computer runs noticably slower until Task Manager appears. I can confirm that Task Manager is recognised by Comodo as a safe file.

Disabling anti-virus - Task Manager opens immediately.

Reverting to 3516.cav - all works perfectly - Task Manager loads instantaneously.

Downloading and manually installing 3664.cav - problems returned.

Thanks for the advice and insight of previous posters. I hope the problem is resolved soon so that we can update our virus databases again.

bstat

Hi,

I have this problem, first described by Toxteth O’Grady, with the software Autohotkey .

With DB 3635 the scan is very fast (00:00:01) :-TU

With DB 3636 the scan takes 00:02:13 :o and cannot be stopped :-TD

I can echo this.
Core 2 duo Laptop with XP and Win 7 pro dual boot - same on both.

Hi Umesh,

Case A - 3635.cav - Works Better. Most programs opened in a decent amount of time (although it still seems slower than before this problem arose).

Case B - 3636.cav - The following programs took an extremely long time to open: MS Word, Adobe Photoshop, Mozilla Thunderbird.

Case C - Current DB 3708 - The following programs took an extremely long time to open: MS Word, Adobe Photoshop, Mozilla Thunderbird.

Case A - (3635) Cmdagent.exe still tasks my CPU to 100% (Both cores maxed) on startup. System is unusable.

Case B - (3636) Cmdagent.exe tasks my CPU to 50% on startup. (One core maxed) System is hampered, but usable because it still has another core it can utilize. However, when I start using explorer, the other core slowly maxes out as well, rendering the system unusable.

In both cases, when I was finally able to shut down the system, I got a popup that cfpudat.exe wasn’t able to complete because the system is shutting down. I did disable database updates from CIS. Is cfpupdat.exe the program updater, or the virus database updater? If it’s the virus database updater, I’m curious why it was running with database updates disabled.

AV uninstalled again.

Win XP Pro, SP3
AMD Athlon 64 X2 dual core 4200+, 2.2GHz
2GB RAM

Thanks for feedback.

We are going to make an incremental AV update today, i will confirm update revision number when it is live and i will request again to confirm if any one who saw good system behavior as seen with case A sees all good after updating to that update version too.

Thanks
-umesh

Hi HeffeD,

cfpupdat.exe is for program updates. When you start CIS, it starts automatically by CIS after few minutes to check if there are any new program updates. It can be disabled via Miscellaneous–>Settings–>General–>Automatically Check for Program Updates.

Regarding the situation you are seeing with cmdagent.exe peeking at 100% could be related to some other issue, which needs to be sorted separately.

Is it possible to tell me as since when you started seeing this 100% CPU issue?

Thanks
-umesh

At the same time all the other people started reporting problems. The middle of December. (16th or 17th?) As I mentioned earlier in this thread, I don’t have this issue with the db3516 Eric posted at the beginning of this thread.