Ummm what is CMDagent doing exactly?

So I happened to be running Process Monitor (utility done by Sysinternals http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx) which logs all the process/file/registry read/write entries…and while I was doing nothing other than running Yahoo messenger, I see a whole lot of reads for Comodo…and I was just wondering what exactly these reads represent? And why its going through my hard drive reading things when they are not active and have not been active on my machine in any shape or form for at least a week, with several shutdowns and bootups since that time.

For instance, I have Openoffice on my machine, but its not set to autoupdate or any such thing. I have not made any rules in Comodo for it…and there are no alerts in Comodo for this program.

“766”,“09:22:47.2975627”,“cmdagent.exe”,“616”,“QueryOpen”,“C:\Program Files\OpenOffice.org 2.0\program\updchk.uno.dll”,“SUCCESS”,“CreationTime: 18/11/2006 13:18:40, LastAccessTime: 23/02/2007 23:26:09, LastWriteTime: 18/11/2006 13:18:40, ChangeTime: 23/02/2007 13:07:05, AllocationSize: 69,632, EndOfFile: 69,632, FileAttributes: A”,“COMODO”,“NT AUTHORITY\SYSTEM”

“767”,“09:22:47.3066046”,“cmdagent.exe”,“616”,“FileSystemControl”,“C:\WINNT\system32”,“SUCCESS”,“Control: FSCTL_IS_VOLUME_MOUNTED”,“COMODO”,“NT AUTHORITY\SYSTEM”

“768”,“09:22:47.3067574”,“cmdagent.exe”,“616”,“CreateFile”,“C:\Program Files\OpenOffice.org 2.0”,“SUCCESS”,“Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a”,“COMODO”,“NT AUTHORITY\SYSTEM”

I found a similar thing with multiple applications, even though they were not runnning!! eg googlearth, Farcry.

I wanted to know why Comodo is scanning my hard drive constantly? What is it doing when it is doing that? Technical question I realise, but I want to know when things are accessing my hard drive especially parts that have nothing to do with a program.

I can only suspect it’s mainly Component Monitor (Learn mode) doing this.

I don’t think the component monitor should be doing this. As I understand it, the component monitor, when in learn mode, allows the individual components of a program (e.g dll, exe, etc) to have access automatically when the user allows the program. But Weasel stated that the program, in his example, OpenOffice wasn’t running and hadn’t ran for at least a week.

I agree that it shouldn’t be doing this, but it looks like it does. In the other thread I linked, it looks like another user has observed the same as I have in that there are files in the CM list that haven’t been loaded or used yet they still appear in the list. It’s not fully documented by the Help file.

Thanks for your responses. I realise I have had a few questions which may be seen as complaints. I have decided to wait for version 3 to come out, before deciding whether I should switch away or not.

So maybe two more months and if I am impressed with version 3 I will definetly stick wtih Comodo.