Unknown background application triggering anti-virus alerts / cmdagent.exe


I am getting anti-virus alerts about a file inside a ‘.sync’ folder used by the application Resilio sync.

I have added the Resiliosync.exe windows service executable to the excluded applications list in Comodos configuration, but I am still getting the alerts. Of course, windows file indexer is also excluded.

When the alerts are presented I search using process explorer / windows resource monintor and find out that the file which the alert is warning about is being held open by cmdagent.exe. So, Im not sure what application is opening that file in the first place. It shouldnt be resiliosync because that is added to the exclusions.

What exactly does the file cmdagent.exe do? Is it a background scanner going through the hard drive and possibly opening this file, or is it just monitoring files opened by other applications?


In addition to to searchindexer, also add SearchProtocolHost.exe to the excluded applications which is the actual process that indexes each file to build the search index. Also are you sure that only Resiliosync.exe is the process for syncing files? Is there another application part of Resilio that query’s or accesses files? Cmdagent is use to collect and build the file database for file tracking. e.g. file hash, created by app, etc you can view CIS information of the affected file by turning on comodo properties in windows explorer using this. This works for CIS v10 and newer.