Very slow dial-up handling

A. The bug/issue

  1. What you did: connecting a 3G dial-up normally like before
  2. What actually happened or you actually saw: CIS had high CPU usage for last 2 weeks approximately (confirmed by process explorer) and dial-up responsiveness became very, very slow
  3. What you expected to happen or see: dial-up and networking without slowdowns like before
  4. How you tried to fix it & what happened: I’ve disabled UPnP service at about the same time I’ve noticed the problem starting, so I’ve tried to enable it again but it didn’t change anything
  5. If its a software compatibility problem have you tried the compatibility fixes (link in format)?: No
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware):
  7. Whether you can make the problem happen again, and if so exact steps to make it happen:
  • when I point mouse cursor over Network and Sharing Center icon (tray) for the first time since bootup (it takes a lot of time to show network list balloon message and to open available connections if I left-click in the icon)
  • when I connect a dialup connection (I can read every message prompted in progress dialog box, messages change at a very slow pace; before, I only saw the message “Registering your computer over network…”, the other took so little time that I could not even see them);
    -every time I right-click on that dialup connection and select Properties (it takes approx. 1 min to open properties window).
  1. Any other information (eg your guess regarding the cause, with reasons): I think that CIS made an upgrade at about the same time the problem started

B. Files appended. (Please zip unless screenshots).

  1. Screenshots of the Defense plus Active Processes List (Required for all issues): CIS-DefensePlus-ActiveProcesses.jpg
  2. Screenshots illustrating the bug: CIS-Bug-illustration.jpg
  3. Screenshots of related CIS event logs: Nothing in D+ events
  4. A CIS config report or file. Comodo Internet Security Configuration Backup.rar
  5. Crash or freeze dump file:
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version.

C. Your set-up

  1. CIS version, AV database version & configuration used: 5.9.221665.2197
  2. a) Have you updated (without uninstall) from from a previous version of CIS: no
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: no
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): no
  5. Defense+, Sandbox, Firewall & AV security levels: D+=Paranoid , Sandbox=Enabled , Firewall=Custom , AV=Stateful
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows 7 Professional 64-bit (with Service Pack 1), UAC=Never notify, Administrator account
  7. Other security and utility software currently installed: Process Explorer v15.11
  8. Other security software previously installed at any time since Windows was last installed: I don’t remember, maybe just CCleaner to wipe free disk space.
  9. Virtual machine used (Please do NOT use Virtual box): I have VMware Player installed, but this problem is happening in host machine, not VM

ORIGINAL POST

I’m using CIS version 5.9.221665.2197 installed in a Windows 7 Professional 64-bit (with Service Pack 1) machine.

For some time now (approx. 2 weeks), I have noticed high CPU usage (by CIS, confirmed using Process Explorer) and slow responses:

  • when I point mouse cursor over Network and Sharing Center icon (tray) for the first time since bootup (it takes a lot of time to show network list balloon message and to open available connections if I left-click in the icon);
  • when I connect a dialup connection (I can read every message prompted in progress dialog box, messages change at a very slow pace; before, I only saw the message “Registering your computer over network…”, the other took so little time that I could not even see them);
  • every time I right-click on that dialup connection and select Properties (it takes approx. 1 min to open properties window).

I’ve checked Defense+ events and it shows nothing.

Any help is much appreciated.
Thanks

[attachment deleted by admin]

Thanks for your issue report. We have moved it to the non-format bugs board for the moment, because either it is not in the format or too much of the requested information is missing. Developers may look at it there, and may fix it.

But it is much more likely to be fixed if you edit your first post to create an issue report which meets all criteria in the Checklist and Format. (You can copy and paste the format from this topic). The general reasons why are summarized in that post, the reasons we ask for specific pieces of information are given in this detailed post.

In the current process we will normally leave it up to you whether you want to make a report which is correctly formatted or not. We may remind you if we think a bug of particular importance.

You can get your report moved to the format verified issues board simply by ensuring that it is correctly formatted and all criteria are met, and PM’ing a mod who is active on the bug board.

Many thanks for amendments

PM sent re a couple of other points

Mouse

I use this 3G dial-up connection every day and this problem is really annoying me! And I’m sure it didn’t happen until some weeks ago. There must be some way to trace what CIS is doing while dial-up is requested. Why is it using so much CPU? Why is it taking so long to allow dial-up to work normally?

Now it is reported devs will try and locate the bug and fix it, but unfortunately may not communicate with you. Time constraints I’m afraid.

You are welcome to raise the issue in the help forum to see if anyone has found a work around - I’m afraid I don’t know of one myself (I’m just a volunteer mod!).

Best wishes

Mouse

This problem is not only related to dial-up, but to whole Windows networking.

I’ve turned on my computer at home last night, using Wi-Fi instead of 3G for internet access. Although Wi-Fi connection established as quick as before, hovering over Network tray icon and/or clicking on it caused the same symptom (CIS started high CPU usage, Network tray icon responsiveness became very very slow).

I’ve started to read other topics in the forum that are related to CIS/cmdagent slowdowns, and noticed AV issues mentioned on them. I’ve tried to disable AV autoupdate, no changes; but when I’ve disabled AV at all, then dial-up Properties opened quickly as usual. Then enabled it again and noticed slowdown on opening dial-up Properties again.

I’ve tested opening dial-up Properties both with AV stateful and disabled, monitoring cmdagent.exe via Process Monitor. I don’t know if it’s helpful, but I’m posting both ProcMon logs, along with ProcExp’s screenshot for cmdagent.exe.

[attachment deleted by admin]

Seems like real time AV is contintually re-scanning something.

Possibly a driver that is coming into memory only when you click on properties, hover etc.

You could try to observe the APL when you do this to see what is happening, then make the offending file an exclusions in AV, and maybe D+ installers + BO exceptions as well. The promon log may show the file being invoked as well.

Best wishes

Mouse

Sorry, but it didn’t help any much.

It seems that the process spawned when clicking on connection Properties is C:\Windows\System32\dllhost.exe, whose parent process is C:\Windows\System32\svchost.exe. In Process Explorer, that svchost.exe instance is shown as being started with the following command line:

C:\Windows\System32\svchost.exe -k DcomLaunch

and is responsible for the following services:

  • DCOM Server Process Launcher [DcomLaunch]
  • Power [Power]
  • Plug and Play [PlugPlay]

I’ve added svchost.exe, dllhost.exe, netshell.dll and userenv.dll (both used by dllhost.exe), rpcss.dll (DcomLaunch service), umpnpmgr.dll (PlugPlay service) and umpo.dll (Power service), both to AV and BO exclusions. I didn’t try to change D+ policies for these files. And the behavior is the same: with real-time AV active (stateful), connection handling takes a long time (1~2 minutes) to perform; as soon as I disable AV, such operations perform normally.

Hmm these are all windows files I think, so unliely to be the culprits. I’m guessing there is some sort of third party software for the 3G connection. You could try as an exermiment adding the whole 3G link directory and any specific drivers (will be in system32/drivers directory probably) as installer/updaters and as BO, AV and everything else exclusions.

BTW I’m assuming you have no files in unrecognised files?

Beyond this I think it’s a question of recording the time stap when the problem occurs exactly, and cross correlating with procmon logs to see what is going on.

UPNP Device Host (plug and play) service and SSP Discovery service can be a problem and could often be safely stopped and disabled on XP computers. Not tried in Win 7.

Sorry got me foxed this one…

Best wishes

Mike

Yes, all files above reside in C:\Windows\System32.

Actually, there is a third party software for 3G, but I don’t really need to use it; the only thing I’m using by now is to automatically eject modem’s internal USB storage disk (where drivers reside) and to check 3G signal intensity (antenna). But I could eject from Windows’s tray icon and have no signal level meter and still dial normally, using only Windows’s software.

In fact, as I’ve stated before, this problem is not related only to dial-up. I’ve first noticed it performing 3G dial-up operations, because I do them in a daily basis, but I’ve tested at home with Wi-Fi, without using 3G, and I’ve noticed the same behavior: hovering over Network tray icon took 1~2 minutes to bring balloon message showing active connections, although, after this time, clicking on this icon immediately brought the available networks list; but if I’ve clicked immediately after hovering, it would take 1~2 minutes to show available networks.

Just to let it known: I’ve moved the two files from that third-party 3G software from unrecognized to trusted list and nothing changed.

Did you reboot?

I didn’t even know it would be necessary… But, after your question, I’ve rebooted, and before starting third-party 3G software, I’ve hovered over Network tray icon, with the same slowdown.

I don’t know if it has to do with the problem, but there is a lot of time I don’t perform a full scan on my computer… it takes a very long time to complete (calculated ~6 hours) and I believe that, since I have had real-time AV always active, a full-scan wouldn’t be essential. Moreover, the timeline of last full scan and the beginning of this problem make them unlikely to be related.