I noticed that when i run a malware (trojan) that is not recognized by the AV, it’s automatically sandboxed. Its normal ! great ! But when the malware process closes or is killed , the cmd is not killed by cis and stays in memory. Then the computer is incredibly slowing down because of that cmd process (see img below).
Cis should be able to free the memory from these malware cmd process :-TD.
the example below is after running 2 trojan sandboxed but not recognized by the av-> result : 2 cmd process using 67% of the processor…
CIS leaves cmd malware process : slowing down the pc
What you did: ran 2 fresh trojans from MDL
What actually happened or you actually saw: Trojans were not caught by AV or cloud. They were sandboxed as expected. They started and created cmd process (one for each trojan) after 2 seconds, the parent trojan process stopped BUT the cmd REMAINED using 67% of the processor activity. The computer became sooooo slow I had to reboot.
What you expected to happen or see: CIS should be able to kill cmd when the parent trojan process stopped
How you tried to fix it & what happened: kill cmd processes or reboot : ok
Details (exact version) of any software involved with download link: almost any fresh exe.exe from MDL ;D
Bugzilla id (mods use only):
Screenshots illustrating the bug: cf first message of this thread
Screenshots of related event logs or the active processes list:
A CIS configuration report:
Crash or freeze dump file:
CIS version & configuration used: v5.0.162636.1135, proactive security
Whether you imported a configuration, if so from what version: no, clean install
Defense+ and Sandbox OR Firewall security level: D+ secure mode / Sandbox activated / FW secure mode
OS version, service pack, no of bits, UAC setting, & account type: win xp SP3 32bits / uac disabled / administrator
Other security and utility software running: MBAM free / Hitman pro
OK. I’ll transfer to verified issues then. An id for a file that definitely shows this problem would be appreciated. You cannot post links of course.
This is timely, as we have recently been discussing what to do about CPU usage.
Meanwhile try process tamer (just google it) making sure to exclude CFP and cmdagent and any other security software. Basically it retro engineers a form of pre-emptive multi-tasking into Windows, which as you probably know is really based on co-operative multi-tasking…