Windows 10 explorer.exe stuck at 25%+ CPU with free Comodo Firewall (or CIS)

Summary:

I’ve been using Comodo Internet Security for years with Windows 7. When I recently did a clean install of Windows 10 Pro I naturally decided to also use CIS there. Big mistake.

All seemed to go fine for a bit, but then I noticed that my system fan was running loudly. Checking Task Manager I could see that for some reason the CPU Utilization was at 35% or so. Checking the processes I could see that explorer.exe was using up about 25% of my cpu — one entire core of my i5-2400.

To make a long story short over the course of the last week I have tried to figure out the culprit for this terrible behavior. I have concluded that this only happens when free Comodo Firewall or free Comodo Internet Security is installed.

Uninstalling either and running with just the builtin Windows Firewall works fine.

Details:

The 25%+ explorer.exe CPU usage seems to happen after Comodo brings up an alert to let a program connect to the Internet. But that is just speculation on my part. All I know for sure is that eventually explorer.exe starts using 25% CPU forever.

Restarting explorer.exe via the Task Manager doesn’t help. Killing explorer.exe does return the CPU usage to normal, but as soon as I run explorer.exe again via Task Manager (even after waiting for hours), it shoots back up to 25%+ again and stays there (for hours until I kill it again). I have to reboot to get explorer.exe to behave again, but it soon starts using 25% of my CPU again if I have Comodo Firewall or CIS running on my system.

I’ve used Sysinternal’s Process Explorer to attempt to see what explorer.exe is doing with the CPU. The most active thread typically shows this on the stack when I check it:

ntdll.dll!ZwQuerySystemInformation+0x14 Explorer.EXE+0xe8e2 KERNEL32.DLL!BaseThreadInitThunk+0x22 ntdll.dll!RtlUserThreadStart+0x34
After I restart explorer.exe, its top thread’s stack also sometimes shows any of the following (not that peeking at the stack this way is necessarily meaningful):

`USER32.dll!InvalidateRect+0x74
USER32.dll!SendMessageW+0x2a4
USER32.dll!SendMessageW+0xfb
guard64.dll!Exported+0x1d94f

ntdll.dll!ApiSetQueryApiSetPresence+0x274
ntdll.dll!ApiSetQueryApiSetPresence+0x109
ntdll.dll!LdrGetDllHandleEx+0x1f0
ntdll.dll!LdrGetDllHandleEx+0xc0
ntdll.dll!LdrGetDllHandle+0x1c
KERNELBASE.dll!GetModuleHandleExW+0x110
KERNELBASE.dll!GetModuleHandleExW+0x3a
explorer.exe+0xe89d
KERNEL32.DLL!BaseThreadInitThunk+0x22
ntdll.dll!RtlUserThreadStart+0x34

ntdll.dll!RtlQueryProcessHeapInformation+0x1092
ntdll.dll!bsearch+0x8c
ntdll.dll!RtlFindActivationContextSectionString+0x5f6
ntdll.dll!RtlFindActivationContextSectionString+0x2ff
ntdll.dll!RtlFindActivationContextSectionString+0xc5
ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr+0x523
ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr+0x302
ntdll.dll!ApiSetQueryApiSetPresence+0x372
ntdll.dll!ApiSetQueryApiSetPresence+0x109
ntdll.dll!LdrGetDllHandleEx+0x1f0
ntdll.dll!LdrGetDllHandleEx+0xc0
ntdll.dll!LdrGetDllHandle+0x1c
KERNELBASE.dll!GetModuleHandleExW+0x110
KERNELBASE.dll!GetModuleHandleExW+0x3a
explorer.exe+0xe89d
KERNEL32.DLL!BaseThreadInitThunk+0x22
ntdll.dll!RtlUserThreadStart+0x34

ntdll.dll!RtlAllocateHeap+0x5cc
explorer.exe+0xe827
KERNEL32.DLL!BaseThreadInitThunk+0x22
ntdll.dll!RtlUserThreadStart+0x34
`
Result:

I’ve given up on Comodo Firewall and Comodo Internet Security on Windows 10 for now. I’m running with just the standard Windows Firewall (and Binisoft’s Windows Firewall Control). Less control than with Comodo’s software but mostly gets the job done without using 25%+ of my CPU.

I’m a bit surprised no one else has reported this issue. Maybe my case is unique, but this happens on a clean install of Windows 10 Pro (well, plus a few non-security programs like Firefox, XYplorer, TCC/LE, etc), and I’ve been able to reproduce it after uninstalling, using my system for almost a week without issue, and then trying Comodo Firewall again.

System/Configuration:

Windows 10 Pro version 1511 build 10586.589 64bit
Intel Core i5-2400
8GB ram

Comodo Firewall free version
Product version: 8.4.0.5165

Auto-Sandbox: Disabled
HIPS: Disabled
VirusScope: Enabled

Traffic Filtering: Safe Mode
Set alert frequency level: Low
Create Rules for safe applications: Off
Filter loopback traffic: Off

Enable Cloud Lookup: Off
Trust applications signed by trusted vendors: Off
Trust files installed by trusted installers: Off

Good evening,
I use Windows 10 Pro x64 v 14393 (clean install)
CIS v.8.4.0.5165
No CPU utilization concern
During a scan full disk 29% of CPU resources
See attached images

Ummmm, just to be clear this has NOTHING to do with scanning for viruses. It happens with Comodo Firewall (which doesn’t even have AV scanning ability). True, I happened to initially try CIS but after I saw the 25% CPU utilization, I uninstalled it and installed Comodo Firewall. Same behavior.

In any case it is explorer.exe that is using the CPU not cmdagent or any of the other processes you highlighted. If I understand your screenshots, explorer.exe is taking up 0% CPU so you are not in the same situation I am in.

I then uninstalled Comodo Firewall and the problem went away for almost a week as I used my system heavily for my normal daily tasks.

Just yesterday, I tried Comodo Firewall again and the problem reappeared.

Conclusion: Something is seriously wrong with free Comodo Firewall (and probably free CIS also).

BTW, I am running Windows 10 Pro directly from a Samsung 850 EVO 500GB SSD drive, not from inside a virtual machine like VirtualBox.

Hi givingup,
Does this also happen with the default settings?
If yes, it sounds like something unique about your system with CF/CIS installed and I would consider submitting a bug report.
Bug Reports - CIS
Required Format For Reporting Bugs

Thanks.

Hi givingup,
For information:

  • The latest version of Windows is that stated in my spot 14393 (anniversary),Your version is the old (1511)
  • Screen image at full load (CIS scan c: ) shows 29% of maximum load, normal function (explorer.exe 0%).
    The installation report CIS is it Ok ?
    The Windows OS integrity check is it Ok ?

Hello.
I think I might have this problem also, for months already. Searched a lot of information on the explorer.exe cpu problem but haven’t found the solution yet.

I have this on multiple computers, even after format. They all have this in common:
Comodo Free Firewall (Firewall with Defense+ on, sandbox off)
Antivir Free (for the virusscanner)
Windows 10, (Windows 10 older builds but also the most up to date Windows 10).
MBAM free for on demand scans
Nvidia GPU (latest but also older drivers)

It occurs when idle or just working on the machine. Not related to a specific manual Comodo action.
Also I can trigger it when waking up the laptop from standby. Then the problem occurs most of the time.
Reboot does help, but after a few minutes explorer.exe starts eating cpu.

Interesting, I also have a nVidia GPU (although I’ve disabled it since I currently just use my mobo’s builtin video outputs).

I also have occasional access to another computer running Windows 10 and CIS with an Intel Core 2 Duo E6300 (instead of a Core i5-2400), 4GB RAM, and a different nVidia GPU. It doesn’t seem to exhibit the problem but then I’m not on that computer very much.

My solution was to just give up on Comodo Firewall, and use the builtin firewall with Binisoft’s Windows Firewall Control. Not as powerful but no problems since my post on the 3rd (over two weeks).

Very interesting. My computers also have a dedicated and a onboard intel card. I use the onboard also most of the time.

I also switched to Binisoft’s Windows Firewall Control, but I hope to use Comodo soon again. I think there would be more users with these problem like us. I even have it on all my PC’s.

Hi there,

I have three different systems, an ASUS X56V notebook, a custom made PC and an ASROCK BeeBox.
The Notebook and the PC both use the Commodo Personal Firewall and Avira Antivir as AV Software. Both have the exact same problem, at any time the explorer process may jump to full CPU utilization (1 Core, no more, no less). Whenever this happens, the only working solution is to restart the computer, though you can also terminate the explorer process. Restarting it? Bad idea, it’s at full CPU utilization again.

My BeeBox does have Avira Antivir, but no Commodo Personal Firewall … and no problems at all!

On my notebook, which has 4GB Ram and only 2 cores, it takes much less time for the problem to occur. My PC which I build this summer from upper middleclass components, usually runs for several days (frequently using hibernation) before the problem occurs.

Windows 10 (Pro) is up2date on all three systems. Turning the CPF off doesn’t help, problably because the service is still loaded. Ending the UI doesn’t help either, but I didn’t expect it to help anyway.

In my opinion there is definitely a problem based on the ressources the pc has available.
For an easy test, all I did with my notebook today was download a large file (7GB) and play a round of Minecraft … that was enough to trigger the problem.

CPU: Intel Core 2 Duo T5800
4GB DDR2 RAM

I hope you can find the source of the problem, because I really want to continue using Comodo.

Thanks!

Have you tired excluding Comodo’s Processes from Avira Antivir? Having multiple security suites together usually results in problems as they get suspicious of each other’s operations.