Good afternoon, I’m having trouble on a few dozen workstations with cmdagent.exe consuming a good deal of CPU time, resulting in slugging computers and quickly depleted batteries on laptops (1/3 of the runtime we normally get). When trying to kill the process I get Access Denied. I’m using the latest version of the agent and security client (6.24.20361.18120 and 10.8.2.7127, respectively). This has been an ongoing problem since we moved from ESM. I’m not sure where to begin troubleshooting. I’m having the issue on my laptop and I verified I don’t have any Comodo tasks running and nothing is being virtualized or limited.
This sounds like a configuration problem, do you encounter the same issue issue using one of Comodo’s default profiles on an endpoint?
I switched from a custom policy to the Windows - Security Level 3 Profile v.6.24 policy with no change. I modified the Default Windows Profile for ITSM, so I can’t use that one to test. One thing I noticed is that in my Comodo Client - Security CEF event log there are hundreds of HIPS events, Task Category: Block. A screenshot of one is attached.
In my log, I have hundreds of entries but no problems with the machine.Why don’t you uninstall CCS on one PC, use the clean up utility and then reinstall CCS with a default profile. Here’s a link to the x64 clean up utility https://cdn.download.comodo.com/cis/download/installs/ciscleanuptool/ciscleanuptool_x64.exe
As what @nct mentioned in his post, the situation you are experiencing @wayne.clement is most likely has got to do with the security-related settings in the associated profile. You may need to do some trial and error here with your custom profile. May we suggest disabling temporarily HIPS on that custom profile and test it on one or a few endpoints.
Of course, leaving HIPS disabled permanently will not be the best solution here in the long run. Have you tried ‘Training mode’ in the HIPS section of the profile? Here are a couple more guides that you can review for further tips on how to improve your usage of HIPS in CCS:
How to switch modes in HIPS settings and firewall settings of CCS using Endpoint Manager profile
How to configure COM protection in HIPS
Have a go at it and feel free to share with us the results at your convenience.
This is still an open item for me; I have HIPS disabled globally as a workaround for now. The mode it’s in (Training, Paranoid, etc.) has no effect on cmdagent taking up nearly all the CPU time.
We created a support ticket for your concern @wayne.clement to inquire further the situation that your clients are experiencing with the latest version of CCS. Please reply to the ticket at your convenience.
We have seen this issue a lot, this is a problem with the upgrade of the ICC (Itarian Communication Client) / Endpoint Manager.
I know this sounds bad, but uninstall and re-install it and all with be fine.
On the security and access denied the problem is the CCS (Comodo Client Security) protects the services of Endpoint Manager from being stopped.
Stop the AV first and you can then kill the manager.
Is the best I can hope for to wait for someone to complain and then uninstall and reinstall the software? That doesn’t sound like a responsible method of administering endpoint security software. I’m at a point where my Comodo issues are getting out of hand and all the advice I’m getting on this forum is to uninstall and reinstall.
What issues are you getting?
My issues are at the top of this post. Like my firewall issue, disabling a feature (in this case HIPS) contains the issue but it results in running this product in a reduced state enterprise-wide.