Windows 7: Comodo, multiple logon/logoff

Borg 386 · 30 Sep 2010

Something curious. I updated Comodo a day ago and while parsing my event viewer, I'm seeing a LOT of multiple logon/logoffs by Comodo. Like 70 times in 3 minutes.

Observing this for a while, I find that after several minutes, this action stops for approximately an hour (give or take ten minutes), then resumes for several minutes.

I Googled this and went to the Comodo forums, other people have noticed this too, but no answers to it.

The events are listed under "Audit Success, MS windows security auditing". The event ID is 4634 for the logoff and 4624 for the logon and the following message:

Quote:

An account was logged off.
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon Type: 9

The message in the logon is the following:

Quote:

An account was successfully logged on.

Subject:
Security ID: SYSTEM
Logon Type: 5

New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2a8
Process Name: C:\Windows\System32\services.exe

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

It was here that I tracked it to Comodo

Quote:

Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x3dc</Data>
<Data Name="ProcessName">C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe</Data>
<Data Name="IpAddress">-</Data>
<Data Name="IpPort">-</Data>

Anyone notice this on their sys or have any comment on it?

Thanx
Borg

Windows 7: Comodo, multiple logon/logoff

Comodo, multiple logon/logoff problems?