Firewall Still Logs After Disabling

[Guest]

[Soyabeaner]

I disabled logging from Application Monitor and Network Monitor and cleared all existing logs.  After rebooting it still logs windows media player (which I exclusively blocked in App Mon) whenever it starts (but only once during the computer's active session).  Any clues as to whether it's a known bug?

[kail]

 
Can you post an example Log entry here please. Remember to mask any private IP addresses. Thanks.

[Soyabeaner]

I had to reboot to generate this:

Date/Time :2006-11-20 15:55:52Severity :MediumReporter :Application MonitorDescription: Application Access Denied (wmplayer.exe:206.xx.xxx.xx:dns(53))Application: C:\Program Files\Windows Media Player\wmplayer.exeParent: C:\WINDOWS\explorer.exeProtocol: UDP OutDestination: 206.xx.xxx.xx:dns(53)

Date/Time :2006-11-20 15:55:50Severity :MediumReporter :Application MonitorDescription: Application Access Denied (wmplayer.exe:206.xx.xxx.xxx:dns(53))Application: C:\Program Files\Windows Media Player\wmplayer.exeParent: C:\WINDOWS\explorer.exeProtocol: UDP OutDestination: 206.xx.xxx.xxx:dns(53)

Date/Time :2006-11-20 15:55:50Severity :HighReporter :Application MonitorDescription: Application Access Denied (wmplayer.exe:206.xx.xxx.xx:dns(53))Application: C:\Program Files\Windows Media Player\wmplayer.exeParent: C:\WINDOWS\explorer.exeProtocol: UDP OutDestination: 206.xx.xxx.xx:dns(53)

[Soyabeaner]

Another discovery:

You know the default selection in the logs is Today, right?  Well, when I select another one like Last 7 Days and it cleared the log!

[kail]

Can you get it back by closing & reopening the CPF front-end?

[Soyabeaner]

I if select back to Today the log is still not there.  However, this time instead of rebooting my computer I closed and restarted CPF and those original entries returned.  I had WMP running during the CPF restart, so I thought how about closing WMP and restart WMP, and guess what?  A new 2-set log entry (the high warning wasn't there this time, only the 2 mediums) were added on top of the old 3.

Then I repeated the (WMP not CPF restart) process and it generated another 2 new medium logs.  Subsequent tests doesn't generate any more WMP logs.  There doesn't appear to be any pattern.

[kail]

I see! OK, sorry. Yes, you're right. CPF does not save log entries between reboots. However, it does when it is manually closed before the reboot (thats currently the only known workaround). What is your OS? Are you running User Profile Hive Cleanup (aka UPHClean)? Also, just confirm your CPF version? Thanks.

[Soyabeaner]

CPF does not save log entries between reboots

Actually, that's kind of what I want. , but more specifically I want CPF to not log at all.  Seems to be a small bug ATM.  My CPF is the latest stable 2.3.6.81.  OS is XP SP2.  Ever since the upgrade from SP1 to SP2 I uninstalled UPHClean because any logging off problems were gone .

[kail]

Sorry, I forgot about WMP. If you know what a HijackThis is.. have you run that to see if WMP is sneaking in on startup.

[Soyabeaner]

I'm proud to state that my HijackThis log has been clean for over a year (at least I think it is ).  If there's anything new I would know, or do you want to take a look?

Also, I only connect to the internet after everything is loaded, including CPF.  If there's no net connection then WMP doesn't attempt any outgoing connections.  Once I'm logged on the net WMP appears to know and then the attempted connections and then the CPF logs...

[kail]

OK. Then I recommend that you goto Comodo Support, register on their system (if you haven't already) & raise a ticket on this. Remember to give them all the details & there is no need to mask your private IP.

[Soyabeaner]

Thanks for your responses, kail.

I have submitted that ticket.

[Soyabeaner]

Yes, I mean bytes...

I tried to reproduce you log problem, but I couldn't...

Do you have these sevices in administrative tools on manual start?
WMDM PMSP Service
Windows Media Player Network Sharing Service
Try that

Have you unchecked WMPNSCFG in msconfig/autostart?
Try that too.
Reboot your PC and see if there is some change.

I've never even seen those names, let alone have those services.  And this doesn't happen at every computer startup/boot; it happens at every CPF startup.  My services are running at minimum essentials (I've tinkered with this for a very long time so I know).  Also, this isn't limited to WMP but any application that makes internet connections, for which I've created a block ANY ANY TCP/UDP IN/OUT Application rule.

What's weird is that after some time (I don't know exactly the duration because it seems random), say at least 30 min to 1 hour, all subsequent start up of WMP doesn't generate any logs as desired.

[AOwL]

Hmm...
As I said I can't reproduce this, so hopefully Comodo can help you.
By the way, do you have WMP11?
Sorry I can't help.
I can only say one thing...
Use Foobar instead...

[Soyabeaner]

WMP 10 and Winamp (which also created the same results if I blocked it).  Again, it's definitely not which apps I use but something to do with my system and/or CPF.  It would be silly to pick another audio player just for something this trivial .  I only stick with WMP because I think the audio quality is better, but that's another debate.

Maybe there should be an option to size the log to 0 MB

[Tags:]