HELP! - 2.0.0.1 Stopping ActiveSync & Email from working

[Guest]

[SilentBob]

Hi,

I have been using Comodo PFW for sometime now. I only got round to upgrading to v2 (and autoupfrading to 2.0.0.1) a few days back. I am now having BIG problems with it. 

1 - Microsoft ActiveSync 4.1 - This will not connect to a device if Comodo PFW is running. If an attempt is made to connect to a device while it is running, then before it will work I have to re-start the PC and close Comodo PFW AND the launchpad.

I have tried adding all the ActiveSync programs as trusted applications with FULL trust & invisibility and still no joy. It just won't have it and I am getting REALLY frustrated with it now!

2 - Email - MS Outlook 2002 & AVG Anti-virus email scanner - I can not get a connection to my POP3 mail servers if Comodo PFW or launchpad is running. Again, if an attempt is made while Comodo is running, then simply exiting Comodo and retrying isn't enogh. I have to restart the PC, exit Comodo THEN retrieve my emails. Again, I have added all necessary programs as fully trusted apps, but with no joy.

I am getting really annoyed with this, and am on the verge of doing away with Comodo and simply start using the Windows Firewall.

Can any one help me? Anyone else experienced similar problems? Any one able to advise how to fix these problems?

    

[pandlouk]

If you are behind a router add a trusted zone. Go to "Security -> Tasks -> Add a Trusted Zone" the wizard will help you with the procedure

[SilentBob]

No router. I simply have a USB ADSL modem. No hardware based firewall, etc.

[SilentBob]

I've been reading through this forum, and apparently the AVG email scanner was a problem in CPFW 2.0.0.0, but was supposedly fixed in 2.0.0.1.

I am definitely running CPFW 2.0.0.1 and definitely still having the problem. When the email scanner appears with a message saying it is connecting to the POP3 server it then just hangs.

Anyone else still having this problem with 2.0.0.1?

Any idea on how to solve it? Or is it being dealt with in the next update?

I suppose one way around it would be to stop using AVG, and to start using the Comodo AV.  Any comments as to what the Comodo AV is like? Is it a good product? Reliable?


Still mythed with the ActiveSync problem too?

[panic]

I've been reading through this forum, and apparently the AVG email scanner was a problem in CPFW 2.0.0.0, but was supposedly fixed in 2.0.0.1.

I am definitely running CPFW 2.0.0.1 and definitely still having the problem. When the email scanner appears with a message saying it is connecting to the POP3 server it then just hangs.

Anyone else still having this problem with 2.0.0.1?

Any idea on how to solve it? Or is it being dealt with in the next update?

I suppose one way around it would be to stop using AVG, and to start using the Comodo AV.  Any comments as to what the Comodo AV is like? Is it a good product? Reliable?


Still mythed with the ActiveSync problem too?

G'day SilentBob,

Re. AVG email scanning, I'm in the same boat - the AVG email scanner will just sit there ad infinitum, even after upgrading CPF to the latest version. Others have reported that it works, though, so it may be a system specific issue.

I've installed Comodo's anti virus and have found it to be quite nice so far, and the developers are working flat out on improving it. I still run AVG but have reinstalled it using CUSTOM install and not selecting the email scanner. Once AVG was reinstalled, I disabled the resident component and am just using it for on demand scanning and for verification against Comodo's scan results.

To date, AVG hasn't detected anything that Comodo didn't also find. This isn't to say that Comodo is quite ready for prime time, their AV database is still growing but doesn't have all definitions (but which AV does? ) and their (Comodo's) ability to react to zero day threats and new outbreaks is still to be tested. The AV app is still a bit on the bulky side for my liking, but this is being worked on, hopefully for the next release.

I'll screw my thinking cap on a bit tighter about the ActiveSync issue, 'cause my wife uses an iPaq and I'll be running down this road my self sooner or later.

Hope this helps,
ewen :-)

[panic]

G'day again,

Re. Active Sync, and please bear in mind this is just off the top of my head - does ActiveSync establish the connection between the external device and the host app. by means of the 127.X.X.X local loopback?

I'm only thinking along these lines because CPF monitors IP based traffic, so I assume it's picking up an IP connection related to the syncing process.

This could be checked by disabling CPF, connecting the external device and, in a CMD window, running "IPCONFIG /ALL" and seeing if there are any connection pertaining to the ActiveSync connection.

Please postback here and let us know the results.

Hope this helps,
ewen :-)

[SilentBob]

OK, I have run the IPCONFIG /ALL command with the device connected. The results returned were as follows:

Code:

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix:
Description: Windows Mobile-based Device #3
Physical Address: 80-00-60-0F-E8-00
Dhcp Enabled: Yes
Autoconfiguration Enabled: Yes
IP Address: 169.254.2.2
Subnet Mask: 255.255.255.0
Default Gateway:
DHCP Server: 169.254.2.1
Lease Obtained: 21 May 2006 14:46:27
Lease Expires: 20 June 2006 14:46:27

Does this help?


Ta,
Simon

[egemen]

OK, I have run the IPCONFIG /ALL command with the device connected. The results returned were as follows:

Code:

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix:
Description: Windows Mobile-based Device #3
Physical Address: 80-00-60-0F-E8-00
Dhcp Enabled: Yes
Autoconfiguration Enabled: Yes
IP Address: 169.254.2.2
Subnet Mask: 255.255.255.0
Default Gateway:
DHCP Server: 169.254.2.1
Lease Obtained: 21 May 2006 14:46:27
Lease Expires: 20 June 2006 14:46:27

Does this help?


Ta,
Simon

Hi Simon,

Can you please have a look at my post at http://forums.comodo.com/index.php/topic,220.msg1407.html#msg1407

and try to follow the steps to be able to paste some logs here?
After we review your traffic log, we can have an idea about what is happening.

Thx,
Egemen

[SilentBob]

OK, here we go.

When I connect my mobile device and ActiveSync tries to make a connection, I get the following:

Code:

Date/Time :2006-05-21 20:00:21
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.2.2, Port = 5721)
Protocol: TCP Incoming
Source: 169.254.2.1:listen(1025)
Remote: 169.254.2.2:5721
TCP Flags: SYN
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 20:00:21
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 20:00:16
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 20:00:11
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.2.2, Port = 5721)
Protocol: TCP Incoming
Source: 169.254.2.1:listen(1025)
Remote: 169.254.2.2:5721
TCP Flags: SYN
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 20:00:11
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 20:00:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.2.2, Port = 5721)
Protocol: TCP Incoming
Source: 169.254.2.1:listen(1025)
Remote: 169.254.2.2:5721
TCP Flags: SYN
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 20:00:06
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 20:00:01
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.2.2, Port = 5721)
Protocol: TCP Incoming
Source: 169.254.2.1:listen(1025)
Remote: 169.254.2.2:5721
TCP Flags: SYN
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 20:00:01
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:56
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.2.2, Port = ftp-ssl(990))
Protocol: TCP Incoming
Source: 169.254.2.1:1026
Remote: 169.254.2.2:ftp-ssl(990)
TCP Flags: SYN
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:51
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:46
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:41
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.2.2, Port = ftp-ssl(990))
Protocol: TCP Incoming
Source: 169.254.2.1:1026
Remote: 169.254.2.2:ftp-ssl(990)
TCP Flags: SYN
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:41
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.2.2, Port = 5721)
Protocol: TCP Incoming
Source: 169.254.2.1:listen(1025)
Remote: 169.254.2.2:5721
TCP Flags: SYN
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.2.2, Port = ftp-ssl(990))
Protocol: TCP Incoming
Source: 169.254.2.1:1026
Remote: 169.254.2.2:ftp-ssl(990)
TCP Flags: SYN
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:36
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 169.254.2.1
Remote: 169.254.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 19:59:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.2.2, Port = ftp-ssl(990))
Protocol: TCP Incoming
Source: 169.254.2.1:1026
Remote: 169.254.2.2:ftp-ssl(990)
TCP Flags: SYN
Reason: Network Control Rule ID = 1

When I try to send/recieve email via Outlook, the AVG email scanner appears and advises that it is trying to connect ot the POP3 server. I get the following log:

Code:

Date/Time :2006-05-21 20:06:19
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.29.255.96, Port = 43206)
Protocol: TCP Incoming
Source: 62.85.75.97:3780
Remote: 86.29.255.96:43206
TCP Flags: SYN
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 20:06:08
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.29.255.96, Port = 43206)
Protocol: TCP Incoming
Source: 62.85.75.97:3780
Remote: 86.29.255.96:43206
TCP Flags: SYN
Reason: Network Control Rule ID = 1


Date/Time :2006-05-21 20:06:03
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.29.255.96, Port = 10000)
Protocol: TCP Incoming
Source: 82.182.77.192:63675
Remote: 86.29.255.96:10000
TCP Flags: SYN
Reason: Network Control Rule ID = 1
In the attackers' world, this port is usually used by Trojan.W32.dumaru.ad(10000)


Date/Time :2006-05-21 20:05:58
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.29.255.96, Port = 10000)
Protocol: TCP Incoming
Source: 82.182.77.192:63675
Remote: 86.29.255.96:10000
TCP Flags: SYN
Reason: Network Control Rule ID = 1
In the attackers' world, this port is usually used by Trojan.W32.dumaru.ad(10000)


Date/Time :2006-05-21 20:05:53
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.29.255.96, Port = 10000)
Protocol: TCP Incoming
Source: 82.182.77.192:63675
Remote: 86.29.255.96:10000
TCP Flags: SYN
Reason: Network Control Rule ID = 1
In the attackers' world, this port is usually used by Trojan.W32.dumaru.ad(10000)

[timcan]

Hi SilentBob,  pls open comodo gui,go to security > click tasks> new network rule>
general-allow >protocol-ip> direction-in
Source ip 169.254.2.2
remote ip any  click ok.    Now go to network monitor and move this rule above  "rule block ip in".Try this for Active sync. Hope this helps,  tim

[SilentBob]

Hi,

Thanks for that. However, I have applied that change but ActiveSync still just sits on "connecting". 

[timcan]

Hi,

Thanks for that. However, I have applied that change but ActiveSync still just sits on "connecting". 

Hi, if you change protocol to  "any" does this change anything?

[SilentBob]

The protocol in the top section doesn't have an "any" option..? The IP protocol on the "IP Details" tab is already set to "any".

[timcan]

Sorry, my mistake.

[egemen]

It seems activeSYNC needs some local ports(5721/990) to be allowed.

What you need to do is:

1- Go to "Security->Nework Montitor",
2- Right click on the first rule(Rule Id = 0)
3- Select Add Rule->Add Before
4-  Action "Allow", Protocol "TCP", Direction "In"
5- Source IP : "Single IP" = "169.254.2.1",
6- Remote IP : "Any"
6- Source Port : "Any"
8- Remote Port : "Any"
9- Click Ok button.

Now your first network control rule must be : Allow TCP IN FROM IP 169.254.2.1 to IP ANY WHERE SOURCE PORT IS ANY AND REMOTE PORT IS ANY

This should solve your ActiveSYNC problem. IF not please paste your logs and a screenshot of network control rules screen again.


For AVG issue,  we need better logs.
What you can do is:
1- clear all logs
2- For all of your network control rules, Select "Generate an alert when this rule is fired" option. i.e. double click on each rule, select the checkbox and press OK.
3- Retry receiving your email and paste the new logs. You can always send your logs as a PM to me.


Thx,
Egemen

[Tags:]