Author Topic: Current 2.4 Solutions to Firewall issues  (Read 83766 times)

comicfan2000

  • Guest
Current 2.4 Solutions to Firewall issues
« on: January 23, 2007, 04:51:28 PM »
  • This will be a list of fixes that have worked for others. Mainly focused on 2.4 but will include some things that still apply from previous firewall questions, simply because they still apply.  Please also note that currently I am working on adding resolved issues and will take a bit to get them in here but every day "fingers crossed" i'll be able to add many more.

    What you will see in here

    The Question is marked :
    Question


    The Answer is marked :
    Answer


    The GREEN text is in between responses from  postee.

    If you see a link, it's due to such a long response\troubleshooting and simply too much to carry over.
    Just copy\paste link and it'll get you there.

    Also, to find a question, simply use the search bar at the top to search this answer thread, I have included the titles of questions to hopefully make it easier.


    I hope this will make it easier for users to find answers to problems much faster.   :)

    Last note: If anyone sees something out of place, no longer applies, or something I have missed, please PM me, thanks.


    Paul
     





« Last Edit: January 27, 2007, 03:05:28 AM by comicfan2000 »

comicfan2000

  • Guest
Install order
« Reply #1 on: January 24, 2007, 09:39:19 PM »

Another problem some have is CFP not starting up, not allowing connection.

  One instance that can cause this is a firewall not being installed FIRST. If you have anti-virus which is usually the main conflict, try uninstalling it , uninstalling CFP and install CFP FIRST anti-v SECOND. Many times a firewall, since it allows ALL access in\out to everything, it should be installed first.

comicfan2000

  • Guest
Windows Security Center issue...
« Reply #2 on: January 24, 2007, 09:47:25 PM »
Question

   windows security center doesn't recognize Comodo?

Answer


1. Go to the Security Center (Start/Control Panel/Security Center).  Go down to the bottom, under "Manage Security Settings for..."  and select Windows Firewall.  Make sure it's set to "Off."  Click "OK."  Reboot your computer.  Going through those steps (even if Windows FW is already off)

                       OR


2.   Go to Start, then Run

In the Run window, type "services.msc" (without the quotes...)

Scroll down to the Security Center entry.

Right-click the SC entry, choose Stop.  Wait a few seconds, then close the window and reboot your computer.


           OR

3.    To make it even easier - see attached ZIP file.

**********************************

 [ at ] echo off
cls
echo.
echo Stopping Windows Management Service - please wait ...
net stop winmgmt
echo.
echo.
echo Removing Repository folder - please wait ...
rd /S /Q %systemroot%\system32\wbem\Repository
echo.
echo.
echo Starting Windows Management Service - please wait ...
net start winmgmt
cls
echo.
echo Done!

**************************

N.B. The "/S /Q" parameters for the RD command are merely there to supress screen output.

Cheers,
Ewen :-)

[attachment deleted by admin]
« Last Edit: January 25, 2007, 01:01:15 AM by comicfan2000 »

comicfan2000

  • Guest
MS Active Sync Connection MDA\PDA not working?
« Reply #3 on: January 24, 2007, 09:58:09 PM »
  Question
  •      MS Active Sync Connection MDA\PDA not working?
Answer


Ports ActiveSync needs to communicate. This is  from the MS Knowledgebase. Here is the page.


http://support.microsoft.com/kb/q259369/#appliesto

ActiveSync 4.x requires the following Winsock Transmission Control Protocols (TCP) to be available:
• 990 (RAPI)
• 999 (Status)
• 5721 (DTPT)
• 5678 (Legacy Replication)
• 5679 (Handshake & Legacy Replication)
• 26675 (Airsync)

If socket port filtering occurs on any of these Winsock ports, ActiveSync does not synchronize with Microsoft Windows mobile devices.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX



Just to see if you can get it working make a rule at the top of the Network Monitor list of rules like this:

Allow-check the checkbox next to this window
TCP
IN
Source IP:  any
Dest. IP:  any
Source Port: any
Dest. Ports: Choose "A set of ports" and enter these port numbers: 990,999,5721,5678,5679,26675 (separate the numbers with a comma only)

You can right-click the firewall icon down on the right and select "Allow All" then wait for a few seconds and do the same thing and select "Custom" again. This will reset the firewall rules without having to restart the computer.

Try to sync it again to see if you get any log entries to show up.

jasper
« Last Edit: January 25, 2007, 12:42:10 AM by comicfan2000 »

comicfan2000

  • Guest
Comodo blocks bluetooth GPRS web data
« Reply #4 on: January 25, 2007, 12:33:08 AM »
Question
  •        I am setting up a new laptop (Win XP HE SP2 etc) and have installed Comodo Personal Firewall. It works fine via my wireless router for both email and www using Thunderbird, Firefox and IE.


I am now away from home and trying to get it working with my Nokia Bluetooth GPRS phone. Email downloads fine using Thunderbird but when I try to view any websites using either Firefox or IE it appears to find the site OK but nothing appears in the browser window which eventually times out. If I quit the Comodo firewall and run the Windows firewall instead everything works fine.

I've checked the forums and knowledgebase but can find no mention of this problem and also looking in the Comodo manual provides no clues that I can see. Any help and/or suggestions would be gratefully accepted.

JB




Answer



Try to disable "do protocol analysis".

If it does not work disable "Block fragmented IP datagrams", and try again.

Hope ti helps,

Panagiotis

comicfan2000

  • Guest
Utorrent question...
« Reply #5 on: January 25, 2007, 12:40:05 AM »
Question
  •      Hi , I followed the rules for utorrent  in network monitor. It just seems strange that the option of only allowing utorrent to use the rule is not there.  Is this safe?
Answer
  •      Yes it's safe.

YOU have to start the connection from the inside.
If you do a port scan, you will still be stealthed.
Choose a high port number that no other app use.
Between 40000-65000 is best.

Uncheck the UPnP option and random port in uTorrent settings.
« Last Edit: January 25, 2007, 11:54:05 AM by AOwL »

comicfan2000

  • Guest
Loaded Comodo and my Pop Mail went away
« Reply #6 on: January 25, 2007, 12:48:52 AM »
Question
  •        


1st.>Loaded up Comodo and my Pop Mail went away. Pop Mail comes back when I tured off "Application Control rules"

I've lost popmail for both OutLook and Pop Peeper. I messed around with the "Application Control Rules" allowing everything that could be allowed. I also set everything to "any" that I could set and I can't get PopMail anywhere.

PS - Imap and Hotmail all work, just PopMail doesn't work.

2.nd >I cleared the log and then ran Just the TWO problem Apps!

The first two log entries are from Pop-Peeper and last entry is from OutLook.

I will attach the file to this post < note: file is at bottom of answer >

Thanks for you time



Answer
  •      


  Symantec is using your localhost loopback and this is causing you to be blocked, as CPF sees it as inbound traffic.  Probably it's your antivirus email scanning.

So here's what should fix it:

Go to Security/Advanced/Miscellaneous.  You want to "Skip Loopback...UDP/TCP", and OK.  (That's two boxes to check...)

Now CPF will ignore that little scenario, which is fine; not a hazard, as it's an internal thing.

Should resolve it.  Let us know...

LM

PS:  the way I know it's a loopback is the IP:  127.x.x.x  That's the localhost of your machine. 


***I checked both boxs, restarted, nothing yet. Yes I looked up the app and noticed it was Symantec AV. Also noticed that the program, ccApp.exe is not listed in the Application Control Rules...

Should this and other Symantec stuff be in the RULES area?
PS Got an idea! Turned off Symantec AV email  protection and guess what?  It works!
Any ideas about this? I'm now going to play around with the AV email client and see what I can find!***




 Yes, ccapp.exe needs to be in the Application Rules.  You'll need to go there and click to Add a new rule.  ccapp.exe (browse to find the path) goes in the Application field.  For the Parent, click "Learn Parent."  Choose to Allow.  The rest should default to "Any" which is fine for now.  Ok.

Restart, as before.  That way the app is in there, allowed.

Here's the deal.  The AV email scan is working like a proxy email server; your email software (Outlook, etc) contacts your POP server, but AV intercepts the email to scan it before it reaches Outlook, and "forwards" it on to Outlook.  That makes it an inbound attempt.  Lo!  CPF stops inbound attempts... Smiley

Setting the rule for it, and taking off the loopback detection should clear it up.

Be sure to Stop and Restart CPF.  Wouldn't hurt to reboot, just to make sure everything's reset to the new rules/settings.

LM




[attachment deleted by admin]
« Last Edit: January 25, 2007, 05:26:17 PM by comicfan2000 »

comicfan2000

  • Guest
Wireless shared connection not working with COMODO firewall
« Reply #7 on: January 25, 2007, 12:59:56 AM »
Question
  •    


 COMODO installed ok and everything seems to be going great until my son on the wireless connection upstairs going thru my computer could no longer print.  In addition, he can no longer use the areas we have set up as shared.


 Answer


Set up a trusted network/zone.




comicfan2000

  • Guest
uTorrent does not work when CF is enabled
« Reply #8 on: January 25, 2007, 01:18:06 AM »
Question


Congratulations for firewall version 2.4
I have download and installed the new version but now uTorrent  does not work when firewall is enabled.

i am forced to disable the firewall to use uTorrent.
even after i add it to trusted applications it does not works.

is there any way to let some specefic ports to be opened?


Answer


You can find an answer in the FAQ section.

First you need to go in to your settings in uTorrent.
Uncheck the "use random ports" option.
Uncheck the "enable UPnP" option.
Set the port you would like to use. Lets say that we use port 54789.
Now, save your settings and close uTorrent.

Open the firewall (double click the sys tray icon).

Network monitor works like a router, so you have to "forward" port(s),
like you do in a router, for apps like Torrent/P2P.

Go to Network monitor (security/network monitor).
Right click on your block rule and add/add before.
Do these settings.

Action : Allow
Protocol : TCP or UDP
Direction : In
Source IP : Any
Destination IP : Any (or zone if you have one)
Source Port : Any
Destination Port : A single port : 54789

Click OK.
Start uTorrent and give it a few minutes before you think it doesn't work.

If it doesn't seem to work, restart CF or reboot your PC.

Always remember to place your allow rules you make, above the default block rule.
Network monitor reads the rules from the top to the bottom.

Also check the log in activity/logs and try to see which rule that blocks your app.

  I just tried to set Protocol to "TCP" and Direction to "In", but I wonder if it is good or I should do "TCP/UDP In"...?

I have another question: "Is there a difference (in term of security protection) if we create that rule (for uTorrent for example) before the "Block & Log" rule or before the first rule?"


uTorrent needs UDP In as well to work, so TCP/UDP In is what I have.

The difference is it depends on what other rules you currently have.  If you have just the defaults then this particular rule should not matter whether you placed at the very top or just on top of the block all (last) rule.  Remember: the order of priority takes place from top to bottom.
« Last Edit: January 25, 2007, 05:26:39 PM by comicfan2000 »

comicfan2000

  • Guest
How to backup CPF Rules and Settings?
« Reply #9 on: January 25, 2007, 01:27:22 AM »
Question

How to backup CPF Rules and Settings?

1.> https://forums.comodo.com/index.php/topic,2366.0.html <<simply copy & paste in address bar



 Answer


2.> Currently CPF does not have a backup tool. But dumping the registry key HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall and all of its subkeys should work OK.

Hope this helps,
Egemen

comicfan2000

  • Guest
Multiple IP Ranges for an Application
« Reply #10 on: January 25, 2007, 01:38:21 AM »
Question


What I am looking for from Comodo Firewall is the ability to limit which IP address ranges my e-mail client (Lotus Notes 6.5.3) can access.  For example, when I receive an e-mail from Morningstar, it has embedded images that are resolved via the Internet.  When I open that e-mail message in my e-mail client it goes out to the Internet to try and resolve the image.  When my firewall tells me this access has been blocked, I run Whois against the blocked IP address to get the IP range to insert in my Sygate firewall access rights for my e-mail client software.  I do the same for many other EXPECTED e-mails like from Target stores.  However, if I should happen to open a spam e-mail message, I do not want to allow it to access the Internet.  Over time I have found about 2 dozen IP ranges that I need to allow in my firewall for my e-mail client application.

I already know that neither the free ZoneAlarm nor the paid version have the ability to do what I want to do.  I am hoping that Comodo has this ability.

I hope that makes my situation clearer.

Thanks,
Stu




Answer


Oh absolutely.

The attached screenshot shows the creation of a rule (I've used Outlook as the example).  The Destination IP tab has several options; I've chosen Single IP, which sounds like it would fit your purpose.  You could also choose IP Range, and enter a Start IP and End IP for that range.

Let's say to start with you create a rule to allow LN only access to your email server, at 123.45.67.89.  That is now the only address it's allowed to connect to.  You'll want the Alert Frequency set to Medium or High for good results.

Now, an image from within an email wants to use LN to access 987.65.43.21; this is not the authorized IP address for LN, so CPF will generate a popup alert, which you can choose to deny (and even "Remember" if you want, which will create a rule in the Application Monitor to that effect - this might be good for your purpose).

If you choose "Remember" when you deny access, it's easy to go back and edit that rule to change from Block to Allow, if you decide you want to allow the image retrieval.  That way, you don't have to create a rule from scratch; otherwise, just Add a rule and build it as you need.

Hope that helps answer your question.

LM




[attachment deleted by admin]

comicfan2000

  • Guest
What is Component Monitor security tasks?
« Reply #11 on: January 25, 2007, 01:49:24 AM »
  Question


Last week I have installed Comodo Firewall and now I have some questions, the first time, regarding the Component Monitor.
My OS is Windows XP Home SP2, IE7 is my browser and I am connected with the internet through a router. I have the following security applications: NOD32, Windows Defender and Comodo Firewall.
I think the following areas are defended by these measures:
The router is monitoring the incoming internet traffic,
Windows Defender is monitoring the OS and IE7,
Comodo Firewall is monitoring the outgoing internet traffic and
NOD32 is monitoring incoming virusattacks.

At certain moments I wonder whether these application are interfering more or less with one or the other  with  a negative effect on the performance speed.
For instance I wonder whether the Component Monitor of the Comodo Firewall in certain way is doing the same as Windows Defender.
I have noticed that if the Component Monitor is disabled, the performance is faster.
My questions:
1. What is the security task of the Component Monitor?
2. Do you also think that Windows Defender is also performing the same tasks?
3. What are the negative effects on the Comodo Firewall performance if the Component Monitor is
    disabled, but the Application Monitor is running?

Thank you.


Answer

 

The componant monitor monitors parts of an application.  Here is a good definition from CFP help file:
Quote

A component, when loaded into application’s memory, acts as a part of that application hence having the same network access rights as the application itself.

Comodo Firewall Pro now validates all the components of an application before granting the Internet access. These components may be dynamic link libraries or ActiveX components that an application is using.


Component Control Rules can be added, removed and applied via the Component Monitor.


Windows Defender does monitor applications and their componants, but in a different way than what CFP does.

By disabling any part of any security software you are likely to improve performance it's just a matter of deciding which you would rather have - better security / better performance.

By disabling the componant monitor of CFP each comonant will be treated as a seperate application and you may need to grant permission for them rather then CFP automatically granting it for you based on application rules - and thus, this may dramatically increase the number of popups you receive from CFP.

Mike



comicfan2000

  • Guest
CPF blocking DHCP lease renewal by default?
« Reply #12 on: January 25, 2007, 02:00:12 AM »
  Question


 I've been using Comodo for a few weeks now and overall I like it a lot but I have been experiencing one particularly vexing problem. The DHCP lease time is set to 1440 minutes (1 day) by default on my router and when that time has expired I lose my internet connection. If I attempt to manually release and renew with ipconfig it reports "no connection to the gateway" - ie, the router at 198.162.1.1. After much tinkering around with the router's settings (as I had replaced its firmware with dd-wrt), I moved on to tinkering with CPF. I finally tried exiting CPF then running ipconfig /renew and this worked. The only custom rule I have created for CPF so far is to allow my torrent client to listen to a specific port. I suspect that one of the default rules is blocking the DHCP lease renewal request from my machine to the router. At any rate, this is such a basic problem that I'm sure I'm overlooking something so any help would be much appreciated!



Answer
  • Make application rules like this, just to try if it works.

You can worry about tightening up the rules later.

Application : C:\WINDOWS\system32\svchost.exe
Parent : C:\WINDOWS\system32\services.exe

General
Action : allow
Protocol : TCP or UDP
Direction : In

Destination IP : Any

Destination Port : Any

Miscellaneous


Application : C:\WINDOWS\system32\svchost.exe
Parent : C:\WINDOWS\system32\services.exe

General
Action : allow
Protocol : TCP or UDP
Direction : Out

Destination IP : Any

Destination Port : Any

Miscellaneous


Make sure that you have made a trusted zone also.
Reboot your PC.



AOwl: that did the trick - thanks!

Now, why would Comodo create the block all tcp/udp access rule for svchost.exe in the first place? I can't imagine it being done by default, but I don't recall answering any popups from Comodo that would have led it to do so.

Also, do I need to reboot or exit/restart Comodo each time I create a rule. I ask not only because you mention doing so but because I previously created two similar rules (allow UDP IN and UDP Out) but they didn't work.

Once again, thanks for the help!
 



No, Comodo doesn't create that rule by default. Probably you have denied a popup...

No, you don't have to reboot all the time, but if you have problems and think you have made the rules right, a reboot can at least be done just to be sure...
In this case when there is a system file involved, a reboot is sometimes necessary.
Sometimes it's enough to put it to allow all for a few seconds, and then back to custom.
Sometimes a restart of the firewall is the way to go.
Most often you don't have to do anything.
« Last Edit: January 25, 2007, 05:27:19 PM by comicfan2000 »

comicfan2000

  • Guest
Medieval II game & Comodo problem
« Reply #13 on: January 25, 2007, 05:12:12 PM »
Question

I'm having problems getting Medieval II to co-operate with Comodo firewall. With the firewall inactive I can login to the lobby fine. However with it on the firewall kicks in and freezes the game (as it should) but I can't switch the focus to the firewall window to let it through. I have created a rule for it in Comodo's application list but it looks like there's something else to verify. Any ideas? I havn't found a way to run the game in a window unfortunatley.

Answer


Try the game again. As soon as you have trouble connecting, stop the game and open COMODO. Go to 'Activity' - 'Logs'. Are there any logs there that tell you what was blocked?

Medieval isn't in the logs, forgot to mention another problems is that I have to restart the PC via the reset button because I can't close the game or return focus to the desktop anyway. 

That would explain why there is nothing in the Log. Didn't good old Ctrl-Alt-Del work?

Kail

Have you tried "allow all" in application monitor, and "allow invisible..." and "skip advanced security...." for you r game.exe? Also, have you done the same for ALL exe in your game folder? Like update.exe and so on...

Try to turn off network monitor to check if it works. If it does, you have to make a network rule for some port(s).

Try to add your game.dll in component monitor too.

Don't forget to restart your firewall after you have made your settings.

I've managed to get the alert to show on a second monitor Grin, it's a file to do with the copy protection that comodo was picking up. Thanks for your help! 
« Last Edit: January 25, 2007, 05:27:53 PM by comicfan2000 »

comicfan2000

  • Guest
Help with OLE
« Reply #14 on: January 25, 2007, 05:15:52 PM »
Question

At first, sorry for my English.

I have big problems to setup OLE rules in CPF. I will figure it only on one example, but there are many other examples on my system.

I have TV Card Hauppauge WinTV PVR 350 that use WinTV software for watching TV. WinTV wants to comunicate with inet, but I do not allow it and block WinTV. Now WinTV trys to use iexplore.exe or opera.exe and so on trough OLE (hcwhook.dll). When I block this OLE object, connection is blocked for all my system.
My BlueTooth stack wants also communicate with inet from time to time trough another aplication. I can give here a lot of other examples.

In simplicity I cannot block any OLE inet communication not to block whole system. I do not want to allow some aplications to communicatie with inet.

What to do? Pleas help.
Thank you.


Answer

Surely you should not block the OLE (system-wide hook), but the parent/child relation TV Card wants to establish with your browsers or with any other Internet applications. Same goes for your BlueTooth stack, which wants to communicate through other applications. Of course the main application (TV Card, Blue Tooth) itself should be blocked first.

Security - Tasks - Define a new banned application. Browse for the application that you don't want to grant any Internet acces rights, but don't define any parent. Click 'OK'. You could go further by defining your browsers or any other of your Internet applications here (players, for example) with TVCard as the parent.

Paul Wynant
Moscow, Russia

Thank you. It seems you helped me.
« Last Edit: January 25, 2007, 05:28:19 PM by comicfan2000 »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek