I have several web sites that do not work correctly. Hopefully others have seen these problems and can suggest a CFP settings change to correct them.
Speedtest sites: http://speedtest.net, the upload test does not work correctly - DL is OK. http://ciseweb100.cise-nsf.gov:7123/, get only Java errors. A few lines from Java Console:
load: class Tcpbw100.class not found.
java.lang.ClassNotFoundException: Tcpbw100.class
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
When I try to open the Logitech Harmony Remote SW, it connects to the Logitech server. This fails like there is no Internet connection.
I realize that more information may be needed and will will try to supply it - please let me know.
I am running Win XP Pro x64 Ed, CFP 3.0.14.276, IE7. All SW is up to date.
Thanks much for any help…John
Speedtest works fine for me-take a look at your firewall log, you are probably blocking an ICMP response.
As far as the other site, a url ending in :xxxx is directing the browser to a nonstandard http port, in this case 7123. Go to Firewall/Common tasks/my port sets and add 7123 to the list of http ports.
Thanks much, sded for your response.
I hope you can bear with me as I learn.
I think this is the log at the time of speedtest.net failing on the upload test:
Date/Time Application Action Source IP Source Port Dest IP Dest Port
12/16/2007 6:43:31 PM Windows Operating System Blocked 144.253.101.102 31200 70.124.61.116 1026
The formatting is a little bad - don’t know how to attach the .htm file I exported.
I also don’t know what to do with the log information. I hope you can help me get started.
I added port 7123 to my ports list and got the same results for the second URL. Other things to try?
Thanks again…John
Back to basics What browser are you using? Under firewall/advanced/network policies what rules are you using for that browser? Whatever there is, we probably need to add a “block and log all” rule to collect whatever is happening. My web browser rules are attached; I don’t have any global rules. What are your global rules? The log entry you sent me looks like it was something else, so we need to get one from your use of speedtest.net. Did the log show anything from your browser? And make sure your 7123 actually ended up under http ports; the updates there are a little confusing.
sded, thanks again for your response and help.
I see the attach option in the Additional Options of the post area and will use that next time I need to send some data.
I am using IE7 under Win XP Pro x64 Ed.
I am on a different machine today and have some issues to deal with so I may not be able to get back to the subject system till tomorrow, but I wanted to respond to your help.
I looked at my browser rules the other day and I remember their looking very much as yours except possibly ‘block and log’. My logs contain only entries from WOS and most look very similar to the one I sent you. The reason I selected it is because I watched the clock when I was running the speedtest upload test and looked for an entry at that time. I suspect you are correct and I have not seen the error logged that is occurring. I don’t remember what my global rules were but I accepted default options when I installed and have made no changes. When I get back on, I want to try ‘alert on incoming connection’ to see if that is a problem. I am currently using block all incoming connections and no alert.
I found the ports update straight forward and did look for the 7123 under http. Ports 80, 8080 and 443 were also there (http, proxy (avast! WebShield, I think) and https).
I should point out that these problems are not really high priority but need to be fixed, especially Logitech Harmony. I hope that after I understand how to diagnose and correct these problems, I will be better apt to deal with future problems.
I really appreciate your help……………John
The NSF site is also getting connections to ports 3001 and 3003 probably via the JavaScript. You could add these ports to the Web Browser rules explicitly, or make a separate rule for the speedtest type ports. But there will probably be others. If you look at my rules, I had to add a rule to go to any port to support passive FTP anyway, so the FTP rule is allow/tcp/out/any/any/any/any and should cover you. For ashwebsv.exe, you can use allow/tcp/out/any/any/any/http ports, since the other ports won’t go through Avast! And you can remove the 7123 from the http ports, which may also be used elsewhere. So:
Add the FTP rule to the Web Browser Policy
Fix the ashwebsv.exe rule
and we can see then what else may be necessary.
BTW, if "ask"works for you as a firewall rule, this would be a good place to use it instead of “allow” in the ftp rule. But it doesn’t work on my system, never has.
sded, I am back but have not learned much. My browser policy is identical to yours. My NSF NDT site still fails, but several of the NDT sites do work after I allow ports 3002 and 3003. If you scroll down on the NSF page you will see several more sites. You may be able to see something common but I don’t. It seems that the ones that specify port 7123 fail while the ones that do not have a port specification work OK. I tried defining a port range of 0-65533, but NSF NDT still failed. I will spend more time later trying to understand your suggestions and do more diagnosis.
Thanks much…John
sded,
Thanks for your help.
I think I have implemented all the things you have asked me to do. I had to add ashwebsv.exe because it did was not present. What is the purpose for this rule (WebShield?). I have tried turning off WebShield with no apparent effect. So far nothing has helped. Windows Update and Windows Defender Update also fail. I have not been rebooting after changes. I tried it once and it did not seem to help. Is a restart need if not requested? My FTP rule was set for port 21 only and I set it to ‘any’.
I am a little bleary-eyed and need to quit for the night. I will look some more tomorrow to see if I have set things as you requested.
Thanks again…John
sded,
I am more than a little puzzled this morning. Yesterday I set the stealth port wizard to alert me to incoming connections. I never got any alerts and this morning I also noticed that I had no intrusions and the FW log was empty. I set the wizard back to block all incoming connections and very soon saw the intrusion count incrementing. I also notice that both the inbound and outbound connections were zero even though I had IE7, Thunderbird (TB) and Win Media Player(radio) (WMP) open. The connection counts varied and the view active connections sometimes shows only TB listening on two ports and sometimes shows WMP and/or an svchost. Is this reasonable behavior?
Last night when I was putting in your suggestions, I set them to ‘ask’. I looked through several this morning and all were set to allow. Is this how ‘ask’ does not work?
I tried turning off Defender+ this morning, and had the same problems with the web sites.
I have lost track of all the changes I have made. When I figure out what it takes to make things work I may want to go back to all ‘factory defaults’ and make only the needed changes. I searched the help file and could find no way to do this. Do you know of a way to reset all settings to default? I went to Add/Remove and clicked Change/Remove on Comodo and it asked me only ‘Do you want to remove Comodo?’. Some programs have a repair option here. Does Comodo have a repair option that I could use to reset all settings to default?
Thanks again…John
All the stealth port wizard does at the global level if you select “alert” is block incoming ping requests, and let you worry about the others. At the Windows Operating System Level, there is no “block and log” unless you add it. And you increment the count only if you log. As far as connection, do you mean that they are both zero in the summary under “Network Defense”-Your next sentence says the connection counts varied? THe active connections should show listening by system routines, but maybe not with your ruleset. Try refreshing a website, and you should get a bunch of TCP connections, which then drop out after a time. If you are using Avast! you should also show ashwebsv.exe and ashmaisv.exe listening-are you using Avast!, and do you have Web Shield and Internet Mail turned on. As far as “ask”, mine stays on “ask” but is just a no-op, and is skipped. Be sure you hit the right number of “apply” when changin rules, this is the most common problem with rule making. If you go back to the Web Browser" rules in my previous posting, and make the FTP rule change to all, that should be a summary of the suggested changes. If ashwebsv.exe is not present, then it may be turned off in Avast! . Right click the blue Avast! ball, go to on access protection control/webshield and be sure it is turned on. At a minimum, ashwebsv.exe should be listening on port 12080. Don’t know of any way to get back to factory settings unless you exported them from miscellaneus/manage my configurations. You can do an uninstall/reinstall if the suggestions above don’t help you and you want to start over. Then export your settings right away and make the minimal changes suggested above. I have no global rules, and system level rules are attached. Browser rules are the ftp modified rules shown above. And if you are really using ashwebsv, the rule I use for that is allow/tcp/out/all/all/all/all/tcp ports (the odd ports don’t get processed by Avast!) and then a block and log all. I use a block and log rule for each application ruleset so I can see if something unexpected is happening.
Thanks, sded.
I have found all kinds of problems with the help of your last post!
I don’t have a TCP Ports set defined.
I have no ‘block and log’ on any of the Application Rules.
I guess this explains why I see nothing in my log. I will add the rules to all.
What is the definition for the TCP Ports? I have only HTTP, POP3/SMTP and Privileged.
I am running the latest (up to datest) avast!. All 7 of the providers are active. Six are running - no Outlook.
When I turn the stealth from block and alert to block all, the global rules get changed. I did not realize the stealth wizard was using the global rule set.
When you use ‘ask’ and it ignores it, does it ignore the whole rule or treat ‘ask’ as ‘allow’, ‘block’ or…? I do see some of the ‘ask’ entries I put in but it seems like some are missing.
Currently I have plenty going on in my active connections list (attached, my connections count was 2 Outbound). It goes up and down. I can see WMP appear then disappear. I assume it is DLing some more radio data to fill its buffer. What I was saying about the connection count was on the Summary page under Network Defense. After I turned Block All Incoming Connections, I started getting log entries and counts. I did not add a Block and Log, it was already there.
ashwebsv.exe was not present, but I added it. I almost always run WebShield and I don’t understand why the rule was not there.
It seems I have read in the forums that a uninstall/install will keep the original settings unless the proper file or folder is deleted. Can you tell which file/folder that is?
I have some work to do now to get my rules set properly with the block and log.
On my attached active connections screen shot I have obscured my IP address. It is not that I don’t trust you, only that I think it is best not to make it public.
BTW what OS are you running (XP or Vista; 32 or 64 bit)?
Thanks so much, again!
John
PS, I have failed 4 times to post this. I will try this time without the attachment and post that later.
tcp ports is a typo; should be http ports. When I use “ask” it ignores it and goes to the next rule. So if I try to “ask” something just ahead of my block all rule, it gets blocked. . I use the block and log all rules at the application level just to make sure that I get some information if a program does something unexpected. I just find this more convenient than messing with the global rules for this type of function.
Don’t understand why ashwebsv and ashmaisv don’t show up on your active ports and your ruleset when you use them. Try going to Web Shield/Customize and make sure that you have checked all the boxes and listed at least 80 an a port to be scanned. And check to be sure that files are actually listed as being scanned. Check the other tabs and see that they look reasonable too. Similar check for Internet Mail/Customize if you are not seeing persistent connections for ashmaisv listening in Comodo. For uninstall/reinstall I recommend that you follow the procedure in https://forums.comodo.com/help_for_v3/please_download_the_new_3014276_and_ask_for_help_on_that_version-t17016.0.html to avoid the occasional problems users have had with patches.
I agree you shouldn’t make your connections screen public, if it shows your public IP. If if just shows your private IP (192.168.1.x or such) it doesn’t make any difference; those are not directly accessible outside your system.
I am running Vista Ultimate 32 bit, Avast! Just don’t update to XP SP3 RC yet until we get this sorted out.
I cannot get the screen shot to post. I have tried making it smaller (36kB), changing from jpg to jpeg to pdf. All I get is a message that says it is too large. Please let me know and I’ll try again.
How are you trying to post it? Normally you go to “additional options” at the bottom of the message, then “choose” to get it into the attachment box. Says it will take 4500 KB, but I have never tried one that big.
sded,
I may be at the root of my problems. I tried to send the file to myself in an e-mail and it also failed. I had problems in the past with the nVidia on board NIC. I tried turning off the CRC offload and that did not help. I then switched over to a PCI NIC and the e-mail worked! I will try to attach it again.
I see that this interface has the Windows FW active. Should I turn it off?
Here goes…
Yes, you should turn off the windows firewall. Shouldn’t cause your problems, but can interfere with the Comodo rules by acting in series with it. Your connections look fine, looks like Avast! is working OK; don’t know what Thunderbird is doing that has it listening on those ports-what else do you have running that might use TB? Do you have a Dell?
That fixed it!!!
The dang nVidia on board NIC is causing me a problem. I am sure glad that I bought that $10 Gigabit NIC a few months ago. I have not been using it since I didn’t have an FW for it since the nVIdia FW applies only to their NIC.
The NSF site, Windows Update, Windows Defender Update, and Logitech Harmony ALL WORK!
I will do some more testing later, but I have some things I have been ignoring while I tried to diagnose this.
I will post a separate question about restoring the default settings.
Thanks so very much for your GREAT help! I have learned a tremendous amount in the last few days.
Thanks, thanks, thanks and thanks!
John
sded,
I wanted to answer your questions.
TB is a POP3/SMTP e-mail client from Mozilla. I can’t think of any other SW that would be using it.
I do not have a Dell but a machine I built I have an Epox MB with nVidia nForce4 Ultra chip set. The chip set has a NIC with a HW firewall which I removed to install the CFP. When I first used the machine (almost two years ago), I could not upload attachments on e-mails. This turned out to be a CRC offload problem. I turned off CRC offload via the FW and all was well. When I removed the FW I guess the CRC offload became active again and was damaging the data I was sending out. I turned off CRC offload via the Device Manager but that did not help - surprised me! Fortunately I had a PCI NIC which corrected the problem when I used it instead of the nVidia.
I, for sure, won’t be installing SP3 RC. I have tried a couple of Betas and RCs on MS SW, but have never tried an update.
Thanks…John
What browser are you using? Under firewall/advanced/network policies what rules are you using for that browser? Whatever there is, we probably need to add a “block and log all” rule to collect whatever is happening. My web browser rules are attached; I don’t have any global rules. What are your global rules? The log entry you sent me looks like it was something else, so we need to get one from your use of 
When I use “ask” it ignores it and goes to the next rule. So if I try to “ask” something just ahead of my block all rule, it gets blocked.