Another Firefox Problem

Hello All.

I am working on the greek version of WindowsXp Home SP2 (windows firewall disabled), using Firefox 2.0.0.11 (treat as WebBrowser) and Comodo Firewall Pro 3.0.15.277. I connect to the internet through a Touchspeed router with the firewall on (block all outbound and open specific ports for applications such as MSN, Skype, U-torrent).

I also run:

PCTools Spyware Doctor 5.5.0.178 (trusted application)
Nod32 Antivirus 2.7 (trusted application)
NetPeeker 2.82 (trusted application) with its firewall and throttle services disabled. I only
use it to check the active connections, download/upload speeds and total downloaded/uploaded
bytes for each application/process.

The problem I face is only with firefox. (U-torrent downloads/uploads ok). I can surf the
internet without any problem, but I cannot download any large file or view any large streaming
video because it seems that the connection dies out. Checking netpeeker, it seems that the
problems starts when at some point firefox decides not to send out data (I assume a standard
method of sending a receive notification to the other computer). The download speed gradually
drops until it reaches zero. No time out message, no log of blocking firefox in either defense+
or firewall.

Skype works fine, other processes like Isass.exe, CLMLService.exe alg.exe and MemCheck.exe seem
to be blocked too as there have zero oubound/inbound bytes, but system processes, svchost.exe
and nod32krn.exe connect ok. The only log I get is from Windows operating system (blocked
inbound ICMP) when source ports are 3 and 11, and destination ports are 0, 1, 3, 10 and 13.
These events have different times from the time I request a file for download. Some times when I clear the cache of firefox the download (in streaming media) continues, other
times not.

My global rules are shown in the snapshot, but the problem is there even when I have no global
rules except for the last block on echo requests (a rule created by the stealth my ports wizard
of Comodo, set at "alert me to incoming connections).

I triple checked my PC for malware / viruses. Nothing (it is a recenlty formatted PC and the
problem was there from the start).

I tried to run firefox in safe mode, but the problem persists.
I tried to completely remove firefox from the rules and re-assign it as a web-browser allowing
its every action, but no luck there.
The problem also persists when I disable the firewall and Defense+, even when I exit Comodo, and
only disappears when I uninstall Comodo completely.

I haven’t found any similar problem so far… Any ideas?

[attachment deleted by admin]

Are you using the Firefox download manager extension? Does it occur with both http and ftp downloads? Does it happen if you download with internet explorer? What are your Firefox application network policy rules? Do you allow FF to make DNS requests? Try adding “log” to your FF rules and make the last rule a “block and log”-see my web browser rules attached.

[attachment deleted by admin]

Thanks for your answer Sded!

I’m using the following add-ons:

del.iciou.us 1.2.1
DOM Inspector 1.8.1.11
Download Manager Tweak 0.7.2
Fasterfox 2.0.0
Forecastfox 0.9.6
Foxlingo 2.1.9
Gmail Notifier 0.6.2.2
Tab Mix Plus 0.3.6
and using Noia 2.0 (eXtreme) 3.38 theme

These are all disabled when running firefox with a new profile, but the problem is there!

I really don’t know how to distinquish between http and ftp downloads… All I know is that I cannot fully load flash movies (You-tube remarkably works fine however). And I cannot download “big” files (i.e. even just over 2-3 MB sometimes).

The same happens with IE. I cannot download big files in IE either. The firefox appl. network rules are exactly the ones that you attached in the screen shot (webrowser with the DNS request allowed, last one block and log), but I get no blocking messages apart from the ones regarding Comodo blocking the Operating system.

I think that it has something to do with the general setup of comodo because i find the same problem when using IE.

You should be able to tell what kind of download from the url-it will say either http://y/xxxxx.exe or ftp:/y/xxxxxxx/exe. Sorry, not obvious why it would stop in the middle, instead of not starting at all. One suggestion though: Add allow rules for the ICMPs that are being blocked, in case they are for retries/resumes of the download when there are link problems. They are things like time exceeded, destination unreachable, … that help control the flow of a download.

As I cecked it happens with http downloads for sure (tried to download adobe reader but this time it doesn’t even start). As for ftp I haven’t tried yet. Streaming video I suppose is considered http too? I just added ICMP global allow rules, but the problem pesists…

Add them to the rules for Windows Operating System, where they are blocked now. The precedence of application rules vs global rules sometimes causes problems.

Sded, thank you for your help.

Unfortunately adding these rules didn’t resolve the problem. Firefox still stops downloading randomy at some point. Is there anything else you think I should check? Isn’t it supposed to recognise firefox actions (or any other typical internet request such as downloading) without the need of extra rules?

I see two possible problems that you might have:

1st one is that there was a mistake done (or they wanted it so, cannot tell) in the web browser rule, where the only ftp port allowed is port 21: should be set to any imo.

2d issue is your NOD32 setup: careful with the http shield that can easily block streaming video, and may be some downloads too. There are two settings for the http shield in NOD32: one makes it a proxy in memory and can bring the above issues, the other possible setting has the proxy send all files first to a cache on disk, before sending it to your browser, which might be more convenient to avoid download or streaming issues.

I don’t think CFP is the issue. There could have been an issue with firefox download manager (that can be reset) but you seem to have the problem as well with IE.
Otherwise may be check if any protocol analysis is turned on in CFP. This can be a problem in some cases .

Haven’t seen this problem before, so yes it recognizes firefox actions for most people without extra rules. Probably should check your firefox rules in D+ and set it to trusted, but most of the issues with firefox start at the beginning, not in the middle. Maybe someone else will have some ideas now that we have tried a few things. We have been having some bad installs of CFP3, but your earlier message says you have already uninstalled and reinstalled. You could also try turning the touchspeed firewall off temporarily in case there is some interference between the two due to timing of SPI, NAT, and what the various firewalls really pass. There are often issues with running two firewalls, even hardware and software.

Leopard, thanks for your suggestions.

I already tried the allowance of using any ftp port, reading from other posts, but no luck…
I can’t really see how nod32 could be the problem… I’ve been using it for 1 tear with no problem. the problem started only after installing comodo (actually it is the second installation of comodo, because it was giving me the same problems with downloads and streaming at the first setup, and i thought i should try over again uninstalling and reinstalling comodo…

protocol analysis is off in cfp.

Sded, thank you for your efforts, much appreciated.

Yes, the truth is I haven’t been able to locate a similar problem and I’m quite concerned if this is an first time original error (this may be good for making comodo better but for the time being it is bad for me). As for the router’s firewall, I had the problem even when this was completely disabled.

Any other ideas?