Application blocking problem

My web pages are coming up as page not found and my firewall is logging a “accessed denied” between iexplorer.exe and explorer.exe it is a UDP out connection is this an attack or could it be that something is denying a genuine connection, if so how do I allow it?

Lots of people seem to be having this problem and still no official response to my knowledge. However what worked for me was to turn Block Fragmented IP Datagrams off. It is in Advanced, Detection and Prevention, Configure, Miscellaneous.
If this is wrong or someone has a better idea please dive in now on any of the recent threads with this problem.

Is turning it off a good idea, won’t it reduce protection in some way?

btw thanks for the reply

Yes, turning off Block Fragmented… reduces security, as the FW will not be monitoring this area. In some situation-specific scenarios, such things may be necessary. These types of things seem to be dependent on the hardware/software configuration, not effecting the general population.

It would be helpful to know more about your situation, sanctuary24. Can you post an excerpt form CFP’s logs showing some of these blocked entries. Can you explain more about the scenario - are these webpages you are hosting? If so, from where are you trying to access them? Where is the FW installed? And so on…

More info is helpful.

Tnx,

LM

This is a screen grab of the log

I don’t host any websites just general surfing the web but sometimes the web page will not be found and this appears in the log

ps if you deny or allow something and tick remember my choice can you reverse the decision anyway or is it something that once done its done?

[attachment deleted by admin]

If you Allow or Deny w/Remember checked, simply open Application Monitor, find the associated rule for that application, and remove it (or, if you know the changes that need to be reversed, simply Edit the rule). A reboot when finished will make sure temporary memory is cleared out and reset.

There are two things I see in the log screenshot.

  1. Explorer is being blocked from destination port 53, which effectively stops it from doing a DNS query to resolve IP to Hostname. You will probably want to allow your browser to do DNS requests - which will be Outbound to Destination Port 53.

  2. Looks like the loopback/localhost 127.0.0.1 is also being blocked. This is used for internal communications. Unless you’re using a local proxy (such as proxomitron), you can safely select to disable monitoring of this by going to Security/Advanced/Miscellaneous and checking the boxes “Skip loopback…” for both TCP and UDP.

A side note ~ while you’re looking at Application Monitor, make sure there are not any blocked entries for svchost.exe (probably with parent of services.exe) for destination ports 53,67,68,80,123,443. This way it can connect to your ISP’s DNS Server, get your IP address from the DHCP Server, update your system time, and connect for Windows Updates.

LM

I agree. So you can have reduced security and view web pages or high security but be unable to view web pages. That seems to be the conclusion.

How’s this then… you can have extra strong security…just unplug your computer from the mains and lock it in a safe.

I remember svchost.exe with the parent services.exe appearing but I think I blocked it but didn’t tick remember this setting, although it hasn’t appeared since

Internet explorer is listed as allow under applications but when edit is clicked it says “apply the following criteria” not “allow all connections”, although the crieria that is set appears to allow everything. My time and date is unable to syncronise though.

Svchost.exe isn’t listed at all under application list so should I add it?

Would deleting internet explorer under application list do any good at fixing this problem?

thanks for any help I appreciate it

Go to Security/Advanced/Miscellaneous, and check these two things…

Make sure the 2nd box is checked, “Do not show alerts for applications certified by Comodo.”

Check the Alert Frequency (AF) level. By default it should be set to Low. (you can set it anywhere you want; just be aware that the higher it goes, the more detail there are in the alerts & subsequent application rules - you can move the slider around to see what the differences are - if you want a “set and forget” firewall, lower is better; Very Low is great for that, and does not reduce security).

Click OK and then open Application Monitor. Go ahead and remove any rules for Internet Explorer, or any other system process (such as svchost, system, explorer, and so on).

Then go to Security/Tasks/Scan for Known Applications. Follow any prompts; reboot when finished.

LM

PS: hottroc, while it’s true the only secure computer is the turned off, unplugged, and unused :wink: it doesn’t have to be that way… There are a few cases where some users have been unable to find a solid resolution to some connectivity issues aside from disabling certain security features of the firewall. This is by far the minority, and in general seems to be something specific to their situation; I say this because it only happens on a few, and not in all situations. Not only does this make it hard to track down, but we also don’t know all details of their setup, so it’s almost impossible to give a definitive answer that “this is what it is.”

Seems like quite a lot to me. Just look at the Topics posted over the past 2 or 3 days. At least 5 people having the same problem (symptom-wise anyway).
However if it is not most people then it makes me wonder why my Internet Explorer is different to most peoples? What kind of requirement would mean that Fragmented Datagrams would be required to be allowed…?

Sanctuary - are you having any luck now?

Not 100% sure yet if the issue has passed I would have to see if everything works over the next few days as the problem only flaired up every so often. Im not sure what could have caused it as the firewall is working well since I installed it and I have not modified it since then so heres hoping it was nothing.

ps If you dont click anything for an alert and it vanishes will it pop up again next time you trigger it?

Considering the tens of thousands of installs and continuing usage of the FW, we’re definitely looking at a tiny minority. Typically what I’ve seen in the past relating to either Fragmented Datagrams or Protocol Analysis is related to the user’s network/router/ISP/software activities (such as p2p). AFAIK, there’s nothing that would cause a browser application to experience, or cause, such an issue.

Let us know how things pan out there… As to this question, if you don’t click an alert within the designated timeframe (found in Security/Advanced/Miscellaneous) the activity/connection will be blocked. It will be blocked for that session; it does not create a permanent rule. Typically then, restarting the application (such as the browser) will clear it out. Sometimes exiting the FW and restarting it, or in the most extreme cases a reboot, will work.

LM