ArrayNetworks VPN SSL ActiveX and Plugin are silently blocked by CIS

Hello,

Our company has some servers on a datacenter, and to access to those servers we need to connect to the datacenter’s VPN. This connection can be PPTP or tunneled (SSL). This bug report refers to the tunneled version.

The way to connect to the VPN via the SSL tunnel works this way:

  1. We need to point our browser to a certain URL and sign-in with a login/passwd.
  2. An ActiveX or Plugin (depending on the browser we use) from a vendor called ArrayNetworks is launched and the connection is established.
  3. We can then access to our servers via their private IP.

After installing CIS (4.1.150349.920 win7 64bits), neither the ActiveX nor the Plugin version of the ArrayNetworks VPN client is launched. Comodo doesn’t show any alert, and the logs don’t show anything either. The connection is not established, and disabling all layers of Comodo (antivirus, firewall, defense+ and sandbox)
doesn’t solve the issue.

As you see, it’s a very strange issue. It seems like, even when Comodo is disabled, it still kills some things. Does it make sense? When trying to make the ActiveX/Plugin to work (by signing in multiple times through the login URL) sometimes it works, but just very few times.

If needed, I could give you access to this tunneled VPN so that you can do your tests.

Thanks!

Can you try to set the Defense+ Advanced, Settings, Disable D+ permanent (requires restart)
and see if that helps anything?

Can you also verify if the Defense+ Computer Policy contains any files that belong to the SSL extender software?

Hello,

I tried the “Disable D+ permanent”, but the same happens. Even though it’s disabled, I checked the Defense+ Computer Policy and set all references to the ArrayNetworks components to “Trusted Application”, restarted, crossed fingers and tried again… but unfortunately that didn’t work either.

Thanks!

Can you uninstall to verify if that solves the issue?

You can export your configuration by going to More, Manage My Configurations and export the “active” policy there.

Are you sure the administrator does not verify some security software that needs to be active/present before accepting the connection?

When CIS is installed and you sign in to the datacenter website, most of the times the VPN web client is not launched. When that happens, if you sign in again several times, at some point it might be launched (if you’re lucky). This happens even when the firewall, defense+ and the sandbox are disabled. Windows Events log doesn’t show anything when the client is not launched, but it does when it works fine. CIS logs don’t show anything.

After uninstalling CIS, the VPN client is launched all the times without problems.

I did all tests using an administrator account.

If you want to test this using your own machines, I could create a vpn user for you.

Thanks!

Well as version 5.0.x Beta is about to be released soon I’m sure we have to test it with that version again to see if it’s already fixed, and if not we need to post a bug report so they can fix it for CIS 2011 (v5.x) based on experience the older version will no longer be fixed (v4.1.x and older).

So if you are prepared to test a Beta release, keep an eye on the beta board…

Yes, I can do that, but won’t they release any other upgrade of v4? Per the changelog of v4 I can see they fix lots of incompatibilities on each upgrade. This case seems to be one more incompatibility that needs to get fixed. It happened to me with this ActiveX/Plugin, but fixing this one might solve potential issues with sw from other vendors.

Well I’m not staff, but if I have to go for a guess, I think 4.1.x will not see any update anymore.
It’s to expensive for Free software to run multiple code-tracks…