Attention to Sygate Personal Firewall Users (as well as other firewall users)

Hi all,

I would like to make an announcement for Sygate Personal Firewall users who are trying to install Comodo Firewall.

You MUST uninstall Sygate before installing Comodo firewall. Otherwise you will lose all your internet/network connectivity.

Disabling Sygate does not work. Because Sygate Personal Firewall hooks your TCPIP.sys file and stops all your internet conection.

NEVER install Comodo firewall while you have another personal firewall installed, even disabled.(including but not limited to ZoneAlarm, Outpost, Kerio etc.)

Regards,
Egemen

Egemen, does this apply to the “worm control” firewall in Norton AntiVirus 2006?

That is the firewall recognized by my WinXP Pro SP2 machine – I installed NAV 2006 first, and although I have had no problems with CFP, I am wondering if I actually have a situation here (two firewalls) that I need to fix.

Your thoughts on using NAV 2006 with CPF?

Great product, btw <smile!>

I havent seen that one yet. But if you have a chance not to install it i recommend dont install the firewall part of NAV. you dont need it while you have CPF.

Egemen

Actually, if you can avoid installing ANY Norton products that would make your system run faster. Especially the “Norton Virus” (my name for their antivirus software) since it’s a memory hog, a resource hog, and I’ve been able to document that on average it makes your system run 47% slower.

Norton used to be good back in the days before Symantec bought it (we’re talking DOS - Windows 3.11).

This is interesting TheFireKnight.
We would like to start testing the speed of our products, what did you do to measure the speed? (I know there are many different ways, just curious)…

Melih

The figure is loosely based on real-world benchmarking. Basically, the system gets used with various benchmark programs running in the background (one at a time of course).
The tester sets a stopwatch for different times for set events (e.g. open the browser, click on a menu, switch applications, etc.) and then does the necessary actions at the set intervals.
The scores are based on the average of either 3 or 5 runs for each benchmark measuring different aspects of system performance (drive access, memory access, CPU use, video card performance is excluded unless DIRECTLY accessing the application even though the graphics subsystem will impact the overall speed of the system).
Pagefile swapping is taken into account in systems with low amounts of memory (since this is a global system speed figure).
For each benchmark we get an average value compared to the system without having said application installed (not just loaded into memory, since some apps have the pesky habit of running a few processes even when disabled), then we make an average from the multiple runs, and then average the averages of the different benchmarks.
Usually this set of tests gets run on the MINIMUM (or average at the time) necessary hardware to meet requirements since it exasperates the scores, yes that means pulling out PentiumIIs if necessary. Often times new hardware is too fast to make minimal differences noticeable.

Most Norton apps have a bad habit of running too many threads that hog system cycles while doing absolutely NOTHING or while they are DISABLED. Not only that, but an overly large amount of processes get spawned just for opening a window or dialog… this of course with an impact on memory footprint.

I usually test basic system apps this way since for the business I’m preparing I need to make sure that systems are at peak efficiency.
I own a small startup that intends to compete in the high-end gaming PC business, so of course to be competitive I have to take into account certain details.

TheFireKnight, I agree – Norton’s products are resource hogs, and they do slow down a machine. However, at least in the case of NAV 2006’s worm control firewall (and with my machine), it seems to work okay alongide CPF.

Egemen, here is the NAV 2006 activity log of a UDP attack on my machine on July 4th – AFTER I had version 2.2.0.11 of CPF installed (no changes made to the defaults, still in learning mode and having run one scan for known applications) and stable.

“Attempted instrusion ‘Portscan’ against your machine was detected and blocked”
“Intruder 64.136.173.8 (domain (53))”
“Risk Level: Medium”
“Protocol: UDP”
“Attacked IP: ”
“Attached Port: 1301”

NAV then went on to report that all communication with 64.136.173.8 would be blocked for 30 minutes, and that 569 worm “signatures” were continuing to be monitored.

I immediately checked CPF’s activity log, and nothing was shown regarding the attempt.

Did NAV “stand in front of” CPF in this case? If so, how?

I’m sure your CPF clients who use NAV 2006 would appreciate a better understanding on how these products play together. Symantec isn’t going to go away, and as they continue to put more and more functionality into their antivirus stuff, that kind of information would be useful.

I think you need to revise the configuration for CPF. If NAV is receiving packets on supposedly unopened ports then I’m absolutely CERTAIN that CPF is configured in a way that is too permissive. Those packets should not even be reaching NAV.
I don’t think most software firewalls, like CPF, are designed to handle out of the box programs, like NAV, that are set in listening mode for all ports. It’s like having a steel door (CPF) being kept open from the inside by some guy (NAV) that wants to make sure nobody comes over to try to break in. Not very smart if you ask me. It’s always better to keep that door closed in the first place.

On a side note, Avast! 4.7 is just as capable of blocking worms as NAV is and it is a far more efficient program. Not to mention that it is free for personal use, and it is the most efficient AV I’ve seen so far. Just to give you an example, the copy of Avast! I have installed on this machine right now is using a total of about 13.4MB of RAM and generally doesn’t slow down the system unless I transfer large files over the network (CPU limited).

My thoughts as well, TheFireKnight – and that’s why I made this query to the forum.

Right now, I have CPF “learning” turned OFF, and the Trojan protocols feature turned ON. Those are the only differences I have made from the defaults since installing CPF.

NAV 2006 reported the UDP attack while all of CPF’s defaults were in effect.

No issues currently, fortunately. I monitored CPF’s activity log yesterday, and it does seem to be controlling attempts to probe the machine (perhaps now that learning is turned off?)

Windows’ security center still reports NAV 2006 as the firewall in place, of course.

What I would like to know is what is the best way to make these products work alongside each other. As I said before, Symantec isn’t going to go away. I’m sure that a determined assessment by the CPF team to figure out what works and what doesn’t when using NAV 2006 alongside CPF would be helpful to a LOT of CPF users here.

It seems Norton is producing a false alert. Because there is no way that CPF can fail to detect such an attack.

Egemen

Thank you for your reply, Egemen.

I will continue to monitor and report back as more information becomes available.

Hi,

I don’t understand why it matters with Sygate, the latest version is over a year old and there will be NO future versions due to Sygate being Acquired by Symantec Corp.

I just installed Comodo and am getting the message that my Norton worm protection detected an intrusion & blocked my connection - for 30 minutes. That is was a “portscan” intrusion. And I have to reboot the PC in order to try again.

I tried dozens of times to get my email via IE and was blocked everytime except once. I’ve also tried several browsers (IE, Firefox, Mozilla). Usually they work, but at least 25% of the time I get the same Norton message. I am using NAV only, not their suite. And Windows firewall is off.

If I turn off Comodo everything works just fine (and turn on Windows XP firewall for some protection). While I did have other issues with Zone Alarm, I never had my connection blocked like this.

So what is Comodo doing? And how do I correct it?

I would uninstall the Norton and find an alternative. That worked for me. I’ll never use Symantec again or any product they take over.

Thanks for the tip. But no one should ever install a new firewall without uninstalling the old one first. I came over from Sygate as well. BTW, CPF needs the strong logging capabilities that Sygate had. You want to see a mass exodus from Sygate to any firewall you must have that strong logging.

Just for clarification, I am only using Norton Anti Virus. Not their firewall nor their suite.

I did not realize all the people that don’t like Norton until I joined this forum. Not passing judgement one way or the other, but I never had a problem till now. NAV works with no firewall, with Windows XP firewall and with ZoneAlarm firewall. Just not with Comodo firewall.

I thought about using the Comodo AV. But when searching this forum for help information I came across a thread that people have problems uninstalling CAV. So this makes me shy away from it.

I just want Comodo firewall to work.

Hi , well I can tell you this, if you go on Cnet or other forums, believe me, many hate Norton. I myself can’t stand it as a pc repair guy. I have uninstalled Norton, the integrating, resource chewing , cpu indulging hog of a system on many computers and have gotten many thanks for this and sent others to use better and less resource shaking utilities. I have as many techs, felt for years Norton was simply a hinderance more than helpful. I could go on forever as to why but you don’t want me to go there, I have had way to much coffee, :wink: As far as firewalls go, no one should install ANY two firewalls of ANY breed, it’s a recipe for disaster. One good anti-virus and one good firewall will do the same work of 10, to however many people think they need. This is not directed at you, just a general statement. :slight_smile: :wink:

Take care,

Paul

Paul,

Thank you for the reply. I do not doubt anything you say. The only firewall I have running now is the Windows XP one. If I turn on comodo, Norton Anti Virus detects a portscan & frequently blocks me out.

I do realize sometimes there are compatibility issues. I’m just tired of playing with this setup. I also feel I should not have to install a new program “A” because I installed a new program “B”. I’m guessing I’m not the only person running NAV and Comodo.

I had issues with ZoneAlarm firewall.
Now Norton AV has issues with comodo firewall.
And comodo AV has issues with uninstalling.

Sorry for venting, but where does all this it end? I just want to get back to using my computer. I would think there would be a setting somewhere in NAV that would make it properly interface with comodo. Then at least I could run something better than Windows XP firewall until I found another firewall.

I agree completely with you, you shouldn’t have to uninstall anything. Hey, i’m on your side. The only problem I have is Norton likes to keep other apps out for their own benefit if you know what I mean. When I got my first pc and had Norton, if I tried to install anything it acted like a jealous child throwing a tantrum. ZA is another that I grew tired of very quickly, last wouldn’t even let me connect to the internet, no help from support, bah humbug. What I do is keep CPF, and currently Fix it utilities, AV. I know there were issues with CAV and Beta 2 promises to be a huge improvment which if it is that good, I will be dropping Vcom fix it eventually and using a free AV. Once CAV 2 comes out, your prayers may be answered. :slight_smile:

Paul

When is CAV 2 expected to be available?

In the meantime, what would you suggest for an AV program?

Despite the negative comments about Norton AV, I have never had a problem. And the magazine reviews always seem to give it the highest rating. That’s why I went with it years ago. Do any of the free AV programs come close in protection to NAV?