Can't Get CFW to Work - Please help

Help for v2
1

Hello All:

I’m new to Comodo so bear with me. I can NOT get the program to work with my home network. Here are the particulars:

  1. Ad-hoc peer to peer wireless connection between desktop and laptop
  2. Desktop has dialup internet w/ ICS
  3. Dialup service is via a proxy server, port 8080
  4. CFW was installed using automatic option and I set up a new trusted zone as was suggested on this forum.
  5. Without CFW, everything is fine
  6. With ICF, I have two problems:

(a) Have trouble with laptop obtaining IP via DHCP
(b) Once the two are connected, I am able to freely browse computer in both directions but I can
NOT get the laptop to browse the Internet.

I have installed and uninstalled Comodo twice. I want to use this product but can’t!

Is someone able to help?

Thanks,

RC

2

Hi there,
perhaps you didn’t set your network control rules correctly?

Maybe this helps:

https://forums.comodo.com/index.php/topic,1125.0.html

This explains in great detail how to set rules that suit your demands. (V)

Hope you’ll get your problems sorted out in a very near future.
I’m sorry I can’t be of more help.
All the best for you,
grampa.

3

Thanks for the reply. I have already looked that link that you suggested. But, I will go back and look again.

I notice a couple of weird things:

  1. After setting up CFW, when I first starting trying to access the Internet (browser e-mail), I get several denials. After receivign the denials, I set appropriate rules. After about 3 or 4 new rules, the denials messages stop but I still can not connect to the Internet from the networked computer.

  2. After uninstalling Commodo, rebooting and re-enabling Windows Firewall, I still have no networked Internet connection. This persists even after refreshing the network. About the only thing that I’ve found that will work is to revert to the System Restore point I set before installing CFW.

I dont’ know if any of this is related to the problem…

RC

4

If you really want to have COMODO FW (and I know that you want ;D) you should maybe:

  1. Re-install Comodo FW
  2. Post a screenshot of your network rules https://forums.comodo.com/index.php/topic,6770.0.html
  3. Wait until s.o. will help you OR pmail one of the pros (like mOngOd, who wrote the manual on creating NR) providing a link to this topic.

If this problem is related to your rule setup you will be instantly helped.
If it’s not, well, at least you ruled out one possible reason for why you cannot access the internet.

All the best,
grampa.

EDIT:

  1. Did you get any pop-ups by Comodo asking your permission to allow connection to the internet???

  2. When you set up the new trusted zone did you place the rule for that above or under any block rules???

5

Yes, I did get a couple initial requests which I allowed.

The new trusted zone was automatically placed at the top of the rules heap.

Thanks for your continuing support…

RC

6

Hi there,
sorry my brain’s not working properly today (too little sleep) so these questions might prove to’ve been already answered in your previous posts.

  1. Do you run Comodo FW on your desktop computer as well?
    If so can you access the internet from there?
  2. This is propably the stupidest question you’ve ever been asked:
    Did you check the rules for your browser in the Application Monitor)

Not running a homenetwork myself I think my abilities to help might be limited.
However, if you decided to reinstall Comodo I’d strongly suggest to post a screenshot of your network control rules and perhaps even of your application control rules.

Even if I might not be able to help you I’m sure somebody else can (R)
Bye,
grampa.

EDIT:
Sorry for all the modifications but as I said… too little sleep.

Did you ever try to set COMODO to “allow all”? What happened then?
If you could access the internet it was most probably a rule related problem.
If you couldn’t there must have been another problem. (to be further narrowed down)

Don’t worry we’ll get there (:WIN)
Cheers, grampa.

Another EDIT, another hopefully helpful link:
https://forums.comodo.com/index.php/topic,6758.0.html

7

OK, I’ve tried again. I posted my rules.

Also, here’s the log file after restarting the computer but BEFORE to the Internet. This is BEFORE I connect my laptop via wireless.

Date/Time :2007-04-29 16:09:22
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.0.1
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2007-04-29 16:09:21
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: 127.0.0.1::2869
Details: C:\WINDOWS\system32\WgaTray.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-04-29 16:09:18
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 192.168.0.1::bootp(67)
Details: C:\WINDOWS\system32\WgaTray.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-04-29 16:09:18
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 239.255.255.250::upnp-mcast(1900)
Details: C:\WINDOWS\system32\WgaTray.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

As I say, the above log files are before I connect my networked laptop. Once I clear up the above warnings, I’m desktop is able to browse the Internet. ALL the above seem to be related to windows genuine advantage.

I’ve also include the warnings that I receive AFTER connecting to the internet.

Now, keep in mind that ALL of these are before I even connect my laptop to my network. Once do I connect, I receive no additional warnings or alerts. My laptop is able to access my desktop’s shared folders, but the laptop is not able to browse the Internet or check e-mail.

Interestingly, I noticed that “allow all” does not allow the laptop to connect. In fact, shutting down Comodo still doesn’t open the laptop to the Internet. The only way to restore internet acces is to remove Comodo and restart the computer.

[attachment deleted by admin]

8

Just remember that Right-Click > Exit on Comodo’s icon don’t actually stop Comodo; it still runs in the background as service. Only two ways to ‘disable’ Comodo, either by changing the mode to “Allow All” or uninstalling.

That said, since you’ve tried changing the mode to “Allow All” but no result, we can be sure that the problem is not with the rules. Try changing the other advanced settings.

9

Good morning - at least it’s morning here in Europe - to both of you!

Have you already read the post linked above?

If you have a problem like:
  1. Connecting in internet with a modem
  2. Difficulties in acquiring the IP address (through the DCHP server)
  3. Renewing the IP address (through the DCHP server)
  4. Loosing connectivity

Try to disable the feature Do Protocol Analysis in CFP.

You will find it under Security → Advanced → Advanced Attack Detection and Prevention → Configure → Miscelanous

ps. In some cases a reboot is needed for this to work.

Perhaps that helps.
If not, be assured you will be helped now that pepoluan has come to the rescue.
If you do a bit of reading in the forums you’ll find him helping to solve a lot of people’s problems (including mine). A very nice and wise guy (:CLP)

10

While I’m thinking about it, let me a question.

Why is it that even thought my laptop can not connect to the Internet via my desktop, I get NO denial, warnings or connection indications on Comodo?

The whole thing is just so “weird” to me.

Thanks for the ongoing support!

RC

11

awww, ■■■■ grampa, you make me blush blush

rdcarson, if the Network Monitor blocks DHCP transaction, you won’t get any warning, except perhaps a medium-level severity entry in log.

I want you to try this:

  1. Set Comodo to Allow All. Reboot. Can you connect to the Internet?

  2. Set Comodo to Custom (one notch above Allow All). Add a rule in Network Monitor above Rule #0 (click rule #0, right-click, add, add before) as such:

    UDP
    In/Out
    [ x ] Log
    Source IP: Any
    Dest IP: Any
    Source Port: 67 to 68
    Dest Port: 67 to 68

  3. Go to the Logs, clear the logs.

  4. Reboot, try to connect to the Internet. Do you succeed?

  5. If you failed to connect to the Internet, export the Logs as HTML, open in your browser, copy the text, and paste them in this thread.

  6. In any case (success or failure), uncheck the [ ] Log option in the new rule you just added, so you won’t burden the system.

Edit: Oh, and one more thing. IMO disabling advanced protocol analysis, although may correct things, should be the last thing to do. IIRC doing so makes Comodo no longer rejects ‘invalid packets’ such as the ACK-RST-FIN TCP packet discussed elsewhere in the forum. Such packet may be used by hackers to do OS signature or portscanning. CMIIW.

More Edit: Oh, and when I said ‘reboot’ above, reboot both the desktop and the laptop, i.e. : Shutdown the laptop, shutdown the desktop, turn on the desktop, turn on the laptop, in that order. Make sure you’ve successfully connected to the Internet before turning on the laptop.

12

I tried getting Comodo to work again. I kept a log during the process. Prior to installing Comodo, my desktop and laptop worked fine.

  1. Installed Comodo and restarted computer. Notice that computer shuts down rather than restarts.

  2. Upon manual restart, I lose ALL intranet connection. Obviously, the laptop has no Internet.

  3. After setting new trusted zone in Comodo, I do an Ipconfig on both computers: Desktop = 192.168.0.1 (was manually set before Comodo install); Laptop = 169.254.12.78 (ip was on auto before Comodo install)

  4. Repair of laptops connection takes a long time and yields the same IP.

  5. Manually set the laptop’s IP to 192.168.0.2. Now have intranet connection but still no Internet on laptop

  6. Set Comodo to “allow all”, reboot both computers, Establishes’s intranet but still no Internet on the laptop

  7. Set Comodo to custom and define new UDP rule; Restart both computers. Have intranet but still no Internet on laptop

8.Generate logs: (NOTE: The majority of log entries were generated PRIOR to trying to connect the laptop to the Internet. Entries with a time stamp of 05:19 occurred after attempting to connect the laptop. But, I don’t know that they are related to the laptop’s connection.

COMODO Firewall Pro Logs

Date Created: 05:19:57 01-05-2007

Log Scope:: Today
Date/Time :2007-05-01 05:19:52
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 218.10.111.119, Port = 1080)
Protocol: TCP Incoming
Source: 218.10.111.119:12200
Destination: 67.150.37.76:1080
TCP Flags: SYN
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:19:52
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 218.10.111.119, Port = 7212)
Protocol: TCP Incoming
Source: 218.10.111.119:12200
Destination: 67.150.37.76:7212
TCP Flags: SYN
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:19:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.84.104.29, Port = 6348)
Protocol: TCP Incoming
Source: 86.84.104.29:2367
Destination: 67.150.37.76:6348
TCP Flags: SYN
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:19:17
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.84.104.29, Port = 6348)
Protocol: TCP Incoming
Source: 86.84.104.29:2367
Destination: 67.150.37.76:6348
TCP Flags: SYN
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:19:12
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.84.104.29, Port = 6348)
Protocol: TCP Incoming
Source: 86.84.104.29:2367
Destination: 67.150.37.76:6348
TCP Flags: SYN
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:18:47
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 204.16.210.202, Port = 1027)
Protocol: UDP Incoming
Source: 204.16.210.202:52023
Destination: 67.150.37.76:1027
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:18:47
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 204.16.210.202, Port = 1026)
Protocol: UDP Incoming
Source: 204.16.210.202:52023
Destination: 67.150.37.76:1026
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:18:32
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 218.27.148.78, Port = 1026)
Protocol: UDP Incoming
Source: 218.27.148.78:55806
Destination: 67.150.37.76:1026
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:17:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 24.64.4.101, Port = 1028)
Protocol: UDP Incoming
Source: 24.64.4.101:22341
Destination: 67.150.37.76:1028
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:17:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 24.64.4.101, Port = 1027)
Protocol: UDP Incoming
Source: 24.64.4.101:22341
Destination: 67.150.37.76:1027
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:17:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 24.64.4.101, Port = 1026)
Protocol: UDP Incoming
Source: 24.64.4.101:22341
Destination: 67.150.37.76:1026
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:17:12
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 67.150.37.76
Destination: 224.0.0.22
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:17:12
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.0.1
Destination: 224.0.0.22
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:16:30
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 192.168.0.1::1037
Details: C:\WINDOWS\system32\WgaTray.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-05-01 05:16:27
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.0.1
Destination: 224.0.0.22
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:16:25
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: 127.0.0.1::2869
Details: C:\WINDOWS\system32\WgaTray.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-05-01 05:16:23
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 255.255.255.255::dhcp(68)
Details: C:\WINDOWS\system32\WgaTray.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-05-01 05:14:38
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 24.64.105.122, Port = 1027)
Protocol: UDP Incoming
Source: 24.64.105.122:25350
Destination: 67.150.36.236:1027
Reason: Network Control Rule ID = 8

Date/Time :2007-05-01 05:14:38
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 24.64.105.122, Port = 1026)
Protocol: UDP Incoming
Source: 24.64.105.122:25350
Destination: 67.150.36.236:1026
Reason: Network Control Rule ID = 8

End of The Report

  1. Uninstall Comodo and restart both computers. Turn on desktop’s Window’s fire wall. No intranet connection. The only way to reestablish intranet communications is to run Window’s ICS wizard on both computers.

Long post, sorry.

RC

13

Your step 5:

5. Manually set the laptop’s IP to 192.168.0.2. Now have intranet connection but still no Internet on laptop
effectively disables DHCP. Since you only put in the IP address but (I presume) not put in the default gateway’s address (which should be 192.168.0.1), you can access the Intranet but can’t access the Internet. DG address is required if you want to access the Internet.

Now, since you’ve disabled DHCP on step 5, steps 6 and 7 are no use. In effect, steps 6 & 7 allows DHCP transaction… but since the laptop’s DHCP has been disabled, no transaction took place.

This also explains why you must run the ICS wizard on the laptop before getting access to the Internet: The ICS wizard resets the laptop’s IP address to Auto, in other words enabling DHCP. Prior to running the wizard, the DHCP is disabled so even though you uninstalled Comodo, the laptop didn’t receive any DG setting because it didn’t ask.

You should re-enable DHCP (i.e. set IP on auto) on the laptop before setting Comodo (on the desktop) to Allow All. Again, restart the desktop (i.e. the ICS provider) first, then restart the laptop.

Please do this and post again, if now you can get Internet connection.

One more thing: Do you use Comodo on the desktop only or on both the desktop and laptop?

14

Well, after weeks of learning about CPF and Networking, I finally have my home network working.

Because I use ad-hoc (peer to peer) networking, my TCP/IP settings are different than most. From what I’ve learned,in ad-hoc networking the client does not issue DHCP, thus the host must be manually configured. I previsously tried this but failed to complete the setup by NOT issued a gateway IP AND a DNS IP.

Once I correctly set up the client computer and reran Comodo for about the billionth time, it appears to finally be working.

I am cautiously optimistic that the trusted zone that I defined will all all the necessary communications. I have restarted both computers several times and I am still able to successfully access the Internet from the laptop.

NOW, SHOULD I PUT CPF ON THE LAPTOP???

Thanks to those that have helped me!!!

RC

15

Hey rdcarson,
glad to hear that you finally managed to get your computers running WITH CPF installed. And thanks for sharing your problems and the solution with the forum so that others who’re having similar problems can more easily be helped. What I also wanted to say: I bow down before your stamina when it comes to troubleshooting. It’s not common that people spend such a long time trying to solve a severe problem with a product when there are alternatives. Thumbs up and congratulations on that. Of course there aren’t any real altenatives to CPF ;D so you did the only reasonable thing to do. As to give you an answer to your question:
I’d strongly advise you to install CPF on your notebook as well. It’s the best protection you can get. (L)
So, if you encounter any further problems don’t hesitate to ask (even though you didn’t get the help that you hoped for this time). I’m sure your being cautiously optimistic will very soon become a “love affair” with your new firefall.
Cheers,
grampa.