I tried getting Comodo to work again. I kept a log during the process. Prior to installing Comodo, my desktop and laptop worked fine.
-
Installed Comodo and restarted computer. Notice that computer shuts down rather than restarts.
-
Upon manual restart, I lose ALL intranet connection. Obviously, the laptop has no Internet.
-
After setting new trusted zone in Comodo, I do an Ipconfig on both computers: Desktop = 192.168.0.1 (was manually set before Comodo install); Laptop = 169.254.12.78 (ip was on auto before Comodo install)
-
Repair of laptops connection takes a long time and yields the same IP.
-
Manually set the laptop’s IP to 192.168.0.2. Now have intranet connection but still no Internet on laptop
-
Set Comodo to “allow all”, reboot both computers, Establishes’s intranet but still no Internet on the laptop
-
Set Comodo to custom and define new UDP rule; Restart both computers. Have intranet but still no Internet on laptop
8.Generate logs: (NOTE: The majority of log entries were generated PRIOR to trying to connect the laptop to the Internet. Entries with a time stamp of 05:19 occurred after attempting to connect the laptop. But, I don’t know that they are related to the laptop’s connection.
COMODO Firewall Pro Logs
Date Created: 05:19:57 01-05-2007
Log Scope:: Today
Date/Time :2007-05-01 05:19:52
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 218.10.111.119, Port = 1080)
Protocol: TCP Incoming
Source: 218.10.111.119:12200
Destination: 67.150.37.76:1080
TCP Flags: SYN
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:19:52
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 218.10.111.119, Port = 7212)
Protocol: TCP Incoming
Source: 218.10.111.119:12200
Destination: 67.150.37.76:7212
TCP Flags: SYN
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:19:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.84.104.29, Port = 6348)
Protocol: TCP Incoming
Source: 86.84.104.29:2367
Destination: 67.150.37.76:6348
TCP Flags: SYN
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:19:17
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.84.104.29, Port = 6348)
Protocol: TCP Incoming
Source: 86.84.104.29:2367
Destination: 67.150.37.76:6348
TCP Flags: SYN
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:19:12
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 86.84.104.29, Port = 6348)
Protocol: TCP Incoming
Source: 86.84.104.29:2367
Destination: 67.150.37.76:6348
TCP Flags: SYN
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:18:47
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 204.16.210.202, Port = 1027)
Protocol: UDP Incoming
Source: 204.16.210.202:52023
Destination: 67.150.37.76:1027
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:18:47
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 204.16.210.202, Port = 1026)
Protocol: UDP Incoming
Source: 204.16.210.202:52023
Destination: 67.150.37.76:1026
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:18:32
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 218.27.148.78, Port = 1026)
Protocol: UDP Incoming
Source: 218.27.148.78:55806
Destination: 67.150.37.76:1026
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:17:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 24.64.4.101, Port = 1028)
Protocol: UDP Incoming
Source: 24.64.4.101:22341
Destination: 67.150.37.76:1028
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:17:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 24.64.4.101, Port = 1027)
Protocol: UDP Incoming
Source: 24.64.4.101:22341
Destination: 67.150.37.76:1027
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:17:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 24.64.4.101, Port = 1026)
Protocol: UDP Incoming
Source: 24.64.4.101:22341
Destination: 67.150.37.76:1026
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:17:12
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 67.150.37.76
Destination: 224.0.0.22
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:17:12
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.0.1
Destination: 224.0.0.22
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:16:30
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 192.168.0.1::1037
Details: C:\WINDOWS\system32\WgaTray.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2007-05-01 05:16:27
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.0.1
Destination: 224.0.0.22
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:16:25
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: 127.0.0.1::2869
Details: C:\WINDOWS\system32\WgaTray.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2007-05-01 05:16:23
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 255.255.255.255::dhcp(68)
Details: C:\WINDOWS\system32\WgaTray.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2007-05-01 05:14:38
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 24.64.105.122, Port = 1027)
Protocol: UDP Incoming
Source: 24.64.105.122:25350
Destination: 67.150.36.236:1027
Reason: Network Control Rule ID = 8
Date/Time :2007-05-01 05:14:38
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 24.64.105.122, Port = 1026)
Protocol: UDP Incoming
Source: 24.64.105.122:25350
Destination: 67.150.36.236:1026
Reason: Network Control Rule ID = 8
End of The Report
- Uninstall Comodo and restart both computers. Turn on desktop’s Window’s fire wall. No intranet connection. The only way to reestablish intranet communications is to run Window’s ICS wizard on both computers.
Long post, sorry.
RC