First, a big hello to the Comodo community. I was a Kaspersky user for long years, and decided to use CIS instead for a new laptop. I’ll try to sum up my issues, please bear with me as a new CIS user.
System: OS Win 7x64 Ultimate (fully updated), laptop with Pentium B950 dual core, 4 GB RAM.
the connection is typical 100 mbps line, no modems in home, just the RJ45 cable, directly in the PC.
CIS is updated and there is no other resident security program; Windows firewall is disabled.
Symptoms:
The net goes dead sometimes. It is possible that the connection disconnects after a while. Reconnection fixes the problem, but not always. Sometimes I also disable/enable the LAN and then reconnect to the net.
Sometimes only some websites are down, although I only observed this a few times. Yesterday Microsoft and Yahoo Answers were down (for me only).
I thought I fixed this by setting the firewall Stealth on “Alert me to incoming connections…”, and it seemed to be working for a while, than the disconnections started again.
Exiting CIS or putting thr FW on Disabled does not fix the issue. However, uninstalling CIS does.
After some more digging, I’ve found in the Event Viewer messages like the ones below:
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x16DE2XXXXXX. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
And:
The server {995C996E-D918-4A8C-A302-XXXXXXXXXXXXX} did not register with DCOM within the required timeout.
So it seems my issues are (were?) related to DHCP. So I’ve set up a global rule for it, Allow UDP In, ports 67-68, Any Address. Even with the global rule set up, and after a reboot, I’ve got pop-ups related to svchost.exe trying to get UDP traffic on the DHCP port. So I’ve set up a rule for svchost too, although I’m 99.9% sure the global rule should have been enough :\
The DHCP global rule I’ve set up on top of the list also goes to the bottom of the list sometimes by itself… Is it a bug? It happened 2-3 times, and I did nothing but try to verify some rules, and when I checked the Global tab, the DHCP rule was somehow at the bottom for no apparent reason.
Anyway, I hope that my problems are gone now. The DHCP rules now trigger pretty often (15 minutes or so) in the log, and since I’ve created the secondary svchost rule, the PC stays online.
It is a shame I had to do this manually; these things should never happen. I wanted to install CIS on my girlfriend’s PC and on the PCs of a few of my clients, but this lack of automation in such issues is troubling. The average person has absolutely no idea about how to go through these things. This DHCP allow should automatically happen under the hood in the standard configuration of the firewall…
PS: Please let me know if I did something wrong, or I should change something. I am very new to CIS. Thanks.
Please run the Kaspersky clean up tool to be sure no traces of Kaspersrky are left behind. You can find a list of various clean up tools here: ESET Knowledgebase .
Let us know if running the tool did the trick or not.
What appears in the screenshot (it is the log) is not what I’ve setup in the rule, it is what actually happened. Actually, my rules are like this:
I’ve defined a Port Range in Port Sets, named “DHCP”, 67-68
I’ve made a Global Rule and a svchost rule, to Allow UDP In, Any Address, with the Source/Destination ports set as a “A Set of Ports”, using the “DHCP” port range defined in “Port Sets”.
Anyway, there were no further disconnections today, so I feel what I did is most certainly right to some extent. Let’s hope CIS does not decide to start disconnecting me again…
For some reason, Outgoing only is not enough… the connection dies… I even rebooted the laptop after changing and the connection went dead after just a few minutes.
Don’t worry about it… even if only with a “Allow In UDP” rule, it works OK. I’ve put it on In/Out now and the laptop is connected stably like this. Maybe it’s just the way my provider does things. They’ve been trying to implement changes to the infrastructure for 1 Gbps and who knows…
I have rules set up for Opera and uTorrent. uTorrent is appearing in the logs as being blocked by the firewall quite a few times, so the rules are seemingly applied. Opera does not, so it might be behaving all right So it seems CIS is doing its job (I guess). My firewall is on Safe Mode. I even get pop-ups from time to time when utorrent wants to check for updates (my guess, based on IP).
Actually, it works for a while, then it just goes on and on disconnecting me, and detecting the 169.254.xxx.xxx zone.
I have even removed CIS altogether, reinstalled it cleanly. I didn’t add a DHCP rule after the fresh install - just out of curiosity - I wanted everything reset to default. And everything worked up amazingly - for a day. Then the disconnect cycle started again, without me changing ANYTHING.
What’s worse, is that after many disconnects, I cannot access the Internet after a reconnection - I have to disable/enable the LAN, which most of the times results in the 169.254 detection.
Interestingly, the LAN connection reports as being DHCP Enabled in conection’s details, but the PPPOE reports it is NOT DHCP enabled, for some reason…
PS: Curiously, the DHCP rule always goes down to the bottom if I click the “Alert me to incoming connections…” in the Stealth wizard.
I gave up. I did try my best to like Comodo, I do respect&like free software initiatives… but this was too much for me. CIS basically made a ■■■■ mess of my Internet connection, and I’m not a PC illiterate…
Nobody was able to help me, so I have officially uninstalled it, and come back now to report that my laptop works GREAT with the Windows firewall, but also with the Kaspersky IS 2013, as I’ve returned to it… no more disconnections, no more hassle, no more problems with the Internet locking up…
The uTorrent rules are in the first post. Copied them from this forum. For Opera, Web Browser+POP/SMTP. The only rule I have added to the Globals was the DHCP, which I experimented with from being at first only what was recommended, to allowing TCP/UDP on 67-68. I even ran the PC with the firewall disabled or after exiting CIS, and I still got disconnected Nothing short of an uninstall would fix the issue.
I did read that tutorial at least 10 times to be honest, to make sure I’m not missing something. And all that I could find here and on web. See the tags on my thread? I’ve copied them from that topic, hoping that people will find my thread too, together with the tutorial…
As for returning to CIS, maybe the next versions… I already got a new license from Kaspersky, only to find that they removed the sandbox from 2013 :\ but at least the net works fine, without absolutely any tinkering. I admit I also find myself in comfortable territory once again, after many years of using only KIS…
I liked CIS, I will miss the sandbox, but I am a pretty busy man, and while I like messing with configurations and optimising my system, I prefer to work in my design projects instead… When the license expires, I’ll give CIS another try, but for now, I am elated to have a good, 100% functional Internet connection again. At one time, I even phoned the ISP to make sure everything on their part is OK, that’s how paranoid CIS made me LOL.
If disabling the Firewall does not help to stay connected then we need to look elsewhere.
I reread your topic start. You installed CIS on a brand new laptop. Usually they come with a security suite preinstalled. Assuming you uninstalled that security suite please run a clean up tool for this suite to be absolutely sure there are no left overs of that program. These left overs can cause problems when interacting. You can find a list of cleaners here: ESET Knowledgebase .
Is the problem happening both when connecting with wire and through wireless? Or is one of the two connections the problem?
I never put Kaspersky on it.