comodo 2.4.18.184 and chat clients for yahoo [Resolved]

I am unable to get YahELite or No-5 chat clients to connect even though i’ve given them full access from the application monitor. They still won’t connect even if I disable the firewall. Yes they seem to work perfectly fine when the firewall isn’t installed (btw, i would like to see an independent uninstaller since the one provided with the program doesn’t fully uninstall). Any help would be greatly appreciated.

Domino

apparently according to the yahelite forum I am the only one with this issue. so far out of all the questions i have asked regarding this firewall, only one has been answered (64-bit win xp pro sp2).

i really like these products, but if i could use a little help here, otherwise i will have to convert to what my techie friends use rather than bring them in when i can convince them it works.

Hi Domino. There are usually only 2 reasons why a thread has no replies:

  1. It’s tucked all the way under the heap of newer posts or 2) No one knows the answer

I use the official Yahoo Messenger, so I don’t know the details of the other client versions. Anyway, you can start by uploading an edited sample of your log and/or Application and Network rules. If the ‘Allow All’ setting works then it’s quite possibly a rule or rules blocking Yahelite.

ty sonya, makes me feel better. I don’t have any issues getting messenger to sign in or transfer files or anything except get into a chat room, its always been that way, also the reason I don’t use if for chat.

I set up the log to run and so far this is all that’s in it:

LOG OPEN Fri, 20 Apr 2007 12:49:55 , Chat Central
LOG DATA Fri, 20 Apr 2007 12:50:02 , Chat Central
LOG OPEN Fri, 20 Apr 2007 12:50:08 Your_Name_Here, Chat Central
LOG DATA Fri, 20 Apr 2007 12:51:56 , Chat Central

still no indication of a login box anywhere. ugh.

Thanks again,

Domino

That doesn’t look like CFP’s log. I take it that it’s yahelite’s logs? If you would, right-click in CFP’s log window and export to html. From there just copy a section of it, specifically during the time you try to enter a chat room. Also edit out any IP’s for your own privacy.

PS: It’s Soya not Sonya :stuck_out_tongue:

my most humble apologies Soya. Yes, sorry, that was yahelite’s log, here is comodo’s:

Date/Time :2007-04-20 11:16:23
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = UNREACHABLE)
Protocol:ICMP
IncomingSource: xx.xx.xxx.x
Destination: xxx.xxx.x.xx
Message: UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2007-04-20 10:42:12
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP
InDestination: xxx.xxx.x.xx::dhcp(68)
Details: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe modified the memory of the Parent application C:\WINDOWS\system32\services.exe in memory.

Date/Time :2007-04-20 10:26:21
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (DesktopX.exe)
Application: C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP
OutDestination: xx.xxx.x.xx::http(80)
Details: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe modified the memory of C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe in memory.

Date/Time :2007-04-20 10:26:20
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (DesktopX.exe)
Application: C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe
Parent: C:\WINDOWS\explorer.exeP
rotocol: UDP
OutDestination: xx.xxx.x.xx::dns(53)
Details: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe modified the memory of C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe in memory.

Date/Time :2007-04-20 10:23:03
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (CavMUD.exe)
Application: C:\Program Files\Comodo\Comodo AntiVirus\CavMUD.exe
Parent: C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
Protocol: UDP
OutDestination: xx.xxx.x.xx::dns(53)
Details: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe modified the memory of the Parent application C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe in memory.

Date/Time :2007-04-20 10:19:01
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (YahooMessenger.exe)
Application: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP
OutDestination: xx.xxx.xxx.xxx::https(443)
Details: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe modified the memory of C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe in memory.

Date/Time :2007-04-20 10:18:33
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (iexplore.exe)
Application: C:\Program Files\Internet Explorer\iexplore.exe
Parent: C:\WINDOWS\system32\svchost.exe
Protocol: TCP
OutDestination: xxx.xxx.xxx.xxx::http(80)
Details: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe modified the memory of C:\Program Files\Internet Explorer\iexplore.exe in memory.

Date/Time :2007-04-20 10:17:59
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (CavEmSrv.exe)
Application: C:\Program Files\Comodo\Comodo AntiVirus\CavEmSrv.exe
Parent: C:\Program Files\Outlook Express\msimn.exe
Protocol: TCP
OutDestination: xxx.xxx.x.xxx::pop-3(110)
Details: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe modified the memory of C:\Program Files\Comodo\Comodo AntiVirus\CavEmSrv.exe in memory.

Date/Time :2007-04-20 10:17:54
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (msimn.exe)
Application: C:\Program Files\Outlook Express\msimn.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP
OutDestination: xxx.x.x.x::59165
Details: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe modified the memory of C:\Program Files\Outlook Express\msimn.exe in memory.

Date/Time :2007-04-20 10:17:27
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = UNREACHABLE)
Protocol:ICMP
IncomingSource: xx.xx.xxx.x
Destination: xxx.xxx.x.xx
Message: UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2007-04-20 10:17:23
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (msnmsgr.exe)
Application: C:\Program Files\MSN Messenger\msnmsgr.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP
OutDestination: xxx.xx.xxx.13::http(80)
Details: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe modified the memory of C:\Program Files\MSN Messenger\msnmsgr.exe in memory.

Date/Time :2007-04-20 10:17:23
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (xns5.exe)
Application: C:\Program Files\X-NetStat Professional\xns5.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP
OutDestination: xx.xxx.x.xx::dns(53)
Details: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe modified the memory of C:\Program Files\X-NetStat Professional\xns5.exe in memory.

Date/Time :2007-04-20 10:16:59
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (msnmsgr.exe)
Application: C:\Program Files\MSN Messenger\msnmsgr.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP
OutDestination: xx.xx.xxx.xx::http(80)
Details: C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe has loaded C:\Program Files\Stardock\Object Desktop\DesktopX\dx0.dll into the Parent application C:\WINDOWS\explorer.exe using a global hook which could be used by keyloggers to steal private information.

Date/Time :2007-04-20 10:16:58
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (msnmsgr.exe)
Application: C:\Program Files\MSN Messenger\msnmsgr.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP
OutDestination: xx.xxx.x.xx::dns(53)
Details: C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe has loaded C:\Program Files\Stardock\Object Desktop\DesktopX\dx0.dll into the Parent application C:\WINDOWS\explorer.exe using a global hook which could be used by keyloggers to steal private information.

Date/Time :2007-04-20 10:16:43
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (msnmsgr.exe)
Application: C:\Program Files\MSN Messenger\msnmsgr.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP
OutDestination: xx.x.xx.xx::1863
Details: C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe has loaded C:\Program Files\Stardock\Object Desktop\DesktopX\dx0.dll into the Parent application C:\WINDOWS\explorer.exe using a global hook which could be used by keyloggers to steal private information.

Date/Time :2007-04-20 09:58:26
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = UNREACHABLE)
Protocol:ICMP
IncomingSource: xx.xx.xxx.x
Destination: xxx.xxx.x.xx
Message: UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2007-04-20 09:08:01
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = UNREACHABLE)
Protocol:ICMP
IncomingSource: xx.xx.xxx.x
Destination: xxx.xxx.x.xx
Message: UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2007-04-20 08:55:35
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (msnmsgr.exe)
Application: C:\Program Files\MSN Messenger\msnmsgr.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP In
Destination: xxx.xxx.x.xx::52072
Details: C:\Program Files\Stardock\Object Desktop\DesktopX\WidgetManager.exe has modified the the User interface of the Parent application C:\WINDOWS\explorer.exe by sending special Window messages.

Date/Time :2007-04-20 08:55:21
Severity :High
Reporter :Application Behavior
AnalysisDescription: Suspicious Behaviour (YahooMessenger.exe)
Application: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP
OutDestination: xxx.xxx.xxx.xxx::5050
Details: C:\Program Files\Stardock\Object Desktop\DesktopX\WidgetManager.exe has modified the the User interface of the Parent application C:\WINDOWS\explorer.exe by sending special Window messages.

whew, the only difference i can find in anything is the firewall and antivirus.

Thanks again,

Domino

Why is Ad-Aware modifying the memory of nearly all apps? Is that Ad-Aware’s normal behavior?

Not to mention this Ad-Aware is the Personal not Plus or Professional edition, so it doesn’t have a real-time scanner. Domino: did you deny or allow those alerts whenever Application Behavioral Analysis (ABA) pops up? Because if you denied them then most likely the child executable programs won’t (fully) function.

How ironic. I just went to the homepage http://www.lavasoft.de/ and Opera already blocked a bunch of ads :P.

Any blocked files in Component Monitor?

That’d be my question, too. SuperAntispyware did the same thing, resulting it its prompt dismissal from my system…

domino, if you chose to Deny any of those that relate to your IM program (even without “Remember”) you will have caused a block on that application/component. It would be temporary, but a block nonetheless. You’re probably aware of that, but some folks aren’t, so I wanted to throw it out there.

LM

Yea, and sometimes a restart of the program won’t work. Then you’ll just have to reboot because CFP keeps your choice in memory.

Not to mention a whole mess of scripts…

What files/registry keys aren’t removed? The only ones I know of are legacy keys, which can be deleted if you right-click on them and obtain full permissions/control. But since you requested it, here’s a standalone uninstaller:
FAQ for Comodo Firewall:

[url=https://forums.comodo.com/index.php/topic,5326.0.html]Manual uninstall[/url]

i’ve permitted everything that has popped up by comodo. never ever any problems using this version of ad-aware anyway. i’ve run the exact same setup with antivi and without, with ad-aware and without. i’ve never blocked anything since i was saving that for when everything was working lol. have tried several reboots and restarts. double checked and not one component control is blocked. same goes for every app.

the only thing i can think of is this maybe something similar i had issues with when using zone alarm free and pro…the solution was to allow white listed apps only or something similar, i can look up the post if you need it.

i got a bit lost in the banter between you two, so if i missed something i’m sorry. want me to check anything else?

i have no clue what’s not removed, just assuming something was still there since it worked before firewall but not after, and continued not to after uninstalling, did a standard registry sweep with RegCleaner, still no luck.

If a clean re-installation of CFP (as in no other running software during this stage) doesn’t work then try filing a support ticket with the official team: http://support.comodo.com and link this thread.

Edit: I assume your Windows Firewall is completely disabled.

i’m waiting for a new h/d, i will put a clean install of win xp pro sp2 with updates, comodo firewall and yahelite and leave it at that and let you know how it turns out.

thanks.

When you do, either install Comodo Firewall before any other security applications (AV, AS, etc), or completely disable all aspects of those security applications prior to installing the firewall.

Any active/real-time security application will likely cause a conflict with the install of the firewall, which I have seen cause some odd problems.

LM

ok, finally i get back LOL…i have 2 freshly cleaned and wiped out pc’s now, one running 64-bit, the other 32-bit MS Windows XP Professional. Disabled the windows firewall and got all the ms updates. Yahelite works just like it should with no issues what-so-ever. Soooooo, this has got to be one of 3 issues, either CPF or CAV was blocking the program or there was some sort of conflict between CPF and my Linksys WCG200 gateway (which i doubt since i didn’t have any issues with my Anitvira and Tiny Personal Firewall setup).

Comments and suggestions are greatly appreciated as i really would like to stay with the Comodo products. Does someone have a checklist? I imagine it’d be best to just put the CPF on without any restrictions and see if it flies again. I’ll save that for a bit later since i need to get my drivers loaded still.

Without restrictions? What exactly does this mean? If it’s about the order of security software installation, always put the Firewall first (not the Windows one :P). The only exception to this is if you have Kaspersky products, but that is another story.

Just a note, though, that at present Comodo does not have any 64Bit OS applications, only 32Bit…

Version 3 of the firewall will be Vista & 64Bit compatible.

As for running the FW on the 32Bit machine, install on the default “Automatic” - do not choose “Manual.”

When you’re finished, go to Security/Tasks/Scan for Known Applications.

Then go to Security/Advanced/Miscellaneous. Move Alert Frequency to Very Low. If you do not use a proxy server, you may safely select both “Skip loopback…TCP/UDP” options. OK. Reboot.

This will give you a pretty much “set and forget” configuration. You should only get one popup per application, provided that there isn’t any suspicious behavior (Application Behavior Analysis - Security/Advanced/ABA). Once you have everything working, you may slowly work on tightening things up.

LM

by restrictions i only meant to indicate that everything would be given free reign to and from. sorry no clue what those Kaspersky proggies are. yes i know about the no 64-bit version yet as i saw the reaction my pc had when i tried to run the cpf in the subject line and posted a few questions. also posted to provide an opportunity for someone to give whatever beta they have a shot for an ametuer install.

as for the rest…perfect! thanks little mac…i’ve ALWAYS done the custom install, habit since i’m always looking for the useless or things i need to disable until the programs are in place. i will do that sometime tomorrow morning i think.

will post and let you know how it turns out. Thanks.