before I post all kind of screenshots and log info I would like to ask: is there anyone familiar with the use of Netgear’s SAN drive type SC101 (http://www.netgear.com/Products/Storage/NetworkStorage/SC101.aspx) and the use of COMODO firewall, anti-virus and anti-malware products? Since I installed the most recent release of those 3 COMODO products, I frequently run into Windows BSOD crashes. And I suspect the interaction between the Z-SAN driver that communicates with the san drive and one of these COMODO products. Before I installed the COMODO products it all worked without these problems.
Thank you for responding.
i dont have that netdrive,
i assume you enable in advanced allow outgoing connections while boot, also try disable in prog analyzer recursive dns, and if it dont boot try also,
go safemode and the drive as trusted network.
plse report and might post content of bsod, might in a *.dmp file if find it. (note down blue screen most content and do a filesearch in windows)
PS: you can also try disable the netHD service by manual, might in legacy drivers too.
important is you get it booted in normal ways.
thank you for your hints.
- The Windows BSOD’s come after a period of time I have worked with the computer. Sometimes after an hour, sometimes after half a day. So certainly not during booting.
- During booting there is visual information that the Z-SAN service starts for all drives (partitions) defined on the net drive. No problems with that.
- The ‘allow outgoing connections’ was already enabled.
- The drive gets its tcp/ip addresses using DHCP. I had already declared the address range as a trusted zone in Comodo Firewall Pro. And I also marked the service .exe and the user interface program as trusted applications.
- What I had not disabled was the recursive dns check. I switched it off now and see what happens today.
- Each time it happens the system was unresponsive for some time first, then the system tray showed a yellow message reporting a new Z-SAN drive was found and then it crashes. I suppose that because of the unresponsiveness the net drive service has lost control and retries.
The ‘Event Log | System’ category showed that the service had unexpectly stopped and got a restart request after 6 seconds. That seems to be the amount of time the yellow message is visible until the pc crashes.
Because I have not updated the Z-SAN drivers but only installed the 3 COMODO products, I suspect some interference between them. In case the system crashes again, I will temporarily set Comodo Firewall Pro to ‘allow all’ in an attempt to see whether or not it really has to do with the Comodo firewall.
Comodo Firewall Pro 22.214.171.124
Comodo BOClean 4.25
Comodo AntiVirus - Version Information Report
Build Version : 126.96.36.199
DataBase Version : 188.8.131.521
AllowDB Version : 184.108.40.206
Program Updates Version : 220.127.116.11
License Status : Activated
Product Installation Date: 08-okt-2007
Product Activation Date : 04-sep-2007
Program Files Information
======= ===== ===========
CMain.exe : 18.104.22.168
CavApp.exe : 22.214.171.124
CavSn.exe : 126.96.36.199
CavAud.exe : 188.8.131.52
CavMud.exe : 184.108.40.206
Cavasm.exe : 220.127.116.11
CavEmSrv.exe : 18.104.22.168
CAVSubmit.exe : 22.214.171.124
cavengine.dll : 126.96.36.199
Operating System Information
========= ====== ===========
Operating System : Windows XP
Operating System Version : 05.01.2600
Service Pack : Service Pack 2
Internet Explorer Version : 6.0.2900.2180
Central Processing Unit (CPU) : Intel(R) Pentium(R) 4 CPU 3.00GHz
Available Memory : 428MB
Total Memory : 1022MB
Have you configured the firewall to open UDP port 20001? The SC101 manual states that you must do this with many firewalls.
I have a more general rule to allow tcp/udp ports. So UDP 20001 is just one of them. And if it were not allowed, there would not be any communication with the net drives I suppose. But it works most of the time.
Thank you for your thoughts.
does the drive need netbios access?
did you play there?
When you installed the Comodo products, did you do so in SafeMode? If not (and if the recursive DNS setting does not resolve your issue), I would suggest using SafeMode to uninstall all 3 Comodo apps, clean registry, and reinstall (with reboots in between each step).
Also, just to make sure which applications you are using, would these be:
PS: Just in case no one has done so, welcome to the forums! (:WAV)
Only udp port 20001 should ne needed. No one of Netgear is talking about netbios.
I will try the uninstall etcetera as you proposed. Do you have a preferred way to cleanup the registry from remaining Comodo-related entries?
I indeed use the releases you mention (see my version info posted above).
Doh! (:SHY) Sorry for overlooking that; I was focusing on the situation and overlooked those details…
As for a preferred method of registry cleanup, I typically suggest using a utility such as RegSeeker or CCleaner; both are free, and give you the option to create a backup before removing files (which is absolutely imperative!). I’m not too concerned about high-level, super-detailed cleaning - we just want to make sure that typical leftover “junk” gets cleared out, and these cleaners should do just fine for that. If you have a favorite program you always use, that should be fine as well.
Part of the mindset in using a utility like these rather than doing it manually is there may be “junk” aside from Comodo that needs to be cleared out. If you use Regedit and focus on Comodo, keys may end up being missed.
SafeMode is used as this helps prevent conflicts between various low-level applications during installation (and uninstallation). Security apps especially are rather sensitive to such conflicts.
I have tried what you proposed: uninstall all Comodo programs in safe mode with reboots in between, run CCleaner, install the Comodo programs in safe mode with reboots in between. Unfortunately in the end after normal startup, the san communication still has problems. So I finally decided to uninstall the Comodo firewall and revert to the Windows firewall for the time being (I know I have to find a better one).
Before I tried the Comodo firewall I had already tried a few others like Kaspersky, Bitdefender, ZoneAlarm, AVG. And I must say that AVG was the only one that did not interfere with the san communication. But before I decide to buy it I thought to give the free Comodo firewall a try. It is a pitty that it does not work (yet) for my network configuration.
The problem is that without the san driver it works well but then I cannot try to find a solution. And with the san driver I have the crashes, hang-ups and loss of san mirrorring (the driver sends data to both hard disks in the drive for that purpose). Restoring mirrorring each time costs me too much time.
I suspect the real reason to be related to that mirrorring (sending multiple messages or broadcasting or whatever way it is implemented).
Thank you for your help. I will monitor this thread to see if anyone comes up with more ideas/settings. Then I might give it a retry.
I believe that the Netgear SC101, for reasons best known to Netgear, use fragmented packets. We have had a handful of other Comodo users that have disabled blocking of fragmented packets to get their NAS boxes working.
Try this and post the results back here.
Hope this helps,
Hi all, I am new in this forum and I take this opportunity to ask a greeting to all.
As suggested form panic, you must disable fragmented packet analys.
I had the same symptoms and now everything works!! :BNC
Hello Panic and Krash,
thank you for your help. Sorry for my late reply.
Although I had not specifically mentioned it, the fragmented packets was one of the checks I had already disabled in an early stage of my attempt to get it working. But somehow that did not seem to be enough. After all my struggling I decided to uninstall the Comodo firewall. The original problem did not show up anymore. But there were still some hangups from time to time, e.g. during copying many files to the san. Because all the problems started after installing the 3 Comodo packages firewall, antivirus and boclean, I decided to uninstall the others too. And now everything is back to normal. Netgear keeps on functioning and no more of those hangups.
As I wrote before, AVG internet security was the only one so far that did not gave any of those problems. Of course I can buy that one but as far as I have read tests, there are better packages. But the other ones tested so far all gave those kind of problems.
Question for Panic:
You say it works fine for you. Is that for non-mirrorred as well as mirrored drives on the san? Because the problems only showed up for mirrorred drives.
Correct. Configured as JBOD with fragmented packets allowed works for me.
Ok. Maybe I should know but what is ‘JBOD’?
And you run with Comodo Firewall v2 or v3?
JBOD = Just a Bunch Of Disks - not mirrored, not spanned, just crammed into the enclosure and set up as separate volumes.
I’m running CFP V3.
Hope this info helps,
I have given up. Whatever I tried to change in settings, it simply does not prevent loosing the mirror functionality. So I have uninstalled the Comodo firewall. Since then, I also do not have to re-install the rights for various users anymore on the drives on that Netgear as I needed to do that over and over again each time I booted my computer with Comodo firewall. So after trying some 5 different brand firewalls, the one of AVG was the only one that did not give me this trouble.
All that replied thank you for your support.
Sorry that didn’t work out for you.
I checked with a mate at Netgear and he confirmed that allowing fragmented packets should allow the SC101 to talk to and through CFP. He did also suggest turning off protocol analysis for a double check.
The above two steps are also requred for Apple’s NAS device.
A bit late but…
quick comment for other toaster users (SC101)
New install of latest free version of “Comodo internet security” (3.5.5713.439), killed of the Netgear disks, but when firewall was disabled they came back … i.e. it was Firewall not Defense+… so after reading this thread,
I got mine going by
1: making Z-SANSERVICE.EXE a trusted application,
2: Creating a network zone “local” with ip range: (my local network) 192.168.1.1 - 192.168.1.255.
3: Running stealth ports wizard and selecting the new “local” zone I had just created.
4: Adding 20001 to the HTTP port set.
5: under Advanced → “Attack Detection Settings” → Miscellanious I un-ticked “Block Fragmented IP datagrams”.
Each time I re-enabled the firewall as “Training” mode
i.e. the all same fixes as proposed in this thread, without all the safe mode uninstall / clean / reinstall.
I did the above in sequence, I have not removed any of the setting since, so I cannot say if all or only some of the settings are required, only that at each step I re-enabled the firewall, and each time the SC101 disk vanished, until point 5!
After point 5 I set the firewall as “Safe” mode and all is fine!
thanks for a great product Comodo!