before I post all kind of screenshots and log info I would like to ask: is there anyone familiar with the use of Netgear’s SAN drive type SC101 (http://www.netgear.com/Products/Storage/NetworkStorage/SC101.aspx) and the use of COMODO firewall, anti-virus and anti-malware products? Since I installed the most recent release of those 3 COMODO products, I frequently run into Windows BSOD crashes. And I suspect the interaction between the Z-SAN driver that communicates with the san drive and one of these COMODO products. Before I installed the COMODO products it all worked without these problems.
The Windows BSOD’s come after a period of time I have worked with the computer. Sometimes after an hour, sometimes after half a day. So certainly not during booting.
During booting there is visual information that the Z-SAN service starts for all drives (partitions) defined on the net drive. No problems with that.
The ‘allow outgoing connections’ was already enabled.
The drive gets its tcp/ip addresses using DHCP. I had already declared the address range as a trusted zone in Comodo Firewall Pro. And I also marked the service .exe and the user interface program as trusted applications.
What I had not disabled was the recursive dns check. I switched it off now and see what happens today.
Each time it happens the system was unresponsive for some time first, then the system tray showed a yellow message reporting a new Z-SAN drive was found and then it crashes. I suppose that because of the unresponsiveness the net drive service has lost control and retries.
The ‘Event Log | System’ category showed that the service had unexpectly stopped and got a restart request after 6 seconds. That seems to be the amount of time the yellow message is visible until the pc crashes.
Because I have not updated the Z-SAN drivers but only installed the 3 COMODO products, I suspect some interference between them. In case the system crashes again, I will temporarily set Comodo Firewall Pro to ‘allow all’ in an attempt to see whether or not it really has to do with the Comodo firewall.
Version info:
Comodo Firewall Pro 2.4.18.184
Comodo BOClean 4.25
Comodo AntiVirus - Version Information Report
Product Information
======= ===========
Build Version : 2.0.17.58
DataBase Version : 2.0.0.311
AllowDB Version : 2.0.16.52
Program Updates Version : 2.0.17.58
License Information
======= ===========
License Status : Activated
Product Installation Date: 08-okt-2007
Product Activation Date : 04-sep-2007
Operating System Information
========= ====== ===========
Operating System : Windows XP
Operating System Version : 05.01.2600
Service Pack : Service Pack 2
Internet Explorer Version : 6.0.2900.2180
Hardware Information
======== ===========
Central Processing Unit (CPU) : Intel(R) Pentium(R) 4 CPU 3.00GHz
Available Memory : 428MB
Total Memory : 1022MB
I have a more general rule to allow tcp/udp ports. So UDP 20001 is just one of them. And if it were not allowed, there would not be any communication with the net drives I suppose. But it works most of the time.
When you installed the Comodo products, did you do so in SafeMode? If not (and if the recursive DNS setting does not resolve your issue), I would suggest using SafeMode to uninstall all 3 Comodo apps, clean registry, and reinstall (with reboots in between each step).
Also, just to make sure which applications you are using, would these be:
CAVS 2.0.17.58
CFP 2.4.18.184
BOC 4.25
Tnx,
LM
PS: Just in case no one has done so, welcome to the forums! (:WAV)
Doh! (:SHY) Sorry for overlooking that; I was focusing on the situation and overlooked those details…
As for a preferred method of registry cleanup, I typically suggest using a utility such as RegSeeker or CCleaner; both are free, and give you the option to create a backup before removing files (which is absolutely imperative!). I’m not too concerned about high-level, super-detailed cleaning - we just want to make sure that typical leftover “junk” gets cleared out, and these cleaners should do just fine for that. If you have a favorite program you always use, that should be fine as well.
Part of the mindset in using a utility like these rather than doing it manually is there may be “junk” aside from Comodo that needs to be cleared out. If you use Regedit and focus on Comodo, keys may end up being missed.
SafeMode is used as this helps prevent conflicts between various low-level applications during installation (and uninstallation). Security apps especially are rather sensitive to such conflicts.
I have tried what you proposed: uninstall all Comodo programs in safe mode with reboots in between, run CCleaner, install the Comodo programs in safe mode with reboots in between. Unfortunately in the end after normal startup, the san communication still has problems. So I finally decided to uninstall the Comodo firewall and revert to the Windows firewall for the time being (I know I have to find a better one).
Before I tried the Comodo firewall I had already tried a few others like Kaspersky, Bitdefender, ZoneAlarm, AVG. And I must say that AVG was the only one that did not interfere with the san communication. But before I decide to buy it I thought to give the free Comodo firewall a try. It is a pitty that it does not work (yet) for my network configuration.
The problem is that without the san driver it works well but then I cannot try to find a solution. And with the san driver I have the crashes, hang-ups and loss of san mirrorring (the driver sends data to both hard disks in the drive for that purpose). Restoring mirrorring each time costs me too much time.
I suspect the real reason to be related to that mirrorring (sending multiple messages or broadcasting or whatever way it is implemented).
Thank you for your help. I will monitor this thread to see if anyone comes up with more ideas/settings. Then I might give it a retry.
I believe that the Netgear SC101, for reasons best known to Netgear, use fragmented packets. We have had a handful of other Comodo users that have disabled blocking of fragmented packets to get their NAS boxes working.
Hi all, I am new in this forum and I take this opportunity to ask a greeting to all.
As suggested form panic, you must disable fragmented packet analys.
I had the same symptoms and now everything works!! :BNC
GoodBy
thank you for your help. Sorry for my late reply.
Although I had not specifically mentioned it, the fragmented packets was one of the checks I had already disabled in an early stage of my attempt to get it working. But somehow that did not seem to be enough. After all my struggling I decided to uninstall the Comodo firewall. The original problem did not show up anymore. But there were still some hangups from time to time, e.g. during copying many files to the san. Because all the problems started after installing the 3 Comodo packages firewall, antivirus and boclean, I decided to uninstall the others too. And now everything is back to normal. Netgear keeps on functioning and no more of those hangups.
As I wrote before, AVG internet security was the only one so far that did not gave any of those problems. Of course I can buy that one but as far as I have read tests, there are better packages. But the other ones tested so far all gave those kind of problems.
Question for Panic:
You say it works fine for you. Is that for non-mirrorred as well as mirrored drives on the san? Because the problems only showed up for mirrorred drives.
Hello,
I have given up. Whatever I tried to change in settings, it simply does not prevent loosing the mirror functionality. So I have uninstalled the Comodo firewall. Since then, I also do not have to re-install the rights for various users anymore on the drives on that Netgear as I needed to do that over and over again each time I booted my computer with Comodo firewall. So after trying some 5 different brand firewalls, the one of AVG was the only one that did not give me this trouble.
All that replied thank you for your support.
Regards,
Henk
I checked with a mate at Netgear and he confirmed that allowing fragmented packets should allow the SC101 to talk to and through CFP. He did also suggest turning off protocol analysis for a double check.
The above two steps are also requred for Apple’s NAS device.
A bit late but…
quick comment for other toaster users (SC101)
New install of latest free version of “Comodo internet security” (3.5.5713.439), killed of the Netgear disks, but when firewall was disabled they came back … i.e. it was Firewall not Defense+… so after reading this thread,
I got mine going by
1: making Z-SANSERVICE.EXE a trusted application,
2: Creating a network zone “local” with ip range: (my local network) 192.168.1.1 - 192.168.1.255.
3: Running stealth ports wizard and selecting the new “local” zone I had just created.
4: Adding 20001 to the HTTP port set.
5: under Advanced → “Attack Detection Settings” → Miscellanious I un-ticked “Block Fragmented IP datagrams”.
Each time I re-enabled the firewall as “Training” mode
i.e. the all same fixes as proposed in this thread, without all the safe mode uninstall / clean / reinstall.
I did the above in sequence, I have not removed any of the setting since, so I cannot say if all or only some of the settings are required, only that at each step I re-enabled the firewall, and each time the SC101 disk vanished, until point 5!
After point 5 I set the firewall as “Safe” mode and all is fine!
thanks for a great product Comodo!
