Comodo Firewall interfering with browsers

Hi there,

I recently installed Comodo firewall and encountered an odd problem. Seems it’s interfering with web browsers, and that’s not browser-specific - tried Firefox, Mozilla, and IE. Every once in a while, the browser doesn’t recognize files like .CGI, .PHP and so on., prompting me on how to handle it. Like this:


http://img153.imageshack.us/img153/6396/screenshot2rh7.th.jpg

I’ve pretty much nailed it down to Comodo FW since it doesn’t happen if I turn on the XP firewall instead, and I didn’t change or install anything else recently. Running Windows XP SP2 with all the latest updates. Any ideas? ???

Cheers,
N.

Hi and welcome to the forum! Actually it’s not a comodo issue. Is this good? No because hijackers, etc…can run script from some cgi’s sitting on the web site server and execute bad stuff into your browser and pc. I usually choose no and getting this alert is a good thing. They can be random and some are really ticked off with them, I think some even run advertisements when you click on them. If Comodo is involved in seeing these, this is a good thing but rest assured, it’s not Comodo’s fault on these.
:wink:

Paul

Hi and thanks for replying. :slight_smile:

Actually I’m pretty sure it’s not some sort of malware that’s causing this. I’ve got a background in Unix system administration and I’m well aware of the pitfalls of online computing. I don’t click on anything I’m not 100% sure of it’s safe, I’ve got active scripting disabled, Avast on-access-ccanners installed, plus I run regular checks with Spybot, Ad-Aware and Hijack-This. Of course I tried these first, but all came up empty.

Also I have had this happen with trusted sites I know to be under strict administration and scrutinty, not just some random site I happened to be redirected to.

I’ve been using Sygate Personal Firewall for years, but since they’ve been gobbled up by Symantec, I was looking for an alternative and somebody recommended Comodo. Looks very promising, too, except for that “thingie”, which doesn’t happen if I disable Comodo FW and enable XP firewall instead. Of course I don’t really trust XP FW, so…

Cheers,
N.

Well a couple of things, one XP won’t show these, I know from experience and it is simply left to download many times, not good. Also, I don’t mean you have spyware, etc…but these are being hacked to use for such on servers, just a word of caution is all. :wink: Not all are threats, it depends on who decides to exploit them or not but it has and can happen. Many regard them as adware. If there is something in CPF that is blocking this and showing us, then I would rather welcome it and not install the cgi unless by my permission. I didn’t get these until I used Firefox, this was even before I had CPF, so i don’t think CPF is directly related unless it’s securities are kicking in. Just my take and you are more than welcome to hear other’s opinions on this. I will leave this topic unresolved until perhaps you feel you recieved an answer that suits your needs. :wink:

Paul

Sorry to ■■■■ in guys…

Paul: CGIs & PHPs downloading… avast.

Nighteyes: What’s your connection type & speed?

Hi kail, remember, no one is butting in , we all have equal rights here so no need to worry. :wink: :slight_smile:
I will say though that is the shortest sentence I have ever seen. :o ;D
CGI “to be brief” allows server to pass requests from web browser to external program\application. As well, it states “forum cgi”. I suppose if i’m wrong then i’ve learned something new, there’s always a bright side to it. Thanks for the info Kail. :wink:

(V)
Peace out

Paul

Paul: Let me put another way… topic: Anyone know what this is?

Nighteyes: PS Please could you expand on your suspicions of malware?

Equally as short. ;D

Thanks Kail but a mention, it was I who mentioned the malware, not nighteyes, they didn’t suspect malware. Either way, I think i’ll hand this over to you. The blood hound is on a trail, lolll :smiley: Sick em’ kail! Good luck getting this worked out and hope all gets resolved.

Paul has left the building

■■■■, you’re quite right. Sorry. Please ignore that malware question Nighteyes & sorry about that.

Paul has left the building

Well, get back here. Simple problem. But, hardly anybody is cooperating. Problem: Why is it that some systems run without any problems using avast & CPF, whilst others experience problems with the browser either printing garbage on the screen and/or provoking the browsers into wanting to download web components?

Comodo Support say it’s not a CPF issue. They also picked an rather different way of saying that CPF is transparent to avast & that since avast was operating on the application side it would better able to detect & report on any such errors. Implication, its avast job to scan web components, not CPFs. I see their point. Until HIPS is in CPF, what does CPF care about web components? Apparently, its on the avast forums as well. But, I’ve not checked it out it. So, I don’t know if they think its avast or CPF. The problem has been reported to ALWIL. But, I don’t think they’ve responded yet. Obviously, most people posting here suspect that its something to do with CPF, rather than avast or it hasn’t occurred to them that avast could be involved. Either way… I need your help. Actually… duh… I’ll visit avasts forums & find out if anybody there who has the problem & is not running CPF.

I have gotten my fair share of these before using Comodo and don’t recall ever using Avast, always had Vcom. Also, this was before I had firefox, IE6 and ZA. So please don’t think i’m shrugging off your suggestion as it may well be a fact, but I have gotten these without this unearthly mix of CPF and AVAST. What is it with these two? Do we have to ground them? loll Time out yous two! I think it’s time for me to Google a bit tonight and see what I can find, going off what I remember may have changed a bit. We’ll get to the bottom of this. We’ll take hours and hours, perhaps weeks if neccassary, then Ewen will come in here with one statement and solve the whole thing (:AGY) :smiley: :smiley:

Probably not far from the truth, he’s a living security center I think. :wink:

Paul

I hope he does.

Well in the avast forums there are 2 topics. The biggest, was initially focused on avast & ZA. Later, CPF was introduced. No conclusions. ELWIL don’t seem to be able to replicate the problem in their labs (I suspect they’ve not tried CPF). Dead end.

What we need is someone who knows how to use Wireshark & can create the problem on demand. They could then capture 3 different events in PCAP files. Avast only, CPF only and Avast/CPF. And the answer would mostly likely be in those 3 PCAP files.

I would just like to throw in a note to the user, we haven’t disregarded you, this is all about your situation, we have two opinions, a few thoughts and are trying to merge to find out what’ s what.

That said, I don’t know Kail, I still say it isn’t related to any firewalls etc…just my take though. :-\ With that , your idea is a good one but this would be difficult to say the least. Without any more info from the user , it’s going to be a dead end methinks.

Paul

Hey, no problem. :slight_smile: So basically you’re saying it may be some quirk resulting from the combination of Comodo and Avast?

Without any more info from the user , it's going to be a dead end methinks.

Alright, what info do you need? Regarding my connection type & speed it’s DSL 1000 k/sec.

Cheers,
N.

I have another idea about the OP’s query. Using Firefox as I always do, I get exactly the same window when I click jpeg image files, as many forum posters use for screenshots. The only difference is that in this case FF knows that a jpeg is involved and asks (after expreience with me) that I want it opened by Irfanview. I just click on the “open” option (it is already selected), FF downloads it to temporary storage, and opens it with Irfanview.

Presumably Nighteyes could arrange to handle CGI files with some appropriate utility (I don’t know ahat to suggest here) and go from there.

Hi, is there any way to reproduce this? A site that absolutely will do this or no?

Paul

There is no pattern that I can see… can happen with any site and appears to be random. The same CGI or PHP works a dozen or a hundred times and then all of a sudden I get the prompt.

Once that happens, the browser just hangs when I click on that specific CGI or PHP the next time. It appears to return to normal after a day or so but I figure that’s just the browser cache expiring.

On a related note, I broadcast the problem on a few forums I regularly visit and invited people who might have similar problems to report back here if they have any further clues. I hope that’s OK with everybody, but I figure it would increase our chances to get to the bottom of this. :slight_smile:

Cheers,
N.

Alright people, obviuosly this is not an issue that will be resolved any time soon, so I’m going back to Sygate PF for the time being. The free version hasn’t been updated for 2 years, but then again a decent firewall doesn’t require regular updates to get the job done (aklhough bugfixes are nice, of course). Sure beats XP’s own firewall.

Thanks again to anybody taking the time to respond to my query. I’ll be sure to check back here once in a while. Maybe Avast and Comodo will coexist peacefully sometime, at which time I’ll sure give CPF another shot. ;D

All the best,
Nighteyes