Comodo Keeps Blocking My Internet Access + Specific Application Rule Questions

Hi everyone. After my last problem when i’d just started using CPF I hoped to never need to use this help forum again. But apparently I wasn’t so lucky. :-\

I’ve for quite a long time(bunch of months) had the problem that sometimes my internet connection doesn’t seem to work. Usually it would happen when I had just started my comp, and therefore I used to do a restart and it would work in most cases. If not after a second restart it usually worked.

Anyway, a while back i suddenly realized that the problem comes from Comodo. I had suspected it for a long time but even when i put the FW to Allow all it wouldn’t let my Firefox start.

Now though, it does work when i do that. The thing is in some cases like just now, I blocked Windows Media Player access to the internet when Comodo asked, and suddenly I couldn’t load anymore pages in FF. The same thing happens with a lot of other programs but the result is always cut internet access everywhere.
I’m typing this now in Allow all mode, which isn’t very smart but I have no other choice.
So, before I get a virusattack, please help me deal with this! I love comodo, but sometimes I think it’s just too strong or something :wink:

I really have a problem with this, and I searched the forum’s old threads but came up with nothing. Isn’t there someone here that can help me? ???

Hello novis

Can you please send a screen shot of your rules so that someone here can help you solve this. Maximize CFP before taking the shot.

John

Thank you for your reply John.
What rules is it you want me to screenshot? (application, monitor or component rules?) :-[

Hi novis

Start with your network monitor rules, if they are ok then the application rules.

John

Oki. Here we go. I got all the ports included in the capture, but it was a narrow fit :wink:

[attachment deleted by admin]

Hi novis.

The chances are, this is an application parent/child problem.

It would be helpful if you could post the information requested here:

Important - Please read before posting

along with a screen shot, if possible, of the CFP alerts that you block.

Toggie

Hi novis.

The first rule you have is a little worrying, which ports are you specifically allowing in and out in that rule.

The other thing is, the second rule allow TCP/UDP out to anywhere, so effectively duplication part of the first rule.

Oh, I’m so sorry! It’s obviously been too long since I posted here last time :-[

-The version of Comodo Firewall Pro Installed: 2.4.11.135 RC1
-My Internet connection: adsl modem
Operating system: Win XP Sp2 with pretty much all the latest updates save for the last few day’s new ones…

  • How you are logging in to the OS: Only user/admin
  • Other Security applications installed: Nod32 Antivirus, Ad-Aware, Spybot S&D, Windows Defender, Spywareguard.
  • Security related applications which have been removed/disabled before installing CFP: None I can remember.
  • Security related application which have been removed/disabled after installing CFP: None I can remember.
  • Detail the problem, such as which applications are running when you have the problem: Firefox, sometimes along with various other applications. It could be Adobe Premiere it could be Limewire or whatever. Sometimes it occurs upon startup when I try to start Firefox.
  • Please inform us if you have created any custom rules: I don’t know. Where do I check this? :-[
The first rule you have is a little worrying, which ports are you specifically allowing in and out in that rule.
Oh really? Hmm well they're all from the applications Limewire, uTorrent and Emule...i had severe connection problems with Limewire for a long time so I'm sure that's why there's so many ports there and also the cause of the double rule. Could I actually delete rule nr2 then?
Oh really? Hmm well they're all from the applications Limewire, uTorrent and Emule...i had severe connection problems with Limewire for a long time so I'm sure that's why there's so many ports there and also the cause of the double rule. Could I actually delete rule nr2 then?

I wouldn’t be too quick to delete that second rule without making sure you have a comprehensive rule to replace it. That’s something we’ll need to look at.

Could you post your log files as well please, along with a screen shot of your Application rules, as detailed in that link I gave you.

Thanks

May I inquire as to why you are using an obsolete version of CFP 2 that’s in a release candidate state? Perhaps there are related bugs causing this issue.

Oops! good point soya, guess I better get some glasses (:NRD)

As far as I know this is the latest version ??? I do know it’s a beta version and I can’t remember if I downloaded it from a link here or if I got some prompt-update, because it was a while back.
Which version would you recommend me to switch to? I could start there…

I don’t think I can show you any of the alerts I’m blocking as I assume they need to pop up first? My log and application list attatched tho.

Thank you for your help!

[attachment deleted by admin]

I personally would go for version 3 that might be released…today! Or for the time being if you’re hasty to get the current stable 2.4.18.184 from the official site:

The are a few “problems” I see with your Application Monitor rules. For example, why do you have so many for Firefox? Aside from different parent executables, I’m guessing it might be due to the redundant rules that you previously allowed due to the loopback request (at least for the Allowed Incoming parts, which is not needed by any browser), which can be disabled in Security > Advanced > Miscellaneous > Enable skip tcp loopback. Also, all those rules to allow those setup files (including msiexec.exe) internet access shouldn’t exist. Setup files are usually one-time instances, so I would delete them. Of course, all that doesn’t explain why your internet was blocked, just something for efficiency and assuming you don’t run a proxy server.

Thank you! I was wondering why I have so many rules for the same application but I didn’t dare to delete any because I assumed they needed to be there and I wouldn’t want to guess as to which ones to delete.

I’m not in any real hurry, so I’ll wait for version 3 to come out. Will my changes and settings follow along to that version or do I need to redo everything once that’s installed?

I’ve been suspecting my Comodo haven’t been running the best way recently, so I’m really grateful for all this help! :slight_smile:

Unfortunately, the architecture in 2.x and 3.x are too different, so even with the backup script created by the mods won’t be able to import it correctly. I guess this means we’ll start the rules & options from scratch.

well in my case maybe it’s a good thing, if I just disable the loopback tcp thing first :wink:

As I’m not really sure as to which app rules to delete. Took away some setup ones, and assume others will pop up again if I deleted them and they need access…

As they pop up you may post & upload the screenshots if you’re not sure.

Will do :wink:

Could I for example delete all the firefox rules and then I assume I’ll be prompted to allow/deny again, and that I should only check the “remember” box for the most important ones?

I checked closer on the rules for FF and they were for CCleaner etc probably at times they requested to be updated.

Now I have 6 FF rules left. One includes thunderbird(which i run from FF usually)
two are from my local settings temp file folder, and I don’t know why that’d be needed?
One are from my local settings application data folder, and same question there as ^?
One are for explorer.exe and have a destination port range. Do I need this one? Attaching screenshot of it.

Thank you

[attachment deleted by admin]

Yup.

But that’s one program each, meaning that CC can and should only need to launch FF one way. There should only be one allowed rule (TCP/UDP Out) in this case.

I don’t either. Be very suspicious of temp files and folders - at best, they only need internet access going out once. I’ve never had one that needed this, at least not for legit purposes. The key here is what are the parent executables?

Definintely a NO! More info here:
https://forums.comodo.com/general_security_questions_and_comments_not_product_related/should_explorerexe_get_access_rights_iexplorerexe_is_ie-t6854.0.html