Hi everyone. After my last problem when i’d just started using CPF I hoped to never need to use this help forum again. But apparently I wasn’t so lucky. :-\
I’ve for quite a long time(bunch of months) had the problem that sometimes my internet connection doesn’t seem to work. Usually it would happen when I had just started my comp, and therefore I used to do a restart and it would work in most cases. If not after a second restart it usually worked.
Anyway, a while back i suddenly realized that the problem comes from Comodo. I had suspected it for a long time but even when i put the FW to Allow all it wouldn’t let my Firefox start.
Now though, it does work when i do that. The thing is in some cases like just now, I blocked Windows Media Player access to the internet when Comodo asked, and suddenly I couldn’t load anymore pages in FF. The same thing happens with a lot of other programs but the result is always cut internet access everywhere.
I’m typing this now in Allow all mode, which isn’t very smart but I have no other choice.
So, before I get a virusattack, please help me deal with this! I love comodo, but sometimes I think it’s just too strong or something
Oh, I’m so sorry! It’s obviously been too long since I posted here last time :-[
-The version of Comodo Firewall Pro Installed: 2.4.11.135 RC1
-My Internet connection: adsl modem
Operating system: Win XP Sp2 with pretty much all the latest updates save for the last few day’s new ones…
How you are logging in to the OS: Only user/admin
Other Security applications installed: Nod32 Antivirus, Ad-Aware, Spybot S&D, Windows Defender, Spywareguard.
Security related applications which have been removed/disabled before installing CFP: None I can remember.
Security related application which have been removed/disabled after installing CFP: None I can remember.
Detail the problem, such as which applications are running when you have the problem: Firefox, sometimes along with various other applications. It could be Adobe Premiere it could be Limewire or whatever. Sometimes it occurs upon startup when I try to start Firefox.
Please inform us if you have created any custom rules: I don’t know. Where do I check this? :-[
The first rule you have is a little worrying, which ports are you specifically allowing in and out in that rule.
Oh really?
Hmm well they're all from the applications Limewire, uTorrent and Emule...i had severe connection problems with Limewire for a long time so I'm sure that's why there's so many ports there and also the cause of the double rule.
Could I actually delete rule nr2 then?
Oh really?
Hmm well they're all from the applications Limewire, uTorrent and Emule...i had severe connection problems with Limewire for a long time so I'm sure that's why there's so many ports there and also the cause of the double rule.
Could I actually delete rule nr2 then?
I wouldn’t be too quick to delete that second rule without making sure you have a comprehensive rule to replace it. That’s something we’ll need to look at.
Could you post your log files as well please, along with a screen shot of your Application rules, as detailed in that link I gave you.
May I inquire as to why you are using an obsolete version of CFP 2 that’s in a release candidate state? Perhaps there are related bugs causing this issue.
As far as I know this is the latest version ??? I do know it’s a beta version and I can’t remember if I downloaded it from a link here or if I got some prompt-update, because it was a while back.
Which version would you recommend me to switch to? I could start there…
I don’t think I can show you any of the alerts I’m blocking as I assume they need to pop up first? My log and application list attatched tho.
I personally would go for version 3 that might be released…today! Or for the time being if you’re hasty to get the current stable 2.4.18.184 from the official site:
The are a few “problems” I see with your Application Monitor rules. For example, why do you have so many for Firefox? Aside from different parent executables, I’m guessing it might be due to the redundant rules that you previously allowed due to the loopback request (at least for the Allowed Incoming parts, which is not needed by any browser), which can be disabled in Security > Advanced > Miscellaneous > Enable skip tcp loopback. Also, all those rules to allow those setup files (including msiexec.exe) internet access shouldn’t exist. Setup files are usually one-time instances, so I would delete them. Of course, all that doesn’t explain why your internet was blocked, just something for efficiency and assuming you don’t run a proxy server.
Thank you! I was wondering why I have so many rules for the same application but I didn’t dare to delete any because I assumed they needed to be there and I wouldn’t want to guess as to which ones to delete.
I’m not in any real hurry, so I’ll wait for version 3 to come out. Will my changes and settings follow along to that version or do I need to redo everything once that’s installed?
I’ve been suspecting my Comodo haven’t been running the best way recently, so I’m really grateful for all this help!
Unfortunately, the architecture in 2.x and 3.x are too different, so even with the backup script created by the mods won’t be able to import it correctly. I guess this means we’ll start the rules & options from scratch.
well in my case maybe it’s a good thing, if I just disable the loopback tcp thing first
As I’m not really sure as to which app rules to delete. Took away some setup ones, and assume others will pop up again if I deleted them and they need access…
Could I for example delete all the firefox rules and then I assume I’ll be prompted to allow/deny again, and that I should only check the “remember” box for the most important ones?
I checked closer on the rules for FF and they were for CCleaner etc probably at times they requested to be updated.
Now I have 6 FF rules left. One includes thunderbird(which i run from FF usually)
two are from my local settings temp file folder, and I don’t know why that’d be needed?
One are from my local settings application data folder, and same question there as ^?
One are for explorer.exe and have a destination port range. Do I need this one? Attaching screenshot of it.
But that’s one program each, meaning that CC can and should only need to launch FF one way. There should only be one allowed rule (TCP/UDP Out) in this case.
I don’t either. Be very suspicious of temp files and folders - at best, they only need internet access going out once. I’ve never had one that needed this, at least not for legit purposes. The key here is what are the parent executables?