Comodo kept breaking network connection[Resolved]

It seems like comodo is blocking some particular IP in accordance to the default network control rules. I kept getting inbound and outbound policy violation msgs, and after a while i was shut off from the network/internet. My IP is also changed as a result.

My feeling is that someone or something is calling my computer to check if its connected. How should i devise a control rule to allow this supposedly egitimate connection?

I’ve attached the log file.

Thanks.

[attachment deleted by admin]

First, what sort of network are you hooked to? This will tell much more. Looking up info at ip tools…

OrgName: Stanford University Network
OrgID: SUN-5
Address: Pine Hall, Room 115
City: Stanford
StateProv: CA
PostalCode: 94305-4122
Country: US

NetRange: 171.64.0.0 - 171.67.255.255
CIDR: 171.64.0.0/14
NetName: NETBLK-SUNET
NetHandle: NET-171-64-0-0-1
Parent: NET-171-0-0-0-0
NetType: Direct Assignment
NameServer: ARGUS.STANFORD.EDU
NameServer: AVALLONE.STANFORD.EDU
NameServer: ATALANTE.STANFORD.EDU
Comment:
RegDate: 1994-08-22
Updated: 2000-08-17

RTechHandle: JK535-ARIN
RTechName: Kohn, Jay
RTechPhone: +1-650-723-7515
RTechEmail: security@stanford.edu

ARIN WHOIS database, last updated 2006-10-22 19:10

Enter ? for additional hints on searching ARIN’s WHOIS database.

This is on the ip you gave in your report that is being denied access. Are you behind a router, etc…home network, college, etc…

Paul

Yes, i’m connecting from university, plugging the cable directly to the wall.

ken

Well for one, the server may be changing IPs as ours does. The attempted access I can’t say. You could report it but it may be the college server doing checks as well. Your IP can expire and IPs if like our server are given out at the time, whoever needs one and can change constantly. Disconnection would be likely on the server end as well or there was no IPs to hand out, another problem we run into here. Our college admin checks on IPs and such and will pull them if needed for more important things, like class, lol. It looks like the server IP but can’t say for sure, ours shows up as well as attempts but I know the addy so I know it’s the server. Perhaps contact the admin on this and ask. I think this would be the best route if some foolishness is taking place, they will know and who you should go to.

Paul

The admin says there was too much information in the logs and he didn’t understand it!

One thing for sure… once i allow all connections, I don’t see the problem.

Ask your Admin for the instructions on setting up a Firewall from within the University’s network. Unless they are saying that you’re the first person that has ever tried that (I’d be stunned if that was the case).

Allow All, unfortunately, works both ways. Everything can get out. But, anything can get in as well.

Perhaps this might help…

 http://www.stanford.edu/services/ess/pc/sunet.html

LOL, ??? Did he recognize if it was the server addy at least?? I would still say it is and wouldn’t worry as long as the firewall is blocking it. If an admin can’t read the logs, it’s no wonder why there’s trouble.

OY,

Paul

Paul, you’re right. I noticed that internal IP number instantly & so should have the Admin (especially since it is probably his own Gateway server). Maybe the Admin was just too busy. ::slight_smile:

Following comicfan2000’s suggestion, i reinstalled Comodo and everything went fine for almost 2 days until now. Again, my IP address (assigned by DHCP) was changed from something that works to something else for no reason, usually after 1 h of connection. The address type becomes “Automatic private address” and the default gateway went blank.

I disabled and re-enabled the “wireless network connection”; however, an incorrect IP was assigned. Comodo seems to be blocking some essential traffic (pls see log attached) as if I “Allow All”, i got the right IP address.

I thought the network ctrl rules (attached) which is very much the default ones should work fine. Do they require modifications? Thanks.

[attachment deleted by admin]

The problem is that svchost.exe is being blocked. Set it to allow and it will do the job :wink:

Should i create a new application control rule specifying svchost.exe? How should i specify the other entries like parent, protocol, direction, ip etc? Thanks!

The easier way is to delete the block rule. Then the next time svchost.exe will try to access the net a popup will notify you. Just select allow at the popup and you are done. ;D

the problem now is that there is no problem. i’m getting uninterrupted connection but svchost is not showing up. Also, as there is no block rule, i feel vulnerable…

In addition, i don’t think svchost.exe can be added in Application Control rule as i can’t find the file!

Probably it will show up during the next reboot. Since it is a verificated safe application from Comodo, CPF allows it by default (unless some strange activity takes place and then CPF blocks it). :wink:

Actually it didn’t. But my connection is stable now. Allow me to back track a little…
I noticed a trend. Whenever i run p2p, the connection terminates more frequently (compared to when p2p is not run) as previously described. Currently, the connection stays stable even when p2p is run, but i got a lowid. My settings are in accordance to that mentioned in the FAQ (destination ports corresponding to p2p ports and rules placed above block rule). I turned off AVAST, PG2 and Comodo one by one, and it appears that comodo is the one related to the lowid. I also turned off Application behavior and its not that. I then played around with the ports and used ports that i know are not blocked (such as 80) to no avail. I have checked the other threads but hasn’t found a solution.

Let me guess, Emule? https://forums.comodo.com/index.php/topic,411.0.html

If i’m wrong so be it, but this is usually an Emule issue, as well I don’t recall if you are behind a router.

Paul

paul: u replied too fast as i wanted to retract my previous post.

All is well now although i probably should monitor the situation for a couple of days before saying this. What i did was to enable “Fast User Switching” in Services. Previously i had disabled it.

Thanks for the excellent tech support. (:CLP)

Woot! :BNC Thank you for asking about the “Automatic private address”! Thank you even more for pointing out that svchost.exe was being blocked, thereby creating the private address issue.
That resolved my question without even needing to ask.
You folks rock!