Comodo manual updater problems

gander · September 18, 2006, 4:52pm

I have downloaded comodo 2.3.5.62. When I try to update it manually I get the message ‘your system seems not to be connected to the internet.’
I am on broadband and my pc is protected by A D-link DSL-G604T router. Can anyone give me some advice on getting the manual updater up and running.
Many thanks.

kail · September 18, 2006, 6:23pm

There currently isn’t an update for 2.3.5.62. But, you shouldn’t get the not connected error.

I’m guessing that something is being blocked. Did you check CPFs log file to see if there any corresponding messages with the update attempt?

gander · September 18, 2006, 8:06pm

Thanks Kail. I have checked the logs and have the following message:

Date/Time :2006-09-17 21:32:07
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

kail · September 18, 2006, 8:40pm

OK. Is 224.0.0.22 your router?

gander · September 18, 2006, 9:20pm

Forgive me as I am a relative newbie.
Logging onto my router, I have the following info:
Start IP 192.168.1.2
End IP 192.168.1.20
Primary DNS 192.168.1.1

kail · September 18, 2006, 10:08pm

Actually, my question was dumb… the IP address (224.0.0.22) is the multicast address, used by the Transport layer multicast protocol (thus the IGMP). But, I’ve no idea why your system is using it.

Questions…

Was that the only thing in CPFs log?

What’s your Operating System?

What blocks do you have in Application & Component Monitor?

gander · September 19, 2006, 5:51pm

Thanks for your input Kail.
I am running Windows XP pro SP2.
There are no blocks in the application and component monitors.

Here are my logs over the last week:

Comodo Firewall Logs

Date Created: 18:46:56 19-09-2006

Log Scope: Last 7 days

Date/Time :2006-09-17 21:32:07
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-17 20:23:20
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-17 14:15:52
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-17 11:41:16
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-17 11:28:15
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: TCP Out
Destination: 127.0.0.1:1101
Details: C:\Program Files\Mozilla Firefox\firefox.exe is an invisible application

Date/Time :2006-09-17 11:28:09
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: TCP In
Destination: 0.0.0.0:1363
Details: C:\Program Files\Mozilla Firefox\firefox.exe is an invisible application

Date/Time :2006-09-17 11:27:25
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (AdMunch.exe:127.0.0.1:1101)
Application: C:\Program Files\Ad Muncher\AdMunch.exe
Parent: C:\Documents and Settings\Gerry Anderson\Desktop\B-26039.exe
Protocol: TCP In
Destination: 127.0.0.1:1101

Date/Time :2006-09-17 11:26:59
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.3
Destination: 192.168.1.1
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-17 11:26:54
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 127.0.0.1:1101
Details: C:\Program Files\Ad Muncher\AdMunch.exe has modified the the User interface of C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…

Date/Time :2006-09-17 11:26:54
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: 192.168.1.1:dns(53)
Details: C:\Program Files\Ad Muncher\AdMunch.exe has modified the the User interface of C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…

Date/Time :2006-09-17 11:23:40
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (AdMunch.exe)
Application: C:\Program Files\Ad Muncher\AdMunch.exe
Parent: C:\Program Files\Ad Muncher\AdMunch.exe
Protocol: UDP Out
Destination: 192.168.1.1:dns(53)
Details: C:\Program Files\Ad Muncher\AdMunch.exe is an invisible application

Date/Time :2006-09-17 11:23:18
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 127.0.0.1:1101
Details: C:\Program Files\Ad Muncher\AdMunch.exe has loaded C:\Program Files\Ad Muncher\AM26039.dll into C:\Program Files\Mozilla Firefox\firefox.exe using a global hook which could be used by keyloggers to steal private information.

Date/Time :2006-09-17 11:14:39
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-17 09:15:59
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-17 09:15:56
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (System:0.0.0.0:nbsess(139))
Application: System
Parent: System
Protocol: TCP In
Destination: 0.0.0.0:nbsess(139)

Date/Time :2006-09-17 08:09:01
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-16 23:24:31
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.3
Destination: 192.168.1.1
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-16 23:24:26
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (BOC4UPD.EXE)
Application: C:\Program Files\NSClean\BOClean\BOC4UPD.EXE
Parent: C:\Program Files\NSClean\BOClean\BOC421.EXE
Protocol: UDP Out
Destination: 192.168.1.1:dns(53)
Details: C:\Program Files\NSClean\BOClean\BOC4UPD.EXE is an invisible application

Date/Time :2006-09-16 23:24:16
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.3
Destination: 192.168.1.1
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-16 23:19:56
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-16 23:07:33
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.3
Destination: 192.168.1.1
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-16 23:04:38
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-16 23:04:34
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (System:0.0.0.0:nbsess(139))
Application: System
Parent: System
Protocol: TCP In
Destination: 0.0.0.0:nbsess(139)

Date/Time :2006-09-16 22:50:25
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-16 22:34:09
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (IEXPLORE.EXE)
Application: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Parent: C:\Program Files\Prevx1\PXL.exe
Protocol: UDP Out
Destination: 192.168.1.1:dns(53)
Details: C:\Program Files\DefenseWall\DefenseWall.exe has modified the the User interface of C:\Program Files\Internet Explorer\IEXPLORE.EXE by sending special Window messages…

Date/Time :2006-09-16 22:33:39
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (avgnt.exe)
Application: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
Parent: C:\Program Files\AntiVir PersonalEdition Classic\update.exe
Protocol: TCP Out
Destination: 127.0.0.1:18350
Details: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe is an invisible application

Date/Time :2006-09-16 22:33:05
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (avnotify.exe)
Application: C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe
Parent: C:\Program Files\AntiVir PersonalEdition Classic\update.exe
Protocol: UDP Out
Destination: 192.168.1.1:dns(53)
Details: C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe is an invisible application

Date/Time :2006-09-16 22:32:30
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.3
Destination: 192.168.1.1
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-16 22:32:18
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 66.249.93.99:http(80)
Details: C:\Program Files\DefenseWall\DefenseWall.exe has modified the the User interface of C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…

Date/Time :2006-09-16 22:32:18
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 63.245.209.21:http(80)
Details: C:\Program Files\DefenseWall\DefenseWall.exe has modified the the User interface of C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…

Date/Time :2006-09-16 22:32:18
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: 192.168.1.1:dns(53)
Details: C:\Program Files\DefenseWall\DefenseWall.exe has modified the the User interface of C:\Program Files\Mozilla Firefox\firefox.exe by sending special Window messages…

Date/Time :2006-09-16 22:32:15
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (avguard.exe:127.0.0.1:18350)
Application: C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP In
Destination: 127.0.0.1:18350

Date/Time :2006-09-16 22:32:10
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-16 22:32:05
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (System:0.0.0.0:nbsess(139))
Application: System
Parent: System
Protocol: TCP In
Destination: 0.0.0.0:nbsess(139)

Date/Time :2006-09-16 22:32:05
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.3
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Date/Time :2006-09-16 22:30:22
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 239.255.255.250:upnp-mcast(1900)
Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

End of The Report

kail · September 19, 2006, 10:36pm

OK, these 2 entries…

Date/Time :2006-09-16 23:04:38 Severity :Medium Reporter :Network Monitor Description: Outbound Policy Violation (Access Denied, Protocol = IGMP) Protocol:IGMP Outgoing Source: 192.168.1.3 Destination: 224.0.0.22 Reason: Network Control Rule ID = 5
Date/Time :2006-09-16 23:04:34
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (System:0.0.0.0:nbsess(139))
Application: System
Parent: System
Protocol: TCP In
Destination: 0.0.0.0:nbsess(139)

… does indicate that you have File Sharing on. The TCP 139 nbsess is a NetBEUI over TCP/IP & is used for data transfer. And sometimes, exploited by trojans/worms. If you’re not using File Sharing, then you should disable it. If it is already disabled (?)… then you might have some trouble. But, you’re still OK… since CPF blocked it.

Date/Time :2006-09-16 22:30:22 Severity :High Reporter :Application Behavior Analysis Description: Suspicious Behaviour (svchost.exe) Application: C:\WINDOWS\system32\svchost.exe Parent: C:\WINDOWS\system32\services.exe Protocol: UDP Out Destination: 239.255.255.250:upnp-mcast(1900) Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

This one is UPnP trying to announcing itself over IP multicast on UDP port 1900. Again, if you don’t use it, loose it. But, no worries, since CPF blocked it.

Other than that… I could not find anything specifically wrong. Of course, I might have missed something. However, I did note that you’re also running a fair amount of other protection software. CPF doesn’t always play friendly with software that works in the same field.

Anyway, I think someone needs to double check this for me.

gander · September 19, 2006, 10:43pm

OK. Given that I am running Prevx1, should I disable the component monitor to reduce the chance of conflict?

kail · September 20, 2006, 1:21pm

Sorry for delayed response.

After searching the forums & the web, I’m not aware of any current conflict between CPF & Prevx1.

But, since you said “disable”… do you have any security products that are installed, but currently disabled?

gander · September 20, 2006, 7:43pm

No security apps are disabled.

I have used Computer Security Tool recently in an attempt to harden my security.

When I experienced problems with CFW I did a rollback of the CST fixes.

Maybe the problem started here???

kostas · December 14, 2006, 11:16am

Hello
i’m also new with Comodo (firewall and antivirus) and having the same problem updating the firewall and its very annoying. I’m running version 2.3.6.81.
I also have a similar problem when i try to update the Launch Pad and nothing happens.