Comodo&MSN Live Messenger

Yes LM, I have file sharing disabled.
I once had that slow transfer problem when I went thru tweakhound’s list and disabled services as suggested. But then enabled most of the services again because a few things did not work. A few of the services I enabled back are like Server,terminal services,fast user switching,workstation,etc. I can give you the whole list if required.

Hilmi

LM can I get your opinion to my following thread please. I am still trying to learn.
https://forums.comodo.com/index.php/topic,6226.0.html

Thanks

ingro,

looks like hilmi’s running it without any problems… have you perhaps disabled some Windows Services?

LM

I use live MSN 8.1 and I can confirm that there is no need of special network monitor rules. It works just fine with the default configuration of CFP

Yes I’ve disable some Windows Services but I can’t remember well since I did it some weeks ago… can you give me a better list Hilmi? Thanks

Probably the best approach, when making changes to Services, is to do one or two at a time, spaced out so you can check to make sure everything continues working normally. That way it’s easier to track down and resolve problems…

In re-enabling Services, especially for your situation, it would be good to do the same; do them one at a time, and check Messenger each time to see if it works again. Change the Service startup type to Automatic or Manual, then reboot the system.

FYI, here’s a list of a typical/default Services for WinXP: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sys_srv_default_settings.mspx?mfr=true

LM

I attached my services as I have it currently without having your problem.

For a faster resolve, I suggest make a snapshot of your services and then set them as mine and then reboot and check if that solves your problem. If it does, then set everything back as you had before and follow LM’s suggestion if you want to know which service(s) were causing the problem. Some services depend on others so make sure you enable those dependent services together.

Let us know the result for reference for everyone to use.

Hilmi

[attachment deleted by admin]

I’m still very confused on what to do to resolve this problem with MSN and slow transfer rate. I’m abit confused by the tips that people have posted (:SAD)

I have too a problem with file transfers on MSN !

When I disable the Comodo Firewall all transfers are OK but If not it’s really slow… how solve it ?

Thanks.

Part of the problem, guys, is that there are a lot of folks using it without any problems, or special rules. So it may be the result of other applications or services that are causing the slow-downs. That makes it hard to resolve, and I’m not aware of anyone that has been able to definitively say that they figured it out; I’m guessing that they either moved on, or got it working but aren’t sure how.

Pier²e, when you say it works if you disable CFP, what are you doing to disable the FW?

LM

Security Level > Allow All

When it’s a transfers with two people who have WLM (msn 8) it’s good (without disable CPF) but if it between WLM and a previous version of MSN (6 or 7) transfers are slow with CPF…

Okay, so if Allow All works that indicates you have an issue with rules; most likely it’s Network Monitor-related. Let’s try this:

Open Activity/Logs. Right-click an entry and select “Clear All Logs.”

Then connect between v8 and v6 or v7 (where you know there will be a conflict), and do a transfer for testing purposes. When the transfer is getting bogged down, stop it and reopen the logs. Right-click and select “Export to HTML.”

Save the file and reopen it (it will open in your browser). From the bottom (which will be the oldest entry), highlight about 6 entries, right-click and Copy. Then Paste into your next post here. If your external IP address shows in the log entries (it will match up w/the address showing in the lower right corner of your posts here), you may mask/edit it with “x” for privacy if you like.

That will get us started on what is being blocked to slow down the transfer.

LM

Ok

Date/Heure :2007-08-29 18:30:24 Sévérité :Moyen Report :Gestion du réseau Description: Violation de la politique entrante (accès refusé, IP = 82.66.39.166, Port = ms-rpc(135)) Protocole: TCP Entrant Source: 82.66.39.166:1077 Destination: XX.XX.XXX.XX:ms-rpc(135) Flags TCP: SYN Raison: Règle de contrôle réseau ID =7

Date/Heure :2007-08-29 18:29:54
Sévérité :Moyen
Report :Gestion du réseau
Description: Violation de la politique entrante (accès refusé, IP = 88.136.23.66, Port = 2093)
Protocole: TCP Entrant
Source: 88.136.23.66:2880
Destination: XX.XX.XXX.XX:2093
Flags TCP: SYN
Raison: Règle de contrôle réseau ID =7

Date/Heure :2007-08-29 18:29:49
Sévérité :Moyen
Report :Gestion du réseau
Description: Violation de la politique entrante (accès refusé, IP = 82.66.55.128, Port = ms-rpc(135))
Protocole: TCP Entrant
Source: 82.66.55.128:3179
Destination: XX.XX.XXX.XX:ms-rpc(135)
Flags TCP: SYN
Raison: Règle de contrôle réseau ID =7

Date/Heure :2007-08-29 18:29:49
Sévérité :Moyen
Report :Gestion du réseau
Description: Violation de la politique entrante (accès refusé, IP = 88.136.23.66, Port = 2093)
Protocole: TCP Entrant
Source: 88.136.23.66:2880
Destination: XX.XX.XXX.XX:2093
Flags TCP: SYN
Raison: Règle de contrôle réseau ID =7

Date/Heure :2007-08-29 18:29:49
Sévérité :Moyen
Report :Gestion du réseau
Description: Violation de la politique entrante (accès refusé, IP = 82.66.55.128, Port = ms-rpc(135))
Protocole: TCP Entrant
Source: 82.66.55.128:3921
Destination: XX.XX.XXX.XX:ms-rpc(135)
Flags TCP: SYN
Raison: Règle de contrôle réseau ID =7

XX.XX.XXX.XX is my IP, the IP of my contact is not on the log…

My rule 7 is the default rule :
IP in / out
Block and log

Thanks for your help.

So are you saying that the Source IP address shown on these Inbound connection attempts is NOT the IP of the person to whom you were connected via Live Messenger?

LM

Here’s a link listing ports for use with MSN Live Mssgr. The ones with * are for connecting to older versions. Apparently it uses some dynamic port configuration, and may change throughout the transfer. Not sure how you could stop that behavior, being on the receiving end.

http://support.microsoft.com/kb/927847/en-us

PS: the 82.x.x.x address is Proxad, a webhosting service (and possibly an ISP?). The 88.x.x.x is Cegetel; looks like perhaps an ISP.

Yes

My only guess (and this is purely a guess) is that perhaps these IPs are local MSN Live Msgr Servers. However, if that were the case, I’d expect them to be registered directly to MS. One IP appears to belong to your ISP, but I can’t say if it’s one of their servers, or just another customer.

This is quite odd.

LM

Sorry for jumping in but Messenger has been trying to communicate with something even though it works fine heres the link to my topic https://forums.comodo.com/help/msnmsgrexe-t12158.0.html

Sorry but I am bad in English and I have not understand the solution *

Thanks for your help.

I don’t know exactly what’s going on, since those IP addresses are not who you were connected to. If it’s not something to be concerned about, it certainly is happening in an odd way.

Will you file a ticket with Support here, http://support.comodo.com/ and let them know of the issue you are having? Please let them know that you have been in the forums, and that a Moderator referred you to them. Please provide them a link to this topic, as well.

Then let us know what they say. I am hoping that they will have some good input for us.

LM

Tnx for the PM, Pier²e. As I understand it, you have found through the French Forums here that you need to create Inbound Network Monitor rules for Ports 1024 - 5000, and that this has resolved the issue for you.

LM

Tnx for the PM, Pier²e, regarding ways to tighten security with these Inbound ports for WLM.

You already have the Inbound Network Monitor rules to Allow TCP/UDP (both protocols, correct?) to a range of Destination Ports 1024 - 5000; I imagine this is from Any Source IP to Any Destination IP, with Any Source Port as well. This allows the firewall to accept inbound traffic on those ports.

Since there probably is not any real way to tighten up the Network Monitor rule (unless your friends have static IP addresses), we will have to focus on Application Monitor, and take a few steps to add some layers of security there.

Essentially, you want your application rule for WLM to match the Network Monitor rule for those Protocols and Ports. You also want to make sure that no other application is allowed to receive Inbound connections for those ports, to minimize risk. This is because with CFP, in order to it to accept the traffic to Network Monitor, there must be an allowed application in Application Monitor actively running and listening on those Ports. So we want to make sure that is only WLM.

This means the first thing to do will be to remove the existing Application Monitor rule for WLM’s executable (make note of application and parent). Then you will add a new one. This rule will be the same .exe and Parent. The rest will be like this:

Action: Allow
Protocol: TCP
Direction: Out
Destination IP: Any
Destination Port: A Set of Ports: 80,443,1863,7001
Miscellaneous: (leave it blank - nothing checked)

Then Add a second rule for WLM. Same Application .exe, same Parent.
Action: Allow
Direction: In
Protocol: TCP/UDP
Destination IP: Any
Destination Port: A range of Ports: 1024 - 5000
Miscellaneous: (leave it blank - nothing checked)

Now you will want to Edit every other Application rule that shows to accept Inbound TCP/UDP connections (which may be several). On each, in the Destination Port tab, select the “Exclude” box, then check a Range of Ports: 1024-5000. This will keep them from accepting inbound connections on those ports.

The final step will be to go to Security/Advanced/Miscellaneous. Move the Alert Frequency slider to High. This will mean that all Application Monitor rules will include a level to detail of: Application, Direction, Protocol, and Port.

This will give you a greater level of control over how each application is allowed to Connect. However, you will thus see more alerts for each application, which may seem like duplicates. You also may end up with more rules for each application in Application Monitor. That’s the down-side of the increased detail levels.

If you have any questions about these, please ask. I’m posting this here in this WLM thread for everyone’s benefit.

LM