connection issues - please assist

I am running Windows XP SP2, with Comodo 5.8, and also a D-Link Wireless 108G router. Please forgive any and all ignorances. I’m not a computer novice, but I do not have a lot of experience with firewall issues.

I am at a loss and frustrated. I discovered, through discussion forums this weekend, that Zone Alarm had a tendency to cause connection issues when running simultaneously with utorrent. So I switched to Comodo - everything seemed to be fantastic. Then I discovered that – apparently due to Comodo? – that I was periodically losing my connection entirely. It would return without problems after a reboot. Then I’d lose it again after some indeterminate amount of time.

So I did some research and followed the instructions as to how to configure Comodo with utorrent from the Comodo forums (Firewall Tutorial for Utorrent with Comodo Internet Security - Guides - CIS - Comodo Forum, which I guess is the same as the <A HREF-"Enabling File Sharing Applications like BitTorrent and Emule,Comodo Firewall| Internet Security v5.9/5.10 "> website instructions). I attempted that process a couple times because 1. I wanted to make sure I did it correctly, 2. I never received the pop-up alert that asks you to choose ‘Treat this application as’. I still have not received that pop-up. I’d doubt it exists, except I’ve seen screenshots of it.

When that didn’t work, I followed most of the suggestions in this post, aside from patching TCPIP.sys (which I haven’t tried yet). … 92#p258238. When I run the Setup Guide within utorrent, I get the following result: – is the “Port is not open (you are still able to download)” message the ‘smoking gun’? And if so, how does one open that port within Comodo? I thought I did that when I created the Application Rules within Comodo? – … Or is it something that needs to be opened within my router’s firewall? (Which confuses me, because I haven’t made any recent change to my router aside from changing the password). And how would any of this account for my connection being available for a few hours and then dropping?

Thank you for any and all help. I am at least twelve different kinds of frazzled by this mystery.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:20 PM, on 11/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

If you haven’t already, you will need to forward the ports in the router that your torrent client uses, without this you will be able to download but others will not be able to download from you. Similarly, you need to create rules in the software firewall that allow both inbound and outbound connections. To do this typically requires creating firewall application (in/out) rules for the process (utorrent) and firewall global (in) rules for the protocol and port.

Take a look through this thread for the firewall. For the route, you can either manual forward the ports, or use UPnP.

Okay, it turns out that I misinterpreted the problem.

The connection drops regardless of whether or not utorrent is running. I just returned to my apartment after spending some time with friends, and sometime during that time, the connection dropped. Does my wireless router firewall have to be configured to gel with Comodo? Some sort of conflict that kills my connection?

I’m not aware of any issues running a hardware firewall with CIS. Does this ‘drop-out’ happen under any particular circumstances, for example high traffic load or high numbers of connections?

well, when I left my computer on before going out, I had Chrome and iTunes open. Peer Block, Comodo, and ESET running in the system tray. I previously thought this drop was occurring when utorrent was running, but that turned out to false. So to answer your question, I don’t know if there’s any pattern to the drop out.

I’d try removing peer Block temporarily, or failing that see what your block files are blocking a bogon filter maybe?. It’s also worth checking the router logs, assuming there are any, for anything that may be of interest. Are you running standard firmware on the router, or a third-party such as dd-wrt, tomato etc?

Couple things… Are you using a Static IP address or DHCP? If DHCP, it may be possible that you blocked this traffic some how so that when it goes to renew the IP address it is unable to renew. This would cause your network connection to drop (and thus your internet). Additionally, with you being on a wireless network have you tried to stay connected without the firewall on (only if its a trusted network of course). Lastly, is the Wireless router Broadcasting the SSID? If not, this could also be the ■■■■■■… Windows can have problems seeing Wireless networks when SSID Broadcasting is off.

If you were having connection drop issues before Comodo, Comodo is likely not the issue. Hope the above suggestions help.

IMHO, if not Broadcasting SSID is the case then your probably better off having it set to Broadcast (some may disagree). My reason on this is, people can still see your network and SSID even if you have it turned off (especially the people you are not wanting to find it). So in reality, you would just be hiding your network from your own Windows box.

Thanks for the reply and replies.

I was not having connection drop issues pre-Comodo. I’d like to stick with the program as it seems great aside from these issues.

My router is set for DHCP, yes. I don’t know how to answer the question re: SSID Broadcasting. Forgive my naivete/ignorance. I had a neighbor’s help in installing the router. Here’s the thing, though - the only changes I’ve made to Comodo since installing it were the utorrent config (rules) after I started having the connection drop issues and I thought it was a utorrent issue. I haven’t made any changes to the router settings (not to my knowledge anyway) aside from changing the wireless password on Saturday.

With sincere due respect, I don’t think Peer Block is causing problems. I’ve had it for forever, without issues, and it’s completely silent except if utorrent is running or if I run into a website that uses one of the blocked IP’s. And no, I’m not running any special firmware on the router.

If you did not have issues pre-Comodo then its not likely the SSID issue I was talking about. Although I gave DHCP as a possible issue, I do not believe the default install would interfere with anything DCHP (since you have not made any changes). I run a completely customized setup so someone else would have to vouch for that.

As Radaghast pointed out, you may also want to check your router logs if you can. If you connection is dropping at the router/modem then that is an ISP issue that (coincidently started happening during your switch to Comodo).

Check your system logs also, if there is a DHCP is then you may be lucky enough that it caused an event when your system lost connection. One last thing, can you post a screenshot of your firewall logs around the time you lose connection (if nothing is there also check Defense+ logs).

No worries, I’ve seen problems caused by PB in the past, so just covering the bases. Did you check for router logs? On the subject of logs, it’s also worth checking the firewall and D+ logs in CIS and also the Windows logs, via Event viewer, just run eventvwr.msc from the start menu and check the System and possibly the Application log of any Errors/Warnings.

Okay, I just woke up about 45 minutes ago, and back to the problem. When I woke up, I checked to see if the wireless connection on my ipod was working and it was.

My computer’s internet connection was not working. (does that mean it’s a Comodo and/or Windows issue rather than a router issue?) In fact, Chrome would not even load, giving the message: “This application failed to start because iphlpapi.dll was not found. Re-installing the application may fix this problem.”. (Chrome loaded/connected post-reboot). At the same time as the DLL error, I checked my connection in the system tray, and the connection status fields were blank. When I clicked “Repair”, I received "“Failed to query TCP/IP settings of the connection. Cannot proceed”.

I just ran a quick scan with Malwarebytes and it didn’t find anything aside from a TCPIP.SYS patch that was suggested as a solution on the utorrent boards (again, back when I thought it was a utorrent issue).

I thought there was a tiny chance that I had downloaded the wrong or even a bogus version of Comodo Firewall, so I checked my internet history. I downloaded it from here, Firewall Download | Best Firewall Security software for Windows, choosing the 35MB 32-bit Windows XP SP2 one. Perhaps I should reinstall with the (regular?) installer that I just downloaded from here, Download Antivirus for Mac | Free Antivirus Software for Mac … If I had more time, I’d do it right now, but it can wait until I return home from work.

So bewildered.

Zero log entries for the firewall in Comodo. Very few entries in Defense+. In the Event Viewer error log, there’s a lot of things are posted, but mostly this message from “Srv”: “The server was unable to allocate from the system nonpaged pool because the pool was empty.” (and I don’t know what that means). Also a couple errors from “SideBySide” (?): “Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service.” (I don’t know what this means either). I’d do searches but it’s time to go to work. : (

Going solely by the Windows log entries, you may have corrupted TCP/IP/Winsock stacks. My first suggestion would be to run through the procedures outlined in the following:

How to determine and to recover from Winsock2 corruption in Windows Server 2003, in Windows XP, and in Windows Vista

How to reset Internet Protocol (TCP/IP)

Thank you very much for all your help so far. Above and beyond.

I found this post on a different forum regarding the TCP/IP error (“Failed to query TCP/IP settings of the connection. Cannot proceed”) when I attempted ‘Repair’ in my connection window.

I think I’m going to try the Windows support solutions when I get home later today. I think the above post may be the same as the Windows support directions, just slightly different?

Going forward - did Comodo somehow corrupt my TCPIP.SYS file? (Or was utorrent somehow responsible?) Did I do something wrong when installing? I don’t think I could have made any config errors since (as I said) the only changes I made were to configure for utorrent. Did I download the wrong version of the program, by choosing the 32-bit one? Before you ask, I’m not sure why I picked that one from Firewall Download | Best Firewall Security software for Windows. I think I got distracted and didn’t see that the first one is also XP SP2 compatible.

Thanks again.

It’s the same information, I provided the MS links as sometimes just running a command without knowing why can be confusing.

Going forward - did Comodo somehow corrupt my TCPIP.SYS file? (Or was utorrent somehow responsible?) Did I do something wrong when installing? I don't think I could have made any config errors since (as I said) the only changes I made were to configure for utorrent.

Whenever low level drivers are added/removed there’s always a small risk of corruption. It may also have been the situation where there were problems, albeit less obvious, that were exacerbated by the installation of CIS. Out of interest, did you actually patch tcpip.sys for utorrent?

Did I download the wrong version of the program, by choosing the 32-bit one? Before you ask, I'm not sure why I picked that one from I think I got distracted and didn't see that the first one is also XP SP2 compatible.

The link looks correct, but here’s another opting if you’re unsure COMODO Internet Security 5.8.213334.2131 Released! Just pick the first download and install the components you want.

Thanks again.

I did not apply the TCPIP.SYS patch for utorrent. I considered it, but thought it might just exacerbate the problem further. Like I said, Malwarebytes identified it as malware (it was at the time in my Recycle Bin). I doubt it is, in fact, malware, but better to be safe.

Just out of interest, which components of ESET and which components of CIS are you using?

ESET NOD32 Antivirus 4.0 and just CIS Firewall.

Also, I misspoke in my original post. I’m running XP SP3.

Unfortunately the Windows Support fixes did not work. : (

I’m trying an uninstall/reinstall of Comodo. I chose the option to “change my DNS servers to Comodo SecureDNS”. I don’t know if this will make a difference, but it can’t hurt. If the uninstall/reinstall does not help the issue (my confidence in my own troubleshooting skills is at an all-time low), do you have additional suggestions? I suppose I can roll back to ZA (hopefully?) if worst comes to worst. But I’d prefer to stay with Comodo.