Connection problems with Qnext 3.0

Hello

I am having connection problems with a program I use Qnext 3.0
It is both a Universal IM program and a file sharing program where I send a web cast link to anyone (they Do Not need to be running Qnext) via an email or IM program, and they can connect to the selected files, photos or listen to music by clicking on the link.
My computer needs to be running and Qnext for them to view and download.
www.Qnext.com

I uninstalled the free Zone Alarm because when running the port checks at GRC.com I now find open ports. I read where Comodo will stealth ports were others left them open, and hoped it would with Qnext 3.0 also. Oh currently I unistalled my router and am connecting direct.

There are status lights by the UID at the top and below next to the different IM programs. With the free Zone Alarm both the light next to my UID at the top and below next to Yahoo, AIM, and MSN were all Lite Green. Lite Green is the best connection status, then Dark Green, then Amber/Orange and then the worst connection is Red.

With Comodo the status lights at the bottom are all still Lite Green but the status light next to my UID is Amber/Orange.

There is a connection wizard. I do not use automatic but instead click on Custom then direct, and check the Listen to Ports, which had given me the best connection status Lite Green.

Even though during setup I had clicked allow and remember for all the Qnext questions during the setup of Comodo, I still found a blocked Qnextclient in the Comodo logs.

I know the fix will be something simple, but hope someone there might be able to save me some time.

There are many around the world that use Qnext many with routers and various networks.
It would be helpful if one of the Comodo moderators could also post a helpful guide for running Qnext with Comodo in the the Qnext Forums and the topic area Firewalls Proxies and Routers
http://forum.qnext.com/viewforum.php?f=5&sid=3152bb5e154b6a353345573d7b14c4a7

Thank You for your Help
UncleDoug

Here is the fix I received from the Qnext Support Team:

The default network filtering rules (Click on the Network Monitor tab in the Security main screen to display the filtering rules) block the https connection to Qnext redirect server. You have to either remove the Block & Log rule or amend the network control options for the that rule (as adding the IP of your PC as a source IP destination). Right-click over the Block & Log rule and select Edit. The change you have to make is shown on the attached captur

I left the capture file out because it had someones IP address.

I now have the Lite Green light next to my UID. :BNC

There were so many different items to check and try, that was the hard part.

Just ran a ports scan at GRC.com using the ShieldsUp test.

Hope someone from Comodo might be able to help with this one. Unlike the free Zone Alarm where ports 80 and 447 where shown open, with Comodo they are stealthed, and unsolicited packets rejected:

But the TEST FAILED

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation.

This is probably something simple I missed
Thanks again for your Help

UncleDoug

Hi, has any of the default Network Monitor rules been changed since installation? The defaults should already block incoming ICMP on echo.

What’s actually concerning is that they pointed out the possibility of removing the block and log rule - this is a big NO NO! That’s the rule that blocks everything else. Rules are prioritized from top to bottom and that’s why it’s the last one.

https://forums.comodo.com/help/how_do_i_configure_comodo_firewall_to_block_icmp_echo-t4784.0.html

https://forums.comodo.com/help/comodo_firewall_pro_should_block_ping_attempts_resolved-t7175.0.html

Soya Thank You for Responding. (:WAV)

I have since deleted and reinstalled Comodo to get a fresh start. Everything currently is at the default settings. No router direct cable connection.

All the GRC tests pass but in Qnext the light next to my UID # is amber/orange (:SAD) instead of Lite Green. The IM programs below Qnext AIM, MSN, and Yahoo each has a Lite Green light.

The reason I got excited was because it has been days since I originally installed Comodo that I was able to see any type of Green Lite or Dark at the top. Lite is the best.

It seems that sometimes not often I will see in the Comodo log 3 different red occurances for Qnext?

I tried setting up seperate rules for outgoing TCP Qnext uses ports 443 and 80 (in and out), and for UDP for port 5257 in and out. And I used my IP address for the sending IP address,

I still only had the amber light at the top. One problem with listing my IP address in the rules, is that it changes if I use IPCONFIG /release and have the PC off for several minutes.

There is an automatic connection wizard with 2 settings, automatic looks for UPnP for routers that are enabled, if not found it will default to the 2nd setting with is Custom and then either direct which I have been using since March, or port forwarding.

With Custome it needs a check in a box that says Listen to all ports (recommended) and it shows the TCP settings are for Ports 444 and 80, UDP uses Port 5257.

Then next there is a red dialog which says listen for incoming connections. You click it and it says listening on Port 447 for incoming connections. Then a message pops up saying it failed. Then next and finish starts up Qnext. This probably is where the problem occurs.

I hope it is just a simple setting and not major rule additions. As I mentioned I am hesitant about using my IP address because it can easily be changed. When I was using Norton anti virus (now using Avira) I needed to setup rules to allow QnextClient.exe, Qnext.exe did not need attention.

Qnext only uses their server to sign on, and also for a feature they call QnextMyPC, then it is direct user to user.
For all IM connections or for someone clicking a link I sent them for a file, photo album, or Juke Box connection to my system the connection is still direct user to user the Qnext server is not used.

I know this simple problem will be solved, just how long? But besides having the best connection Lite Green for Qnext I hope to have the BEST Security. (:CLP)

I noticed in Traffic visual that there is always 2 bars top is green and the bottom is red. Can there ever be both green?

Thank you again for your response and hope you or another can help, (:NRD)
UncleDoug

Hello, UncleDoug. I actually thought of trying Qnext before for its webcam and yahoo compatibilities, so I’ve yet to know what ports it needs.

That just means you’re covered by all incoming connections, which simultaneously means that Qnext does require an incoming connection. Just need to open a port…

It’s almost rare to not see a red occurence in the CFP log. You should right-click in the log window, export to HTML, edit out any private IP’s with something like Notepad or Word, and upload a sample of it here by clicking on the Additional Options… at the bottom left when you’re about to post in the forum.

Don’t worry about out because the default Network Monitor rule at the very top allows all outgoing connections. The TCP IN Ports 443 & 80 and UDP IN & 5257 based on your specific description requires 3 Network Monitor rules that corresponds. (We haven’t reached Application Monitor yet. Network Monitor has the final decision; acts like a router). Make sure that Qnext really does need 3 opened ports for incoming connections, because this seems a lot to me.

Well, if you use ipconfig/release of course your IP changes. Do you do this just for extra security measures? I don’t know why this step is necessary otherwise. Network (and Application) rules have the convenience of setting up zones where you define a range of trusted IP addresses, or you can simply stick with ‘ANY’ that applies to all IP’s.

Then you need a(nother?) Network rule by adding something like: Allow TCP/UDP (I’m not sure which protocol since you didn’t specify here) From Any IP source (the internet) To Any IP (your computer) Where Any IP source port (the internet) goes to 447 (your computer’s port that needs to be opened to accept/listen to incoming connections). I also have a feeling this is the root cause.

I think you should take one step at a time by adding just that last one above. Now, you may receive pop-ups from Application Monitor, but the rules should be the same. It’s also best to upload a screenshot (maximized) once you have it added so we can verify.

PS: I may not be around for this week or next that often, so feel to jump aboard to anyone else :smiley:

Soya, thank your for your reply. I am leaving for work and will either work on settings after midnight or tomorrow morning. It is -6 GMT here.

You mentioned: "We haven’t reached Application Monitor yet. " Which has me curious, especially with the different features Qnext has “and will have”!

I will post if I find anything!

You also mentioned: " I actually thought of trying Qnext before for its webcam and yahoo compatibilities, so I’ve yet to know what ports it needs" Currently the only Universal feature of Qnext is the chatting. But a recent survey of users the predominant request was enhanced IM features and more Universal compatability.

What Enhancements, New Features, and WHEN is a Big ? The ports should be the same?

I don’t have a web cam yet but was looking at the Logitech Fusion and Ultra Vision and a
Philips SPC900NC.

Qnext evolves each release. Web Casts is the powerful feature added this time. Have you ever wanted to share a file or photos with a friend or family member and they did not use the same program you did? With Web Casts you send a link to almost any email or buddy name of the IM programs you are using.

Those you send it to, do NOT need Qnext but only a browser. They click on the link and can download directly from your computer any file, photos or even listen to your music via JukeBox. You can choose to select only one person for a link or several, and you select what is to be shared in that link.
Your computer and Qnext needs to be running though.

Again Thank You for responding.
UncleDoug

Those you send it to, do NOT need Qnext but only a browser. They click on the link and can download directly from your computer
Sounds like when you send an "Invitation" to someone with various remote access software. The recipient need only click the link to reach your computer; it's all based on the software link created on your end. Handy, if you want to do that.

LM

PS: Part of the reason I’m posting is to get this topic into my list. This way if Soya’s out, I’ll know to respond.

We have tags now… :stuck_out_tongue:

Go ahead Mac; I think I might be starting to get lost with Application Monitor (AM).
There. I even set up the acronym to prepare for you.

Hello Little Mac, (:WAV)

It is just after midnight here and I will take a look at Soya's recommendations in the paragraph near the end.   In the morning I will look at it again.

A couple quick comments about Qnext,  there are [u]no file size limitations[/u]!

My connection is only 256k upload and 300 meg download, for a test I sent a friend web cast to a folder that had the old BMW short movies that used to be on the web, and KaBoom fireworks displays that are choreographed to rock music from San Francisco from 2004 thru 2007. Total file size was 1.18 Gig, it took him just over 30 minutes to download. I tried to send a photo link with around 525 photos from 5 different folders, but it required several minutres longer to load than 250 photos. Those only took about 45 seconds. I’ve not set up a Juke Box yet.

One problem someone wrote about is that Qnext sends the link using your Qnext Buddy name. Some email programs block any emails that are not from where it says it is from. In that instance I just copy the link into a standard email.

I am hoping Comodo will be able to only require a only a few additional rules to enable all the features.
If you visited the home page you know it works with the latest OS for Windows, MAC, and Linux. The most features are found in the Windows version, such as QnextMyPC.

In posting in the Qnext Forums I received one response from someone that has used the Comodo Firewall. The only problem is that particular PC is downl getting a fresh install of Windows etc. So it might be a while before they are able to respond.

Thank you ALL for helping!

The posts in the Qnext Forum might create interest, and some using Qnext might try the Comodo Firewall (after the settings are posted there), and a few here might research and try Qnext.
There are certain enhancements in the Universal IM area, I hope might appear in the next release.
Again what and When? Since they just started, it might be a long When?

Soya hope everything goes well for you, and Little Mac, sometimes I am a little dense, so you might be helping more than you thought.

UncleDoug

Not a problem; I can be plenty dense myself…

What I’d like to see, starting out, is a screenshot of both your Network Monitor and Application Monitor, taken at fullscreen. If you need help with screenshots, there is a post about such in this thread: https://forums.comodo.com/index.php/topic,6167.0.html

Also let me know where you have CFP’s Alert Frequency set (Security/Advanced/Miscellaneous).

Also, I noticed in one of your posts a reference to it checking for UPNP routers; if there is an option in QNext to utilize UPNP, that will need to be disabled (based on p2p apps, which seem to work much the same way), as this will cause it to use a different port each time. The port (possibly ports) will need to be manually configured so that they remain constant. There may be some defaults that it always uses, but most likely on Outbound, not inbound. We really don’t care about outbound as that’s the lesser of our worries; we are most concerned about where it needs to Listen for Inbound access, and that MUST remain constant.

LM

Little Mac, sorry it took so long to get back. Other family member needed to use this PC and I could not figure out how to import (as in Paint) with Faststone image viewer. I used Paint and saved as PNG will be attaching the Network and Application Screen shots. I will be attaching those files at the end. I also could not figure out how to quote here. I said I was dense sometimes (:WIN)

I ran the Qnext Connection Wizard, and when it got to Listen for incoming connections (port 443) I cleared the Comodo Logs, then clicked. Here is the Comodo log which appeared several times.

COMODO Firewall Pro Logs
Date Created: 12:24:02 22-06-2007
Log Scope:: Today Date/Time :2007-06-22 12:22:44Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 207.99.120.130, Port = https(443))Protocol: TCP IncomingSource: 207.99.120.130:14217 Destination: xx.xxx.xxx.85:https(443) TCP Flags: SYN Reason: Network Control Rule ID = 5Date/Time :2007-06-22 12:22:34Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 207.99.120.130, Port = https(443))Protocol: TCP IncomingSource: 207.99.120.130:14217 Destination: xx.xxx.xxx.85:https(443) TCP Flags: SYN Reason: Network Control Rule ID = 5
End of The Report

Everything for Comodo and Qnext are at default settings. The CFP Alert Frequency is set at Low and the items above it show that last box unchecked.

The UPnP is to help those that use routers. Currently I do not but will in about 30 days when I install a new primary HD. I use the Custome Direct (which the Automatic defaults to if a router is not found) I click on Custom then Direct, Check Mark Listen to all Ports, next listen for incoming connections (port 443) fails, then next and finish.

Here are 4 links from Qnext so you might get an idea. There was a 5th about colors and which is preferred.

http://help.qnext.com/topics/connection_performance/improving_your_connection/

This is the one I use
http://help.qnext.com/topics/connection_performance/custom_configuration/

Never needed to port forward, used a router last year but that was before Qnext 3.0
http://help.qnext.com/topics/connection_performance/setting_static_ip_and_port_forwarding/

Hoped you might be able to compare settings and provide recommend settings for Comodo Firewall Plus to Qnext so they could add Comodo Firewall Plus to the Qnext Firewall configuration list
http://help.qnext.com/topics/connection_performance/configuring_firewalls/

As I said I was using the Free Zone Alarm but did not read setup for the Pro version. I added QnextClient exe to the allow list and answered yes to everything including act as a server.

From what I have seen is the Comodo catches more requests, it seems as if IE adds a new one for every link I click on. Not really but almost. I don’t remember if Comodo asked if Qnext could act as a server? But that probably is because of that incoming connection failure.

It will probably be something simple, NO dozen new rule additons, and Qnext will be running with the Lite Green light by my UID and Comodo will pass all tests Stealth, unsolicited incoming packets and the ping test. (:NRD)

Here are the attachements you asked for, since I do not see them in preview, they may appear after I hit Post.

Thank you again
UncleDoug

[attachment deleted by admin]

Hey thanks for those links, UncleDoug - very helpful indeed!

Here’s what you need to do…

First of all, open up the QNext custom config screen (as per your 2nd link) all QNext users should do this and change the default port selections. Based on the screenshot, this is fully allowed

Qnext listens for incoming connections from other Qnext users and web
browsers. Qnext is quite flexible on which port(s) are used as listeners
and allows you to specify custom ports.

The ports selected must be unique to this computer and should not be used
by Qnext on other computers on your network.

I’ve added some highlights for emphasis. You may need to deselect the “Listen on web ports” box in order to change the TCP ports.

You want to choose a different port for each of the Protocols (one for TCP, one for UDP), somewhere high in the range so that they are not commonly used for some other purpose. Something like 35234, 37838 for instance. This way you are setting QNext to use these ports (when you get your router, you’ll need to configure its port forwarding for the ports you choose; another reason for non-standard port numbers)

Here’s why this is important. You will need to add a rule to Network Monitor to Allow In TCP, and another rule to Allow In UDP. If these are set for standard browser-related ports like 80 and 443, you are potentially creating a vulnerability. I did not see anything in their info that would require you to use these ports, so in my opinion it’s best to change them. Outbound, I don’t care. Inbound, I do. And for obvious reasons on the UDP, you don’t want the port that they’ve shown in their example on the internet… :wink: (Note: Network Monitor functions much like a router, but it’s software instead of hardware) The reason you don’t want to use the UPNP feature (even with your router) is because that will randomize the ports used and cause your rules to be defunct; for security, we need to specify the allowed port since these are Inbound rules and we don’t want to risk giving some unknown/unseen evildoer a “key” to our front door…

So here’s what you do:

Open Network Monitor.

Right-click Rule ID 0, and select Add/Add Before. Build the rule like this:

Action: Allow
Protocol: TCP
Direction: In
Source IP: Any
Destination IP: Any
Source Port: Any
Destination Port: Single Port: the port # you selected for TCP (based on your current logs, this would be 443 at present)

OK.

Then Right-click Rule ID 0 again, and select Add/Add Before.

Action: Allow
Protocol: UDP
Direction: In
Source IP: Any
Destination IP: Any
Source Port: Any
Destination Port: Single Port: the port # you selected for UDP

OK.

That should take care of it. Try it and see.

BTW, you mention

From what I have seen is the Comodo catches more requests, it seems as if IE adds a new one for every link I click on. Not really but almost.
. If you’re getting alerts for IE from CFP when you open different websites, it may relate to your Alert Frequency level (Security/Advanced/Miscellaneous); the “higher” that is, the more detail it covers, and will prompt more alerts. Default is Low, and the lead developer for the FW has stated he runs his on Very Low so he only sees one alert per application; with Application Behavior Analysis enabled (which it is by default) this is perfectly secure.

LM

PS: I modified your post to mask out your external IP address, which was included with your log entry. Just FYI…

Little Mac we are getting closer!

I am still using the default settings,

Added the 2 new rules to the Network Monitor. They appeared below the Block rule so I moved it down to be last.

What I found was when I unchecked Listen to all ports, the port number changed to a single port close to the UPD port and Failed when listening for a connection. When I reran the Connection Wizard and rechecked Listen to All ports and ran the Test. It was succesfull!

But the UID is still Amber instead of Lite Green (Best) then Dark Green.

Wondered does the position matter in the rules, and Qnext Support had me add my IP address.
and it worked. But the Ping Test Failed with Shields UP.

Should I add it to one of the rules or both instead of ANY ?

Thank for your patience and Help !
UncleDoug

Sure, you can add your IP addy to both those Network Rules we created earlier. You will do so (since they’re both Inbound rules) as the Destination IP.

I would also move those rules UP in position until they sit at Rule ID 0 and Rule ID 1.

Reason being: the Network rules filter from the top down. Traffic will continue filtering until it reaches a rule that allows it Implicitly or Explicitly, or until it is blocked Explicitly or Implicitly. See this post for a detailed explanation of the rules structure between the various monitors. https://forums.comodo.com/index.php/topic,6167.msg45545.html#msg45545
This way we make sure they are the first priority; we don’t want any other rules possibly interfering.

To my mind, we do not want QNext listening to all ports. This has to do with Comodo’s layered rules and how they work together. But here’s a thought. Go to the Application Monitor, and Edit each of the rules for QNext. Instead of “Apply the following criteria” being checked, check “Allow all activity”; this will mark it as a “trusted” application and input a range for IP & Port that basically encompasses everything.

We still want to define the ports that QNext is using, within the QNext application itself; this is for security, and how it works with Comodo’s rules.

So the thought is:

  1. Define QNext’s connection w/in the application - very limited, very controlled
  2. Define QNext’s connectivity w/in Application Monitor - very broad, so it’s not hampered
  3. Shape QNext’s traffic w/in Network Monitor to create Inbound security

Can you give a screenshot of QNext for your current configuration, and a screenshot (full-screen size) of the Network Monitor.

Tnx,

LM

Little Mac Thank You :■■■■ The UID light is now Lite Green (:CLP)

would also move those rules UP in position until they sit at Rule ID 0 and Rule ID 1.

I moved the TCP to rule 0 and the UDP to rule 1 and the former 0 to rule 3

I then added my IP address

I noticed the comment that was made about SheildsUP I ran the common port test and it failed I then ran the larger port scan and everything passed. All tests have passed since.

I removed my IP address and changed it to ANY just incase after a long shut down it might change and again the tests passed.

To my mind, we do not want QNext listening to all ports. This has to do with Comodo's layered rules and how they work together. But here's a thought. Go to the Application Monitor, and Edit each of the rules for QNext. Instead of "Apply the following criteria" being checked, check "Allow all activity"; this will mark it as a "trusted" application and input a range for IP & Port that basically encompasses everything.

I am passing your concerns about Listening to All Ports to the Qnext Team.
I went to the Application manager and both Qnext Applications for TCP and UDP show allow (did not see Apply) and each under Miscelaneous had a check for allow invisible.

Can you give a screenshot of QNext for your current configuration, and a screenshot (full-screen size) of the Network Monitor.

Could not find a configuration page for Qnext, but it is setup to default and I used Custom - Direct-checked the listen to all ports.

I am going to select the items that worked for me and paste them together. Unfortanately those that use routers and forward ports will have additional rules to create or modify. 88)

Not sure when the next release will be out, but IF you have time to Install Qnext, you might have additional suggestions for running Qnext with The Comodo Firewall Pro.

You would be more aware of what should be and Not be done as for as rules and their modification, than the average user like myself ! (:NRD)

So the thought is:
  1. Define QNext’s connection w/in the application - very limited, very controlled
  2. Define QNext’s connectivity w/in Application Monitor - very broad, so it’s not hampered
  3. Shape QNext’s traffic w/in Network Monitor to create Inbound security

I will attach a shot of the Network Monitor at the end,

I can go back and look but could you list the online connection tests and the one to download that are recommended. This was the first time I found ShieldsUP giving 2 different results.

Thank You again, I do not use all the features The Juke Box or QnextMyPC are two, so if I run into any problems in the future, I will say Hello Again!

I will be back off and on to check this Thread to see if there are any other recommendations. Not yet but I plan on downloading the Comodo anti malware program. Any other of the free Comodo Software is ready for Prime Time :wink:

Again Thank You Thank YOU ALL
UncleDoug

[attachment deleted by admin]

UncleDoug, I’m not in the forums much on weekends, but I wanted to pop in to check on your scenario.

I’ll explain why I say that about QNext listening to all ports. This is peculiar to CFP; with other firewalls it may be fine, nor am I suggesting that QNext in and of itself is a security risk. Just to be clear… :smiley:

With Qnext, you have to create some Inbound rules so that it can receive the connections coming in. In order for this to be accomplished securely, we do not want to create (for example) a Network Monitor rule that allows TCP In without anything else being defined. This is a big NO NO! Might as well leave your front door open, or put the key under the mat!

We’d love to be able to define the Source IP and Port for the incoming connection, but with this scenario, that’s not possible. We can at least, however, define the Destination Port (and possibly IP, if you have a static one). By defining the Destination Port (ie, on your computer), we limit the access point for inbound traffic (you will note there are no Inbound rules in NetMon by default; this would allow an Unsolicited Inbound connection attempt) - by Port and Protocol (this is why we created a separate rule for TCP & UDP, rather than having one combined rule).

With Comodo’s layered rules, since we’ve defined a Protocol and Port to control this Inbound traffic, there MUST be an authorized application (ie, Allowed in Application Monitor) actively running/listening on that specified port. Thus, for security, we want to limit that application (within the application itself, if at all possible) to listen only on the same port/protocol combo as we specify in NetMon. This limits the possibility that some rogue application on our computer (or some malware exploit) will “hijack” the rules and gain unauthorized access.

For online tests like Shields Up!, PCFlank, and others, there is a general consensus amongst security-minded folks that they are not the best indication of security. They are a starting point, and can indicate if there’s a problem. The better test of security is to run a resident scanner (such as SuperScan) that will scan your localhost (127.0.0.1) and give you an accurate report on Open Ports. Online tests are big about this “stealth” rating, and frequently give different results (I’ve tried several back to back and gotten different results from each). Basically, “stealth” means that your firewall dropped their incoming packet silently, instead of giving the appropriate/normal “not available” response.

Here’s where there can be differing opinions… By dropping silently, the potential hacker now has confirmation that your computer is there, and has a firewall. Now some firewalls actually hold all ports Open in order to control and drop packets in this way; this might actually be easier to hack than a port held Closed by the computer itself. If on the other hand, the normal “not available” response for a Closed port is returned, the potential hacker knows there’s a computer there. They do not know if there’s a firewall or not, but they do know the port is closed. Either way, they’ll probably move on to an easier target. Some folks feel like “stealth” is a gimmick. Thus, the reliance on a resident scanner to make sure all ports are truly closed.

Now that you have the greenlight from QNext, I’d love to know your final configuration. For QNext itself (which specified ports, settings, etc). For Application Monitor (the detail of each rule for QNext). For Network Monitor (detail of rules for QNext, their position in the Monitor, etc). Then we can add that to the static FAQ for other users.

LM

Hello again “Little Mac” passed on your information to one of the Staff at Qnext.

There is a lot I don’t utilize in Qnext, so I requested someone on the Qnext team try it with routers, port forwarding etc.

So what I am giving you now is a stripped no router Basic version of Comodo settings for Qnext 3.0
You never know what might change in the next release?

The Application monitor has two settings for Qnext Destination and Ports in both are set to ANY
The top rule is for TCP/UDP IN and the next rule is for TCP/UDP OUT both have Invisible Allow

You shoulld have had a copy of the Network Monitor on the last email

Rule 1 had been UDP/TCP out There were no IN TCP nor UDP rules in until we created them.
I notice on most of the rules the Out rules usually are listed first.

After you look at the screen shot, should I leave it alone, or would you suggest a different ranking order?

Is there a file I could copy from the Comodo program folder and upload to you privately to show the current settings ?

I am going to download that file to check the security. IF IF I see any questions I will be back.

Thank you again for Helping, and I know even though I have the Lite Green Light there still will be other rules to add.

UncleDoug

Little Mac here is a follow up.

Just ran a full scan at Windows.Live.Safety and it showed Open Ports. So I went back to the Comodo Network Monitor and moved TCP and UDP in down to postions 1 and 2.

In my last post I had removed the IP addresses in both and changed them back to any. Well the connection failed this time. Could not check for incoming connections and an amber light next to my UID. I gues ghosting is going on.

Just like when I ran the Shields up test For Common Ports and it Failed. I next did the All Service Port test and it passed, went back and did the Common Ports test and it Passed.

I could not get SuperScan4 to work I tried typing the command “net stop SharedAccess” at the CMD prompt before starting it but as I said it failed. Giving me a Socket error and Administrator error.

What I found was

  1. For Test for Incoming Connections, it works best with the IP address as the destination port.
    2 The Lite Green Light is for UDP connections and again I needed to add my IP address to this rule

Both worked after that ( they still had the recommended ports for incoming still set for each rule)

I moved both rules to positon 1 and 2 and had TCP/UDP out as the top rule to see what would happen Everything still works,

I did this because in the default setup for Network rules the for each type the OUT was always above the IN.

Little Mac not sure if it is Comodo, Qnext, or AIM, but found that the connection for AIM (inside of Qnext) is sometimes not being made and I need to log off and restart.

A similar thing happens for IE 7 I get a script error but then I just click on it again. This might work for Qnext and AIM but found that logging off and back on always worked?
I have no problems with MSN or Yahoo connections with Qnext?

I mentioned that I could not get SuperScan4 to run, but I did run the online scan on the Comodo Web Site “Hacker Guardian”

Had one security not but not sure what to do

Security information found on port/service “general/tcp”

Plugin “Host FQDN”
Category “General remote services (General)”

Thank you again
UncleDoug

Oh your nickname brought back memories. Had a friend in St. Ann Mo (subburb of St.Louis) her dad’s Nickname was Mac for his last name. She went by Anne but her first name was Zelda.

Ultimately with Network Monitor rules order, it should not matter, except that they cannot come after that bottom Block & Log All rule (or it will be blocked, LOL). Where it becomes important is if you are trying to utilize very “general” rules that might allow more than one application. This is why we really want to use high-numbered ports - such as in the tens of thousands - (because they’re not commonly used).

By default there are no In rules in the Network Monitor. We don’t need them for day-to-day stuff; since CFP has a Stateful Packet Inspection engine, we generally only need an Inbound rule to allow unsolicited connections. Doing things like email or browsing are based on Outbound; the email we get, the file we download, the website we visit, are all an Inbound Response to our Outbound Request. I thought at first that QNext would work along these same lines (similar to a lot of remote-access software), but it appears to be closer to a peer-to-peer (p2p) application, and thus requires some In rules.

A thing to keep in mind about online scans for “stealth.” If you have an application like QNext actively running, and have Network Monitor rules to allow it to receive a connection (and this is on a “common” or low-numbered port), it is very likely you will fail the “stealth” scan; the port will be shown as open. And truly, it likely is open at the time. If the application is running, part of its job is to actively listen; this requires the port to be in use. It’s not “open” necessarily in the sense of actively receiving traffic, but it is prepared to do so, and thus may fail the ping test (especially if they utilize a protocol it’s listening for). If you shut it down you shouldn’t have the same issue.

There are other applications, such as TCPView by SysInternals, or CurrPorts by NirSoft, that will show all your active connections, by what application, etc. Some, like What’s Running give a lot of detailed info about each application/process. They don’t do the same thing as SuperScan but can be very helpful; sorry, I can’t give you much help on SuperScan, as I haven’t had any such problems with it - they do have email support, which you could try.

If you’re getting a script error for IE7, it would be a good idea to “google” the error code to see what it is and how it might be resolved. These can sometimes have far-reaching impact and/or indicate other core problems. But be prepared! “Gird up your loins” when you go on the hunt for that, as they can also be confusing sometimes - and I know you don’t want any excess confusion unless absolutely necessary! :wink:

Nor am I sure about HackerWatch’s FQDN error. it appears to relate to a Hosts file issue, but that goes deeper than my knowledge…

LM

Just to summarize and make sure I have everything correct here…

In Application Monitor you have two rules for QNext:

Application: QNextclient.exe
Parent: QNext.exe
Action: Allow
Protocol: TCP/UDP
Direction: In
Destination IP: Any
Destination Port: Any
Miscellaneous: Allow Invisible Connections

Application: QNextclient.exe
Parent: QNext.exe
Action: Allow
Protocol: TCP/UDP
Direction: Out
Destination IP: Any
Destination Port: Any
Miscellaneous: Allow Invisible Connections

Then in Network Monitor you have two rules:

Action: Allow
Protocol: TCP
Direction: In
Source IP: Any
Destination IP: your external IP address
Source Port: Any
Destination Port: port(s) you selected in QNext application configuration

Action: Allow
Protocol: UDP
Direction: In
Source IP: Any
Destination IP: your external IP address
Source Port: Any
Destination Port: port you selected in QNext application configuration

And if I understand correctly, this gives you the full green light in QNext.

What I would like to clarify:

  1. Have you changed the ports used by QNext, or are you still using the defaults?
  2. If on default, have you tried changing them?
  3. Have you disabled the UPNP feature/aspect of QNext?
  4. Is QNext still set to Listen on all ports?

If you have a line on someone specific with QNext support and can direct them here, I’d be happy to interact with them to help iron out a ruleset for various aspects of the program.

LM