I’m an "Admin’ on a LAN, and I’m currently using COMODO FW v220.127.116.11. What I’ve noticed after I installed it was that, its incapability to work together with a chat program called “Vypress chat”. We’ve been using VC - vypress.com for over a year now with no issues at all.
So, after installing CPF, this was what we’ve noticed.
Most users on LAN can’t see themselves(their names) on the chat list
Those that can see themselves can’t see other users online
When I type the admin - 192.168.1.1 type on the chat room, I can’t see what I’ve typed on the room i.e it dosen’t show up on my chat, but others can see what I’ve typed
Reduces the number of user’s list on LAN
Now, what rules 've I not created to allow Vypress chat on LAN?
1- I’ve allowed vychat.exe as a trusted application
2- Attached ‘vc4.jpg’
3- Skip advance security check
4- Allow range of 0.0.0.00-255.255.255.255 | Port 0-65535 | TCP/UDP/IN/OUT
5- I have 192.168.1.0 - 255.255.255.255 added to the TRUSTED ZONE/NETWORK
I don’t have any logs relating to that. The only logs have got are just from the rules that’ve I created for my internet connection.
Description: Blocked by Protocol Analysis (Fake or Malformed UDP Packet) Direction: UDP Outgoing Source: 192.168.3.2:1549 Destination: 18.104.22.168:8869 Reason: UDP packet lenght and the size on the wire(1508 bytes) do not match
You might be wondering? But, this has nothing to do with with my LAN. This’s just a rule I created to reduce or lower the traffic coming out from my “ADSL - 192.168.3.2” connection.
I’m currently on a Satellite connection = downloading = 81.168..
and also on an ADSL2 connection = uploading = 192.168.3.2
This rule was just created not to allow/reduce ADSL incoming traffic[since that’s what the sateliite should do]. So, I’m quiet satified with that log and which is even irrelevant to the LAN = 192.168.1.1. My Internet is working great I don’t have issues with that. Just my LAN
To make sure protocol analysis is not causing this issue, can you please disable “Security->Advanced->Advanced attack detection and prevention->Miscellaneous->Block fragmented IP datagrams” option and see if the issue is still the same?
I’ve tried that, but that didn’t do anything, rather it only stop the “(Fake or Malformed UDP Packet)” logs from showing up on the Log Tab.
1- In addition, whilst playing with CPF and the rules, I got this log out. Description: Application Accesss Denied (Vypress.exe:255.255.255.255:8167) Application: C:\Program Files\Vypress Chat\Vychat.exe Parent: C:\WINDOWS\explorer.exe Protocol: UDP Out Destination: 255.255.255.255:8167
Though, this looks strange to me, because I do have a rule allowing vychat.exe any access;
Under the tabs “Security” - “Application Monitor” - " Vychat.exe"
Action: Allow Protocol: TCP or UDP Direction: In/Out
Destination IP: Any
Direction Port: Any
Miscellaneous: All Unmarked
As you can see… “Any” on both which cover the whole range should do it?
2- Little off-topic[Bug]
When changing the log size to a “100MB”, it dosen’t apply it switches back to a “5MB”. Though the other options of 5,10,50(MB) stays.
3- CPF uses/starts up with 2 process at the background “cpf.exe & cmdagent.exe”. What I’ve noticed is that when you “close” both process’s and then restart up CPF(cpf.exe) , you will find out that the firewall starts up but with “no Security Monitoring on”. And ofcourse you’d know that this is where cmdagent.exe comes in to play. but, then how would you lunch cmdagent.exe? going to “C:\Program Files\Comodo\Firewall” and D-clicking on it dosen’t do it, nor is lauching it from your MS-DOS prompt. So, how can you put on the “Security Monitoring” back on/launching cmdagent.exe?!
That is weird. It should not block while you have a rule. Does this happen all the time?
If you kill cmdagent.exe, which is a service, you will have to restart your PC otherwise it will not be started again. You should not kill it otherwise your internet connection will be totally blocked until you reboot.