Current 2.4 Solutions to Firewall issues

[+] This will be a list of fixes that have worked for others. Mainly focused on 2.4 but will include some things that still apply from previous firewall questions, simply because they still apply. Please also note that currently I am working on adding resolved issues and will take a bit to get them in here but every day “fingers crossed” i’ll be able to add many more.

What you will see in here

[b]The Question is marked :
Question [+]

The Answer is marked :
Answer [+]

The GREEN text is in between responses from postee.

If you see a link, it’s due to such a long response\troubleshooting and simply too much to carry over.
Just copy\paste link and it’ll get you there.

Also, to find a question, simply use the search bar at the top to search this answer thread, I have included the titles of questions to hopefully make it easier. [/b]

I hope this will make it easier for users to find answers to problems much faster. :slight_smile:

Last note: If anyone sees something out of place, no longer applies, or something I have missed, please PM me, thanks.

Paul

Another problem some have is CFP not starting up, not allowing connection.

One instance that can cause this is a firewall not being installed FIRST. If you have anti-virus which is usually the main conflict, try uninstalling it , uninstalling CFP and install CFP FIRST anti-v SECOND. Many times a firewall, since it allows ALL access in\out to everything, it should be installed first.

Question [+]
windows security center doesn’t recognize Comodo?

Answer [+]

  1. Go to the Security Center (Start/Control Panel/Security Center). Go down to the bottom, under “Manage Security Settings for…” and select Windows Firewall. Make sure it’s set to “Off.” Click “OK.” Reboot your computer. Going through those steps (even if Windows FW is already off)

                    OR
    
  2. Go to Start, then Run

In the Run window, type “services.msc” (without the quotes…)

Scroll down to the Security Center entry.

Right-click the SC entry, choose Stop. Wait a few seconds, then close the window and reboot your computer.

       OR
  1. To make it even easier - see attached ZIP file.

[ at ] echo off
cls
echo.
echo Stopping Windows Management Service - please wait …
net stop winmgmt
echo.
echo.
echo Removing Repository folder - please wait …
rd /S /Q %systemroot%\system32\wbem\Repository
echo.
echo.
echo Starting Windows Management Service - please wait …
net start winmgmt
cls
echo.
echo Done!


N.B. The “/S /Q” parameters for the RD command are merely there to supress screen output.

Cheers,
Ewen :slight_smile:

[attachment deleted by admin]

Question [+] MS Active Sync Connection MDA\PDA not working?

Answer [+]

Ports ActiveSync needs to communicate. This is from the MS Knowledgebase. Here is the page.

http://support.microsoft.com/kb/q259369/#appliesto

ActiveSync 4.x requires the following Winsock Transmission Control Protocols (TCP) to be available:
• 990 (RAPI)
• 999 (Status)
• 5721 (DTPT)
• 5678 (Legacy Replication)
• 5679 (Handshake & Legacy Replication)
• 26675 (Airsync)

If socket port filtering occurs on any of these Winsock ports, ActiveSync does not synchronize with Microsoft Windows mobile devices.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Just to see if you can get it working make a rule at the top of the Network Monitor list of rules like this:

Allow-check the checkbox next to this window
TCP
IN
Source IP: any
Dest. IP: any
Source Port: any
Dest. Ports: Choose “A set of ports” and enter these port numbers: 990,999,5721,5678,5679,26675 (separate the numbers with a comma only)

You can right-click the firewall icon down on the right and select “Allow All” then wait for a few seconds and do the same thing and select “Custom” again. This will reset the firewall rules without having to restart the computer.

Try to sync it again to see if you get any log entries to show up.

jasper

Question [+] I am setting up a new laptop (Win XP HE SP2 etc) and have installed Comodo Personal Firewall. It works fine via my wireless router for both email and www using Thunderbird, Firefox and IE.

I am now away from home and trying to get it working with my Nokia Bluetooth GPRS phone. Email downloads fine using Thunderbird but when I try to view any websites using either Firefox or IE it appears to find the site OK but nothing appears in the browser window which eventually times out. If I quit the Comodo firewall and run the Windows firewall instead everything works fine.

I’ve checked the forums and knowledgebase but can find no mention of this problem and also looking in the Comodo manual provides no clues that I can see. Any help and/or suggestions would be gratefully accepted.

JB

Answer[+]

Try to disable “do protocol analysis”.

If it does not work disable “Block fragmented IP datagrams”, and try again.

Hope ti helps,

Panagiotis

Question [+] Hi , I followed the rules for utorrent in network monitor. It just seems strange that the option of only allowing utorrent to use the rule is not there. Is this safe?

Answer [+] Yes it’s safe.
YOU have to start the connection from the inside.
If you do a port scan, you will still be stealthed.
Choose a high port number that no other app use.
Between 40000-65000 is best.

Uncheck the UPnP option and random port in uTorrent settings.

Question [+]

1st.>Loaded up Comodo and my Pop Mail went away. Pop Mail comes back when I tured off “Application Control rules”

I’ve lost popmail for both OutLook and Pop Peeper. I messed around with the “Application Control Rules” allowing everything that could be allowed. I also set everything to “any” that I could set and I can’t get PopMail anywhere.

PS - Imap and Hotmail all work, just PopMail doesn’t work.

2.nd >I cleared the log and then ran Just the TWO problem Apps!

The first two log entries are from Pop-Peeper and last entry is from OutLook.

I will attach the file to this post < note: file is at bottom of answer >

Thanks for you time

Answer [+]

Symantec is using your localhost loopback and this is causing you to be blocked, as CPF sees it as inbound traffic. Probably it’s your antivirus email scanning.

So here’s what should fix it:

Go to Security/Advanced/Miscellaneous. You want to “Skip Loopback…UDP/TCP”, and OK. (That’s two boxes to check…)

Now CPF will ignore that little scenario, which is fine; not a hazard, as it’s an internal thing.

Should resolve it. Let us know…

LM

PS: the way I know it’s a loopback is the IP: 127.x.x.x That’s the localhost of your machine.

***I checked both boxs, restarted, nothing yet. Yes I looked up the app and noticed it was Symantec AV. Also noticed that the program, ccApp.exe is not listed in the Application Control Rules…

Should this and other Symantec stuff be in the RULES area?
PS Got an idea! Turned off Symantec AV email protection and guess what? It works!
Any ideas about this? I’m now going to play around with the AV email client and see what I can find!***

Yes, ccapp.exe needs to be in the Application Rules. You’ll need to go there and click to Add a new rule. ccapp.exe (browse to find the path) goes in the Application field. For the Parent, click “Learn Parent.” Choose to Allow. The rest should default to “Any” which is fine for now. Ok.

Restart, as before. That way the app is in there, allowed.

Here’s the deal. The AV email scan is working like a proxy email server; your email software (Outlook, etc) contacts your POP server, but AV intercepts the email to scan it before it reaches Outlook, and “forwards” it on to Outlook. That makes it an inbound attempt. Lo! CPF stops inbound attempts… Smiley

Setting the rule for it, and taking off the loopback detection should clear it up.

Be sure to Stop and Restart CPF. Wouldn’t hurt to reboot, just to make sure everything’s reset to the new rules/settings.

LM

[attachment deleted by admin]

Question [+]

COMODO installed ok and everything seems to be going great until my son on the wireless connection upstairs going thru my computer could no longer print. In addition, he can no longer use the areas we have set up as shared.

Answer [+]

Set up a trusted network/zone.

Question [+]

Congratulations for firewall version 2.4
I have download and installed the new version but now uTorrent does not work when firewall is enabled.

i am forced to disable the firewall to use uTorrent.
even after i add it to trusted applications it does not works.

is there any way to let some specefic ports to be opened?

Answer [+]

You can find an answer in the FAQ section.

First you need to go in to your settings in uTorrent.
Uncheck the “use random ports” option.
Uncheck the “enable UPnP” option.
Set the port you would like to use. Lets say that we use port 54789.
Now, save your settings and close uTorrent.

Open the firewall (double click the sys tray icon).

Network monitor works like a router, so you have to “forward” port(s),
like you do in a router, for apps like Torrent/P2P.

Go to Network monitor (security/network monitor).
Right click on your block rule and add/add before.
Do these settings.

Action : Allow
Protocol : TCP or UDP
Direction : In
Source IP : Any
Destination IP : Any (or zone if you have one)
Source Port : Any
Destination Port : A single port : 54789

Click OK.
Start uTorrent and give it a few minutes before you think it doesn’t work.

If it doesn’t seem to work, restart CF or reboot your PC.

Always remember to place your allow rules you make, above the default block rule.
Network monitor reads the rules from the top to the bottom.

Also check the log in activity/logs and try to see which rule that blocks your app.

I just tried to set Protocol to “TCP” and Direction to “In”, but I wonder if it is good or I should do “TCP/UDP In”…?

I have another question: “Is there a difference (in term of security protection) if we create that rule (for uTorrent for example) before the “Block & Log” rule or before the first rule?”

uTorrent needs UDP In as well to work, so TCP/UDP In is what I have.

The difference is it depends on what other rules you currently have. If you have just the defaults then this particular rule should not matter whether you placed at the very top or just on top of the block all (last) rule. Remember: the order of priority takes place from top to bottom.

Question [+]
How to backup CPF Rules and Settings?

1.> https://forums.comodo.com/index.php/topic,2366.0.html <<simply copy & paste in address bar

Answer [+]

2.> Currently CPF does not have a backup tool. But dumping the registry key HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall and all of its subkeys should work OK.

Hope this helps,
Egemen

Question [+]

What I am looking for from Comodo Firewall is the ability to limit which IP address ranges my e-mail client (Lotus Notes 6.5.3) can access. For example, when I receive an e-mail from Morningstar, it has embedded images that are resolved via the Internet. When I open that e-mail message in my e-mail client it goes out to the Internet to try and resolve the image. When my firewall tells me this access has been blocked, I run Whois against the blocked IP address to get the IP range to insert in my Sygate firewall access rights for my e-mail client software. I do the same for many other EXPECTED e-mails like from Target stores. However, if I should happen to open a spam e-mail message, I do not want to allow it to access the Internet. Over time I have found about 2 dozen IP ranges that I need to allow in my firewall for my e-mail client application.

I already know that neither the free ZoneAlarm nor the paid version have the ability to do what I want to do. I am hoping that Comodo has this ability.

I hope that makes my situation clearer.

Thanks,
Stu

Answer [+]

Oh absolutely.

The attached screenshot shows the creation of a rule (I’ve used Outlook as the example). The Destination IP tab has several options; I’ve chosen Single IP, which sounds like it would fit your purpose. You could also choose IP Range, and enter a Start IP and End IP for that range.

Let’s say to start with you create a rule to allow LN only access to your email server, at 123.45.67.89. That is now the only address it’s allowed to connect to. You’ll want the Alert Frequency set to Medium or High for good results.

Now, an image from within an email wants to use LN to access 987.65.43.21; this is not the authorized IP address for LN, so CPF will generate a popup alert, which you can choose to deny (and even “Remember” if you want, which will create a rule in the Application Monitor to that effect - this might be good for your purpose).

If you choose “Remember” when you deny access, it’s easy to go back and edit that rule to change from Block to Allow, if you decide you want to allow the image retrieval. That way, you don’t have to create a rule from scratch; otherwise, just Add a rule and build it as you need.

Hope that helps answer your question.

LM

[attachment deleted by admin]

Question [+]

Last week I have installed Comodo Firewall and now I have some questions, the first time, regarding the Component Monitor.
My OS is Windows XP Home SP2, IE7 is my browser and I am connected with the internet through a router. I have the following security applications: NOD32, Windows Defender and Comodo Firewall.
I think the following areas are defended by these measures:
The router is monitoring the incoming internet traffic,
Windows Defender is monitoring the OS and IE7,
Comodo Firewall is monitoring the outgoing internet traffic and
NOD32 is monitoring incoming virusattacks.

At certain moments I wonder whether these application are interfering more or less with one or the other with a negative effect on the performance speed.
For instance I wonder whether the Component Monitor of the Comodo Firewall in certain way is doing the same as Windows Defender.
I have noticed that if the Component Monitor is disabled, the performance is faster.
My questions:

  1. What is the security task of the Component Monitor?
  2. Do you also think that Windows Defender is also performing the same tasks?
  3. What are the negative effects on the Comodo Firewall performance if the Component Monitor is
    disabled, but the Application Monitor is running?

Thank you.

Answer [+]

The componant monitor monitors parts of an application. Here is a good definition from CFP help file:
Quote

A component, when loaded into application’s memory, acts as a part of that application hence having the same network access rights as the application itself.

Comodo Firewall Pro now validates all the components of an application before granting the Internet access. These components may be dynamic link libraries or ActiveX components that an application is using.

Component Control Rules can be added, removed and applied via the Component Monitor.

Windows Defender does monitor applications and their componants, but in a different way than what CFP does.

By disabling any part of any security software you are likely to improve performance it’s just a matter of deciding which you would rather have - better security / better performance.

By disabling the componant monitor of CFP each comonant will be treated as a seperate application and you may need to grant permission for them rather then CFP automatically granting it for you based on application rules - and thus, this may dramatically increase the number of popups you receive from CFP.

Mike

Question [+]

I’ve been using Comodo for a few weeks now and overall I like it a lot but I have been experiencing one particularly vexing problem. The DHCP lease time is set to 1440 minutes (1 day) by default on my router and when that time has expired I lose my internet connection. If I attempt to manually release and renew with ipconfig it reports “no connection to the gateway” - ie, the router at 198.162.1.1. After much tinkering around with the router’s settings (as I had replaced its firmware with dd-wrt), I moved on to tinkering with CPF. I finally tried exiting CPF then running ipconfig /renew and this worked. The only custom rule I have created for CPF so far is to allow my torrent client to listen to a specific port. I suspect that one of the default rules is blocking the DHCP lease renewal request from my machine to the router. At any rate, this is such a basic problem that I’m sure I’m overlooking something so any help would be much appreciated!

Answer [+]Make application rules like this, just to try if it works.
You can worry about tightening up the rules later.

Application : C:\WINDOWS\system32\svchost.exe
Parent : C:\WINDOWS\system32\services.exe

General
Action : allow
Protocol : TCP or UDP
Direction : In

Destination IP : Any

Destination Port : Any

Miscellaneous

Application : C:\WINDOWS\system32\svchost.exe
Parent : C:\WINDOWS\system32\services.exe

General
Action : allow
Protocol : TCP or UDP
Direction : Out

Destination IP : Any

Destination Port : Any

Miscellaneous

Make sure that you have made a trusted zone also.
Reboot your PC.

AOwl: that did the trick - thanks!

Now, why would Comodo create the block all tcp/udp access rule for svchost.exe in the first place? I can’t imagine it being done by default, but I don’t recall answering any popups from Comodo that would have led it to do so.

Also, do I need to reboot or exit/restart Comodo each time I create a rule. I ask not only because you mention doing so but because I previously created two similar rules (allow UDP IN and UDP Out) but they didn’t work.

Once again, thanks for the help!

No, Comodo doesn’t create that rule by default. Probably you have denied a popup…

No, you don’t have to reboot all the time, but if you have problems and think you have made the rules right, a reboot can at least be done just to be sure…
In this case when there is a system file involved, a reboot is sometimes necessary.
Sometimes it’s enough to put it to allow all for a few seconds, and then back to custom.
Sometimes a restart of the firewall is the way to go.
Most often you don’t have to do anything.

Question [+]
I’m having problems getting Medieval II to co-operate with Comodo firewall. With the firewall inactive I can login to the lobby fine. However with it on the firewall kicks in and freezes the game (as it should) but I can’t switch the focus to the firewall window to let it through. I have created a rule for it in Comodo’s application list but it looks like there’s something else to verify. Any ideas? I havn’t found a way to run the game in a window unfortunatley.

Answer [+]

Try the game again. As soon as you have trouble connecting, stop the game and open COMODO. Go to ‘Activity’ - ‘Logs’. Are there any logs there that tell you what was blocked?

Medieval isn’t in the logs, forgot to mention another problems is that I have to restart the PC via the reset button because I can’t close the game or return focus to the desktop anyway.

That would explain why there is nothing in the Log. Didn’t good old Ctrl-Alt-Del work?

Kail

Have you tried “allow all” in application monitor, and “allow invisible…” and “skip advanced security…” for you r game.exe? Also, have you done the same for ALL exe in your game folder? Like update.exe and so on…

Try to turn off network monitor to check if it works. If it does, you have to make a network rule for some port(s).

Try to add your game.dll in component monitor too.

Don’t forget to restart your firewall after you have made your settings.

I’ve managed to get the alert to show on a second monitor Grin, it’s a file to do with the copy protection that comodo was picking up. Thanks for your help!

Question [+]
At first, sorry for my English.

I have big problems to setup OLE rules in CPF. I will figure it only on one example, but there are many other examples on my system.

I have TV Card Hauppauge WinTV PVR 350 that use WinTV software for watching TV. WinTV wants to comunicate with inet, but I do not allow it and block WinTV. Now WinTV trys to use iexplore.exe or opera.exe and so on trough OLE (hcwhook.dll). When I block this OLE object, connection is blocked for all my system.
My BlueTooth stack wants also communicate with inet from time to time trough another aplication. I can give here a lot of other examples.

In simplicity I cannot block any OLE inet communication not to block whole system. I do not want to allow some aplications to communicatie with inet.

What to do? Pleas help.
Thank you.

Answer [+]
Surely you should not block the OLE (system-wide hook), but the parent/child relation TV Card wants to establish with your browsers or with any other Internet applications. Same goes for your BlueTooth stack, which wants to communicate through other applications. Of course the main application (TV Card, Blue Tooth) itself should be blocked first.

Security - Tasks - Define a new banned application. Browse for the application that you don’t want to grant any Internet acces rights, but don’t define any parent. Click ‘OK’. You could go further by defining your browsers or any other of your Internet applications here (players, for example) with TVCard as the parent.

Paul Wynant
Moscow, Russia

Thank you. It seems you helped me.

Question [+]
I am trying to use dreamweaver on a local net work and althought it says it is transfewring files all it does it transfer 0 bytes with the firewall on.

If I turn it off works perfecty well and does as I espect.

I am transfering across my local net works from my XP machine to a sun sparc machine.

What have I get set up wrong on the firewall?

Answer [+]

Solved it by turning off the advance security check

Question [+]
Greetings everyone,

I recently switched from Norton Internet Security to Comodo’s Free Firewall. It’s running much smoother and is great so far.

I’m also running an Apache server (Easy PHP) but other than myself, no one can access my server from outside. When I change the security of the firewall to ‘Allow All’ everyone from outside can access my server no problemo.

Now I have added the apache server to the known list and allowed all connections to it, but it still wont work. With Norton I did the same and it used to work there.

Anyone have any tips as to what I can do? I don’t want to uninstall this great firewall, but I do need to run my server. Every help is appreciated!

Thanks in advance,
Testerer.

Answer [+]
If your server is acting purely as a WWW server, then you’ll need to create a rule allowing port 80 TCP inbound (assuming you have configured your server software to use port 80). Until this rule is in place, the default rules created by CPF will block all unsolicited inbound traffic, which is what a good firewall should do (Sorry, Mr. Norton Wink)

Hope this helps,
Ewen :slight_smile:

And yes, my server is just a www server and is running on port 80. With Norton you only had to add the apache server (.exe) to the trusted list and select allow all inbound/outbound traffic and you’re done. I tried to do the same with CPF but I forgot the port thing hehe
I’ll give that a try when I get back home and let you guys know if it worked.

It worked, port 80 is now forwarded and working like a charm

Question [+]

What is the best way to control a software that opens a ie window to check for updates ?

For example I´ve Ccleaner and when I click the check for a new version feature it opens a ie window.
I´ve tried the i.e. rules with skip and learn the parent but still it allows the Ccleaner to open the window without comodo firewall prompting for an answer.

Answer [+]

Solution found.
Remove and reinstall Ccleaner.
Prompts poping up.

Question [+]

I have a question about the application monitor. I have emule and it runs fine and I can download files. I opened up ports in the Network Monitor for emule. However, Comodo never asked me whether or not allow this application and I don’t see any mention of it in the application monitor. It does appear in my current connections. I’m a little worried that if Comodo just lets emule access the internet, what else could it possibly let access the internet? Any ideas?

Answer [+]
Welcome to the forum
Have you scanned for known applications? I think Emule is a trusted application, and thats why you don’t get bothered with popups. If another app is trying to use Emule to get out, you will get a popup.
You can get more popups if you want, and even for trusted apps if you go to security/advanced/misc and uncheck the “do not show alerts for apps certified by Comodo” and if you want more you can raise the alert frequency level slider.
Comodo’s trusted apps list is “secret”, so that malware can’t add them self to it.
Hope this helps.

That fixed it! Thanks for the help! I’m appreciating Comodo more and more every day!

Question [+]
I installed CPF to test it, using the default configuration, but with XP Firewall active. After rebooting I did not have access to the network. Even giving an application (Firebird) complete access or setting a global “Allow all” did not open the network access. Also disabeling XP Firewall did not change anything.

Answer [+]
If you have a network/router you must go to security/tasks and “define a new trusted network”.
There is no point to have XP firewall at the same time as Comodo firewall. You don’t get better protected, and you only increase the risk for conflicts. And if you also have a router, even the router have an inbound firewall built in to it.
If it still doesn’t work after you have made a trusted zone, and if you have the default rules after choosing “auto” at install, you might have to reinstall it. Just turn off XP firewall before you install.

I tried first on e clean XP installation (backup installation) and it worked without modifying the default settings.

On my “work” installation it worked after the 2nd try (installation)!

Thanks a lot!