Current 2.4 Solutions to Firewall issues

Question [+]
Hi, im having a problem with Comodo & Microsoft Update. Everytime i try to scan for updates on MS Update i get the following error code: 0x8024402C. Now i have followed the steps and numerous articles that MS have suggested, but i still cant resolve the problem. I have also tried clearing the application and componant sections in the firewall and allowing them access to the internet again, but this has made little difference. I have also un installed Comodo and tried with Zone Alarm (Temporarily), and the problem corrected itself, so its a problem with Comodo.

Im using IE6 for MS Update

Answer [+]
I only had the problem with windows automatic update, with no error message, just the windows update process stopping. I solved it by granting full access to the application %SystemRoot%\system32\wupdmgr.exe. No more problem after that. Hope that can help.

Thanks, it worked a treat

Question [+]
I am running the free Comodo firewall 2.3.6.81 on XP professional with IIS 5.1. I am developing in Visual Web Developer 2005 Express.

You don’t need IIS to develop in this IDE and I have no trouble launching and testing my app as I build.

Also, I have no trouble when I launch the site using IIS (outside of the IDE) in IE 7: http://localhost/demo/.

But I cannot launch my web site in IIS when I use my IP address: http://XXX.XXX.X.X/demo. (I can if I turn off the firewall, which, of course, I don’t want to do.)

How do I give permission to my web site so I can access it using my IP address? I don’t know which to use: Application, Component or Network Monitor dialogs? How do I specify the Application name in the Application Monitor? The “application” is just a set of aspx files, no exe or dlls. Same with the Component monitor dialog. Do I give permission to an aspx file? And as for the Network Monitor dialog, why would I have to give permission to my own computer?

Thank you.

Answer [+]
Hello Jackson, and welcome to the forums.

It’s strange that CPF would be preventing that… doesn’t quite sound right. We’re talking about trying to access the site from the same PC running IIS, right?

I’m grasping, but I would try running the trusted zone wizard and let it add the 2 new network rules.

Did you “bind” your webs to the PC IP? How are your headers configured?

m0ng0d

In summary, if you can access it from within the IDE and by referencing it as localhost, the internal comms are OK, but if you reference it by your outward facing IP you can’t.

If these are correct, I would assume that CPF is blocking the inbound request because there is no network monitor rule to allow an unsolicited request TO port 80 on your PC.

To manually add this rule, go to SECURITY - NETWORK MONITOR and use the following parameters in a new rule (assuming your web server is configured to use port 80);

Action : ALLOW
Protocol : TCP
Direction : IN
Source IP : ANY
Destination IP : YOUR IP ADDRESS GOES HERE
Source Port : ANY
Destination Port : 80 (or whatever port your sever is set to listen on)

If you’re behind a router, you’ll need to ensure that the appropriate port is forwarded to your internal IP correctly.

You shouldn’t need to do anything else to get it to work, as the APSXs will load inside the browser. As the FW is configured to allow ingress to your server, actions based upon that approved request are likewise approved, so the app loaded by the index.htm page should, all things being equal, execute without requiring any further permissions.

Hope this helps,
Ewen :slight_smile:

Thank you both m0ng0d and panic for your responses.

Yes, I’m trying to access the site from the same pc running iis. But also, I have another computer here at home running off the same router. Trying to access the site using the IP address seems to give the same results no matter which computer I’m using.

I tried the instructions to set up a SECURITY - NETWORK MONITOR rule that panic gave, and it worked.

I messed around quite some time after that to see if I could reconfigure the web site’s properties and do without the rule, but suffice it to say that I ran out of patience before I really learned anything.

I think this rule is necessary, but I’m not really sure. Anyway, it works. Thanks lots.

Ummm… if it doesn’t work without it and does work with it, then yeah, I’d say it’s pretty necessary. Wink

If you are only trying to access it from PCs on the SAME SIDE OF YOUR ROUTER AS THE SERVER, then you could always define a zone and set it as trusted. This will allow almost total communications on this side of your router to/from any device on the subnet described in the zone setup.

Always remember, if you are referencing a computer by the OUTWARDS facing IP address, any request for that publicly accessible address will go out onto the internet and then back in to the external IP, even if they’re side by side and on the same subnet. If you post a letter to your wife it still goes out to the post office before coming back home. Wink

Mind you, defining a trusted zone will automatically create two rules anyway.

In the words of Thomas Edison, “■■■■ the theory if the machinery works!”

Glad its resolved. I’ll mark this topic as resolved and lock it.

Cheers,
Ewen :slight_smile:

Question [+]

Hoping someone can help with a problem I have with CFW.

I use a program called Echolink (a little like SKYPE but for Amateur Radio), now I can get the program to open up but there is a list of operators (nodes) and when I try to connect CFW refuses to let me, although the program has been allowed.

Each of the ‘nodes’ do have different IP addresses, so I was wondering what settings I need to implement, so as to allow the connections.

I suffered the same problems with Kerio, which is why I moved to ZA (which worked OK) but I much prefer CFW, if I could just get the settings sorted.

Thanks
Astro

Answer [+]
Lets see if this helps.

Go to the program in the Application monitor click the program, then click Edit, in the Window that comes up with the rule settings click the circle that says allow all activities for this application, then check the following boxes, Allow Invisible Connection Attemps, and Skip Advanced Security Checks.

Justin…

You are the man

Everything is working fine, just wish I was a little more knowledgeable when it comes to things like this.

Thanks a MILLION

Question [+]
I have this file : boot.ini.comodofirewall in my C drive (Screenshot available). I’m not really concerned, but I would like to know if it can be deleted, or is it a nessary file for CPF. Thanks for the help in advance.

Answer [+]

It is the old boot.ini file backed up after activating Windows DEP. CPF does not use it, neither will Windows. You can keep it in another place or delete it.

Egemen

[attachment deleted by admin]

Question [+]
I tried to use adobe updater to check for updates, the application says it’s waiting for an internet connection, however I’m never prompted to let it through.

Answer [+]
Sorry once again, please mark this as resolved. After doing some more checking I found the real problem. It appears that IE7 breaks Adobe Updater. Both computers with Comodo also have IE7.

Question [+]
ever since i installed comodo firewall i get disconnected from internet. sometimes only once a day,
other times every hour or so.
When that happens windows is trying to reastablish the connection, but always fail and i get
a “limited” connection. When i press “repair” it wont fix it.

The only way to fix the problem is by shutting down the firewall completely and press repair, then
it goes online again, and then i can start the firewall.

This is really annoying and i havent had to do this with any other firewall i have tested.

I am connected directly to internet via a cable modem, no routers or stuff.
And i have a dynamic ip…though it only changes the ip if i have been offline for one hour or so.

any thoughts of how i can fix this problem?..otherwise i have to turn to another firewall, and that
would be a shame, cause i really like this one.

Answer [+]
Hey, zant, sorry you’re having this problem. Let’s see if we can’t get it resolved.

Three things to try, one at a time:

First, run the Application Wizard. Go to Security/Tasks/Scan for known applications (lower right). follow the prompts. Reboot.

Check it all out, see if that works. If not:

Second, go to Security/Advanced/Miscellaneous, and uncheck the box, “Do not show alerts for applications certified by Comodo”, then move the Alert Frequency up to High or Very High. OK. Reboot.

This will increase your alerts; I’m thinking at some point you may have blocked svchost.exe (in fact, look in your Application Monitor to see if there’s a block rule for it). You can move your alerts back down later, when you want. If that doesn’t fix it:

Third, go to Security/Advanced/Application Behavior Analsys, and uncheck the box “Monitor DNS Queries.” OK. Reboot.

See if that doesn’t fix it.

Do them one at a time, so you’ll know for sure what resolved it. If none of these work, we’ll dig into the logs.

LM

you were right. one of the svchost rules was set to block…working now…thanks

Note: This was was a bit lengthy and had multiple issues so I just linked it. Onwards>>

https://forums.comodo.com/index.php/topic,5174.msg37979.html#msg37979

Paul

edit: I added the code for the link to work; hope you don’t mind - LM

Question [+]
When I have CPF turned off, Nero Home can view my UPnP Media Server that is running on the network. When I have it turned on, it can’t find it.

What can I do to trouble shoot this?

Answer [+]
If I where you I would go to security/advanced/misc, and uncheck “do not show alerts for apps certified by comodo”, and check “skip loopback… TCP”, and raise the alert frequency slider to the top.
Reboot and allow and remember everything with svchost and Nero home and so on…
Let us know how it goes.

Finally, success
doing what you said, after reboot, started poping up lots of svchost and so on popups from CPF and I allowed them all, and then Nero Home started working and was able to view my network UPNP media server

Question [+]
I installed Proxomitron. It is a perfect web filter. He works as a local proxy. All incoming and outgoing conections of my browser pass through his local proxy. Yesterday I installed Comodo Firewall. After that I tried to surf Internet and browser report an error about what the proxy doesn’t response. I made the Proxomitron as a Trusted Application but this doesn’t help me. How to resolve this problem?

Answer [+]
After restart of computer ALL WORKS! Thank you very much!

Question [+]
I’ve installed CPF on my gf’s old computer and it worked fine. In December, she got a new computer and it did work fine until she had to buy a router to share the internet connection with the rest of the household. She couldn’t get the type I recommended so she had to settle for a Linksys WRT54G-UK wireless router. She has ADSL that uses PPOE (Netopia 3000 Modem). I had problems trying to get the IP passthrough to the Linksys router (worked from the Netopia modem to one of her NIC’s but not to the router). What I did then was to hook up her ethernet connection to the router (works fine) and use the USB connection as the IP Passthrough whenever she needed a VPN or wanted me to troubleshoot a problem on her pc when I’m not around.

The arrangement worked fine until sometime last week. Upon a reboot, she could only get connection on the NIC that went through the router. The second NIC (USB connection) would register an IP address of 169.254.xxx.xxx. I got her to disable CPF by chosing allow all and renew the IP or disable and re-enable. That caused the IP to be renewed and workable. However, the moment CPF is set back to the normal settings, the NIC disconnects, tries to get an IP address, fails and is thrown back to the 169.254.xxx.xxx address. I’ve removed and reinstalled CPF to no avail.

Now, she’s stuck without a VPN as getting the linksys to first register the external IP through IP passthrough hasn’t proved successful. For one, it doesn’t have a setting for setting static IP addresses. Any advice/help would be appreciated.

Answer [+]
Just wanted to say that I got the problem resolved. I had to go over and check on her pc paying particular attention to the logs once I turned on the firewall after disabling and re-enabling the NIC in question. Turned out one of the SCVHOSTE.EXE files were blocked upon closer scrutiny. Once I unblocked it, everything went smoothly. What I can’t figure out is Huh why would there be two different scvhost.exe entries for the separate NICS? Gosh, Microsoft is so weird with their implementations.

Another lengthy thread>>

https://forums.comodo.com/index.php/topic,5109.msg37512.html#msg37512

Paul

Question [+]
I have just installed Comodo Firewall and everything is going pretty well, the only problem I am having is that it doesn’t load at Windows startup. When I check the task manager I have cmdagent.exe running but not cpf.exe, its not even in Msconfig (Startup).
I would have thought that it would have started automatically when Windows starts.

Do I have to add it to my Startup folder?.

Answer [+]
There were many steps to try to get here so simply posted another link…

https://forums.comodo.com/index.php/topic,5710.msg42214.html#msg42214

There are some great rules and tutorials\discussion concerning Emule\Bittorent here…

https://forums.comodo.com/index.php/topic,411.0.html

Paul

Question [+]

I have read all the related posts but i still cannot understand what is going on. I cannot pass the Stealth test at GRC.com unless my router’s firewall is enabled. If it is disabled I get several ports simply closed or even open (the results are in the attached file). Does this mean I am not fully protected without the router’s firewall enabled?

Answer [+]

No, it does not mean you are not fully protected. If you chose Automatic for CPF’s installation, have not altered those core rules created by default in the Network Monitor, or in some other way altered CPF’s security configuration (meaning that you’ve gone into Security/Advanced and changed CPF’s settings; I’m not referring to adding Application Rules), then you are protected.

The online tests are not the best indicator of security, although they point users in that direction. They all tend to give different results. For instance, at work, I fail GRC’s “stealth” test, but pass PCFlank’s just fine; and I know for a fact I have no open ports.

Running a resident scan, such as SuperScan 4 is a much better indicator of the state of your security. SuperScan is a free utility available here: http://www.foundstone.com/resources/proddesc/superscan.htm. You will set it to scan 127.0.0.1 (your system localhost). You can also scan other computers on your LAN, your own IP, router, etc, but the primary thing is you want to make sure your computer is secure.

If you find that any of your ports are indeed open, Foundstone also has a free tool called FPort, available here: http://www.foundstone.com/resources/proddesc/fport.htm; it shows what application owns the open port, processes, etc.

Hope that helps,

LM

PS: It should be noted that the caveat to CPF’s protection status is that the user has not reduced the security created by CPF’s default settings - if the user installs on Manual to pick their own setup, or changes CPF’s advanced security settings, the protection may be compromised. This does not mean that settings cannot be changed; only that in changing, we need to make sure we know what we are actually doing…

o would it be clever to disable hardware firewall or should I leave it up to enhance security?

Leave your hardware firewall active, my friend! It improves your security.

The hardware firewall’s purpose is to keep attackers out, and it is much harder to breach (provided you have changed the default password to a new, strong password). However, it will not stop anything you are downloading onto your computer, since you are authorizing the transfer.

A software firewall’s purpose is to keep things in (malware, personal information, etc). If you do get a virus/trojan, and it tries to hijack your system to get back out (for any purpose), the firewall should identify and stop the attempt (or give you a warning, so you can choose to stop it). Most software firewalls, in addition, also have measures to help keep attackers out as well, but that is not the primary purpose.

So, use both your hardware & software firewalls, for better security!

LM

[attachment deleted by admin]

Another long resolution: > https://forums.comodo.com/index.php/topic,4387.msg32750.html#msg32750

Paul

Question [+]
Brothers, do you know if there is some advice for using Comodo and Torrent program together?

I started to use Comodo and I like so much. I made test from web and results were good.
But when I started Torrent, the up was 0 for many minutes until begin to change a little bit… Someone knows why?
Comodo get better something in web connection?
Let me know…

Other thing: Why does appear in “Component monitor” the note “Learning”? How can I learn to configure this item? While I don’t get this, there is any danger ou harm to me?

Thanks for atention.

Answer [+]

You should keep component monitor in learning.

About Torrent.
Set a port in your torrent program, let’s say 51234
If there is settings like UPnP and random ports, uncheck them.
Now you should open a port in network monitor.
Network monitor works like a router, so you have to “forward” port(s),
like you do in a router, for apps like Torrent/P2P.

Go to Network monitor (security/network monitor).
Right click on your top rule and add/add after.
Do these settings.

Action : Allow
Protocol : TCP or UDP
Direction : In
Source IP : Any
Destination IP : Any
Source Port : Any
Destination Port : A single port : 51234

If it doesn’t seem to work, restart CF or reboot your PC.

Always remember to place your allow rules you make, above the default block rule.
Network monitor reads the rules from the top to the bottom.

Also check the log in activity/logs and try to see which rule that blocks your app.

Aowl

Thanks so much for your help.
I believe my dial up connection is better now. A port is open and allowed.

Thanks for your patience.

I’m liking a lot Comodo Firewall. It seems more stable than ZA. This last is a past in my pc.

Regards…

Question [+]
I am new to firewalls but am learning in a hurry!

I am currently running a laptop off-line, while I work on cleaning up an infestation of mal/adware.

My installation of CPF pops up two alerts, both warning me of

Generic Host Process for Win 32 services is trying to act as a server.
Application: svchost.exe
Parent: services.exe
IP Listen Port: [in one case] ms-rpc(135) - TCP
[in the other] listen(1025) - TCP

Although my configuration settings are defaulted to alerts disappearing after 120 sec, these two alerts just stay on the screen.

At the moment I do not want to make any decisions about allow/block, because I am still trying to identify and clean up other processes that are trying to access the internet.

Can anyone advise me:

  1. whether I should allow/block these? and/or
  2. whether they should/will disappear if I do?

Thanks in advance.

Answer [+]
It is fine to allow them, they are parts of Windows, and the parent seems fine. If you are not completely sure you can click allow or deny without selecting the Remember option this way you can choose another option later when the component needs access again.

Thanks, Justin, especially for the very quick response!

Question [+]

I got a BSOD after 2.4 update.

Answer [+]

First go here>

  1. Download the 2.4 version and save it to disk.

  2. Now, if need be unhook from the internet, or enable XP after this for a quick fix. Uninstall 2.3, restart the system.

  3. When OS is loaded, close down other security softwares if need be, I didn’t have to but some may conflict.

  4. Do a restart and all should be well. It worked for me and have since had no BSOD.

Cheers,

Paul

A note: stopping ctfmon.exe may have been more coincidence in my case than fact but I did open task manager and stop the process but most likely this does NOT have to be done.

P.S. Thank you to Aowl for the help on this one.