DHCP being blocked by Application Monitor

Hello,

Please advise:

I’m unable to get an IP address from my Linksys WRT54G without turning off the Application Monitor.

Here are some log entries:

Date/Time :2007-10-22 20:32:40
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:255.255.255.255: :bootp(67))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 255.255.255.255::bootp(67)

Date/Time :2007-10-22 20:32:37
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:255.255.255.255: :bootp(67))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 255.255.255.255::bootp(67)

It even does this if make an Application Rule for svchost.exe parented by services.exe “Allow all activities for this application”.

I would tear my hair out, but I’m bald already!

Thanks for the information needed to fix this.

I think you need to use the wizard in security/tasks to create a new trusted network for your router. I had a similar problem both with the same linksys router and also a BT Homehub and this fixed it nicely for both routers.

:SMLR

I have the same problem.

Tried as suggested but is fruitless.

Any other advice?

I tried setting up a new trusted network…but it didn’t work. What this does is put new rules in the Network Monitor.

The problem is in the Application Monitor. When I turn off the Application Monitor and leave the Network Monitor active, the DHCP works fine.

When the Application Monitor is on, DHCP does not work.

Have you got any rules in application monitor that block svchost.exe or services.exe?

I think the log entries you posted are as a result of the default block all network rule so it a bit odd that turning off application monitor fixes the problem unless there is a specific rule blocking the files in application monitor.

I will see if any other moderators or staff have any solutions.

:SMLR

I found the problem (after some work).

The problem is being originated by software called “Notebook Hardware Control”.

When the internet connection becomes active this software tries to use svchost through OLE automation and Comodo shows an alert. If I deny access then Comodo creates a rule that then blocks DHCP access.

The rules that are not saved are hidden from the user and seem to be active until one reboots the system. Just unloading Comodo does not seem to clear these temporary rules. And, as mentioned, as far as I can tell, there is nowhere to see what non-saved rules are active.

I have set (i.e. saved the rule) Comodo to accept this behavior (NHC using OLE Automation to access svchost), but when I went the Application Monitor this rule did not show up. Where can I see what the saved rules are for this?

I have a question into the author of NHC asking him to explain the purpose for this implementation of OLE Automation to svchost and svchcst.

Please comment.

And, is there any way to see what the non-saved rules are?

Thanks.

I am using a desktop. Does this mean I will not have the problem as suggested?

I am using a desktop computer, and I just came by here to let you know that I’m having the same problem. DHCP is blocked but I can’t see what rule is blocking it.