Does CPF change things without letting you know?

I had an old Dell C610 laptop running XP with SP2, fully patched, that I was using at work for about 2 years. A few months back I installed CPF 2.4 to see if it was as good as some of the comments being made about it. After getting it all configured it seemed to work fine, so I left it. Sometime towards the end of November or beginning of December 2007 I removed that and installed version Although I never became comfortable with Defense+ it seemed to work faster and better then the 2.x product, so I continued to use it.

About a month ago I started having problems connecting to the network. Strange things, like a “net view” command giving me “System error 6118 has occurred. The list of servers for this workgroup is not currently available”

In my Application Event log I found these errors:
Event ID 1054
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

And some of these:
Event ID 1030
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

In my System Event log there were these errors:
Event ID 40961
The Security System could not establish a secured connection with the server ldap/SERVERNAME.DOMAIN.NAME/DOMAIN.NAME@DOMAIN.NAME. No authentication protocol was available.

Event ID 40960
The Security System detected an attempted downgrade attack for server cifs/DOMAINCONTROLLER.NAME. The failure code from authentication protocol Kerberos was “There are currently no logon servers available to service the logon request. (0xc000005e)”.

Event ID 5783
The session setup to the Windows NT or Windows 2000 Domain Controller \DOMAINCONTROLLER.NAME for the domain DOMAIN.NAME is not responsive. The current RPC call from Netlogon on \WORKSTATION-NAME to \DOMAINCONTROLLER.NAME has been cancelled.

My Network Places could see all the domains we have, but I got an “access denied” message when I tried to view any machines in them (I’m a full Domain Admin, by the way). Furthermore, all the admin tools I have installed locally (AD Users and Computers, AD Trusts, etc) gave me the same type of error. And the login time – from when I typed in my password to when my desktop was visible – was an absolutely insane 25 minutes!

netdiag.exe was giving me these errors:
Testing redirector and browser… Failed
Testing Kerberos authentication… Failed
DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_FOUND]

Using nltest.exe to check my secure channel also failed.

I scoured the internet for an entire day trying to figure out what all of this meant, but to no avail; nothing I tried made any difference whatsoever. Essentially, I was stuck. In a last ditch attempt to figure it out I disabled Symantec AV and Comodo, then rebooted. Same exact thing. Finally, after 1.5 days of this BS I gave up and got the site guys here to give me another laptop (I was kinda due anyway, so it wasn’t all bad).

The new laptop is a Dell D620, not the latest and greatest but certainly better then what I had. I set about reinstalling XP with all the patches. After that, I started on the applications (which was about 15 total). Perhaps half way through I installed the new Comodo

Everything was going along just fine – none of the problems I had before resurfaced. I installed all the applications, tested everything that was failing with the previous one (which all worked) and was using the new laptop for almost a week when it started acting up again.

All of the sudden, things started to deteriorate; “net view” and My Network Places were giving me the same problems, the event log was posting the same errors, and logging in to FOREVER. Basically, I was back to the same spot I was with the old laptop! Again I spent almost a whole day on the internet researching all the various possible solutions, but as before nothing worked. I tried disabling SAV and Comodo again, which didn’t help. Desperate for a solution I uninstalled Comodo.

When I rebooted my laptop miraculously started working again! Every single problem I was having before was now gone, so it was definitely CPF doing it. With that in mind, I have a few questions:

– Since CPF was working fine for days, and absolutely nothing was changed in the configuration at all, why did it stop working? It’s almost as though it was “learning” something that I wasn’t aware of, and decided to disallow certain forms of network communication without my consent. CPF’s firewall log didn’t show me anything indicating it was doing anything like that though.

– If you disable the firewall and defense+, shouldn’t that disable them? I was unable to stop the CPF service, so the only way to truly disable it was to remove the program entirely. I would think that setting the firewall and defense+ to disabled should have done just that, but it appears to have still been active in some manner because the only way I was able to get back working again was to completely uninstall it.

– Has anyone else had problems like this? And if so, what did you do to get around them? I’d certainly like to use CPF, but with what’s happened to me recently I can’t justify reinstalling it unless I can figure out a way to prevent the same thing from reoccurring.

86 views and not a single answer or suggestion? ???

Are your rules using fixed addresses for your devices? This looks like it could be a mismatch between logical and physical IDs, maybe in a local DNS? Or make it 87.

Do you mean are my NIC’s configured to use DHCP or static IP’s? If so, all the NIC’s are using DHCP.

It’s awfully quiet… :slight_smile:


Sorry if my post is not constructive but to be honest I have no clue…Disabling the firewall and/or defense+ should be enough. Is it possible that its conflicting with your AV or another resident software?

If anything changed it had to work. CFP learning is meant to allow more actions. So if you are really motivated you should test this in a more standard way.

Alternatively you can wait if any user experienced the same issue.

How to test:

Step one create a restore point manually and install cfp
Step two setup CFP and let it work.
Step three Export CFP configuration to a different file on a dalily basis.
Step four Wait for the issue and export Cfp configuration to another file.
Step five uninstall cfp and restore your previous saved restore point. This should be enough to setup your laptop like it was.
Search PendingList.txt on your hd ad save it as well (you should find it in all users profile directory tree)

Finally all those different configuration backups will allow to track down what happened CFP wise without doubts.