Firefox and M$ Internet Explorer will not connect to HTTP sites including AOL.com and Yahoo.com and att.net, and many more I have tried, but, will connect to Credit cards’ secure login pages using HTTPS. Would not connect (cannot find server is the standard message) to http://forums.comodo.com, but it did connect here when I tried guessing and entered Comodo Forum !! Then, I was allowed to log into these forums. Skype, for example, connects and talks fine! It uses https.
I have tried editing all the policies and rules I can think of, to make them liberal. Firefox is set as a Trusted Application but, no better. Since I use the webmail interface for my email and have no AOL 9.0 or anything like that, I have been unable to read any email since last Friday, after which this “issue” reared its ugly head. So, I will be grateful for any suggestions here, where I hope I can stay logged in for a long time today.
Hello, adioz86, and thank you for responding so kindly.
Apology for being out of contact - Have been occupied and away from the PC since my post.
Below I will append my system description for your information and use.
Have now been reading your discussions with Silver Wolf in topic, “What is wrong with my firewall?”. I think my policies are not in accord with your suggestions to Silver Wolf, and I wish to work your suggestions into my system and then to test how my system will act. Perhaps this will cure me of all ills and will save you some of the trouble.
Will do that tomorrow morning, I need to have some sleep now, as it is almost 2:00 AM CST here, and I am feeling great fatigue. Will post again probably in the time frame of 10 to 12 hours from now.
“The Earth grows degenerate, corrupt, in these latter days. Evil abounds. Men cheat men in the marketplace; The rulers threaten and oppress the people; Wives despise their husbands; Children defy their elders; even the dogs no longer obey their masters. Surely the end of the world is near.”
Inscription on Assyrian stone tomb, ca. 2200 B.C.
OS: Windows XP Professional SP3, 32b regularly patched by Win Update (but 2 patches on .NET Framework versions fail repeated;y to install) / SYST: HP Pavilion a1020n CPU: Intel P4 519J 3.065 GHz / RAM: 2GB DDR 4200 / HD: 155 GB free on system partition / AV: Avast! 4.8 Home Edition-Free, updated typically 2x per day AS: Windows Defender updated every two to six days. / Ad-Aware Free 8.1.3 / FRWL: Comodo 3.13.126709.581 NETWORK:att.net DSL subscriber line > Westell 6100 modem > Netgear FR114P firewall/router > Realtek RTL8139/810x 100Base-T card > PCI bus on motherboard (No other items in network) Firefox Extensions: NoScript 22.214.171.124; Java Quick Starter 1.0; IE Tab; Forecastfox; Flagfox; DownloadHelper; FireDownload; PDF Download; Move Media Player 7; LinkedIn Companion; Screengrab; WOT. Firefox Plugins: *-IE Tab Plug-in for Mozilla/Firefox; *npmnqmp 989898989877; *Default Plug-in; *NPRuntime Script Plug-in Library for Java™ Deploy; *getplusplusadobe16241; *Adobe PDF Plug-In For Firefox and Netscape; *NPCIG 126.96.36.199; *Office 2003 Plugin for Netscape Navigator; *Shockwave Flash 10.0 r32; *Adobe Shockwave for Director Netscape plug-in, version 11.5; Windows Genuine Advantage 188.8.131.52; *Windows Presentation Foundation (WPF) plug-in for Mozilla browsers [Disabled]; *Npdsplay dll; *Next Generation Java Plug-in 1.6.0_17 for Mozilla browsers; *DRM Netscape Network Object; *DRM Store Netscape Plugin; npybrowserplus_2.4.21
2010-03-26 Corrected the HP Pavilion model no. Incorrect entry was “a1040n”.
Have reconfigured my Policies and Rules and am hoping to hit a good combo, but, it has not happened, yet.
Am attaching screenshots of policies, (1) Firewall Network Security > Global, and then (2) Firewall Network Application, and (3) Def+ Computer Security. Have revised hour after hour, trying to follow the guidance that you gave to Silver Wolf (newbie) on jan. 18 and 19. Didn’t fix the HTTP problem. Still, cannot find server; but HTTPS works!
\ All helpfully intended comments will be appreciated!
P. S. - See post above for details of my Network. - - RxD.
What is “confirmed Malware Zone”, “IEEE Zone”, “probably Good Networks”, “Workstation”? Which IP (ranges) are contained?
Maybe we can decrease the number of these rules.
Your last 3 global rules have no affect, cause above them, is a block rule for all ips and all protocols.
I think there are some redundant rules in global rules.
But therefor you have to show what contains each rule.
In d+ you have just to look if Firefox/IE are allowed for accesing DNS resolve.
A modest complaint about CIS - I had written a full explanation of those zones for you in a window like this, those zones about which you asked, but it took several minutes to compose this information. And then when I clicked on the Post button, Comodo discarded all I had written and told me it had timed me out and said that I would have to log in again! At that time it was after 3:00 am CST. I just wrote you a short one then and fell into bed. Here are answers now, it is a new morning.
I think you don’t need to post screenshots of your settings of global rules. We nearlly remove all.
Before we do this steps, please save your configuration. Go to: Miscellaneous → Manage my Configurations → select activ configuration and export it where ever you want. So if something goes wrong we can go back to this status. But i think it’s not needed. I hope we solve the problem by removing some rules.
Okay, then let us remove some rules.
If you block outgoing traffic to comfirmed malware zone and block incoming from that, then you don’t need the three rules below it.
Incoming traffic is normally never needed, except your computer acts as server. If this is not the case, remove incoming rules.
I also don’t think that you need the rules for probably good networks and IEEE Zone. You have access to this zones, if you configure your apps without IPs - like you have done. So every allowed app can access these sites without this rule.
The block IP In/Out with IP any should be removed as well as the last three rules.
For your Web Browsers Comodo has a predefined rule called Web Browser, you should use this.
You can block explorer.exe complete, i don’t think it’s useful to log this action. You can remove windows updater app. This action is perfromed by svchost.exe
Allow svchost just for outgoing traffic. Please modify rule with Port 67 and 80
Cis don’t need incoming traffic, you can remove this rule. Comodo Files folders can be removed. Avast.setup can be removed, too.
Could you post a screenshot of your Blocked Network zone and the rules inside it?
I have looked at your D+ settings. I would not recommend to set explorer.exe as windows app. So every app can start through explorer.exe. You decrease your security. I would not set services.exe as Windows System app. you will never get an alert, if a driver is installed. Some malware do this. If you want to change it tell me, i will give you advice.
At which level do you have the slider for your Defense+ settings and Firewall settings?
For firewall i would recommend custom policy and in the same window, but tab alert settings, i would recommend to slide it to high, so you will get an alert for every port. Please check all checkboxes in this tab. If your Computer doesn’t share it’s connection with another computer, then uncheck “this computer is a internet connection gateway”.
You gave me some really good guidance in your last, and i have just worked for more than two hours, to reply to you in full, responding to each of your comments and instructions. And when I attached my screenshot of the Predefined Firewall Policy “Blocked Application” and hit the “Post” button, Comodo hiccupped and dumped my reply into the Intergalactic BitBucket. No way I know, to bring it back.
This behaviour is really disgusting, and i am not going to stay up until 3AM to do that again. Maybe i can control my anger at Comodo by tomorrow afternoon, and do it again.
Basically, I would say that I made changes that complied with all your guidance except for the phrase that reads, “For firewall i would recommend custom policy” - - I do not understand precisely what you want me to do here - - please clarify, as to the object to which this Custom Policy is to be applied? and also please advise what Rule(s) should be contained in this Custom Policy?
My Firewall slider is set to Safe mode, and also my Defense+ is set to Safe, and the Alert Frequency setting is High. By the way, the Help frequently recommends using a mode that it calls “Train with Safe Mode” and I do not find this mode anywhere. Is the Firewall/Safe mode exactly the same as the mode that the Help recommends?
So i meant in Firewall behavior settings to set the silder to custom policy except of Safe Mode. In (Train with) Safe Mode every action of safe-marked apps are learnt. For Firewall i would not recommend it. In custom policy you get an alert for every action that has not already been asked and remebered before.
If you worked out my guide, i think http should work now. If not, then we have to look further.
Let’s try something: Create a global rule: Allow TCP Out Source/Dest.IP: any Source Port: any Des. Port: 80
with logging enabled. Then surf a bit with firefox to sites you normal visit wth HTTP.
After that, have a look at your Firewall Log if there is a connection for firefox for HTTP logged.
Thanks, I think I “get” that custom setting. We want Firewall NOT to learn without approval from the console. Correct?
Whether I did get this correctly, or not, what happens to all the things that Safe mode has already learned? If they were Allow-ed, with Remember… checked, then I expect that each was added to the Safe list and would not be presented again. Correct?
And, if they were Allow-ed but remember box was NOT Checked, then, I guess that they WILL BE presented again for Allow/Deny decision?
Can you please tell me if there is a way to view the Safe list? Is there a way to edit the list to remove items?
I think http seems to be working again now. Will confirm tomorrow.
It’s past bedtime again and I have a meeting in the morning early, so I must go to find some sleeping time. Until tomorrow afternoon, (tomorrow means Monday, this is “tonight” and the next day is “tomorrow” to me),thanks again for all your help.
Thanks, I think I "get" that custom setting. We want Firewall NOT to learn without approval from the console. Correct?
1) Whether I did get this correctly, or not, what happens to all the things that Safe mode has already learned? If they were Allow-ed, with Remember... checked, then I expect that each was added to the Safe list and would not be presented again. Correct?
Every action of safe apps are learnt -> Allowed and remembered. That's why it's called "Train with Safe Mode. You are protected against actions from all other apps except the whitelisted one.
2) And, if they were Allow-ed but remember box was NOT Checked, then, I guess that they WILL BE presented again for Allow/Deny decision?
This ou can only do by a user decision in a alert window.
3) Can you please tell me if there is a way to view the Safe list? Is there a way to edit the list to remove items?
I just know about a trusted vendor list in Defense+, but AFAIK such a Safe list is not public.
Thanks for the good coaching, back in Jan. I have things pretty well straightened out, I think now.
Where can you advise me, to post a requested feature for COMODO to put into an upcoming build? The thing I want is, a list or printout of my “whitelisted” items, those that I have designated Allowed in an Alert window, the items marked Allow with Remember. This list needs to allow editing, i.e., removal of bad items, correction of bad decisions by the user.
I know that I might have made a mistake or three in my Allowing things with Remember, and then realizing that I want still to be notified again of what a particular item, not trusted yet, is doing to me. If I clicked Allow without noticing the Remember box was checked, I need to be able to correct that mistake. We newbies will make mistakes, in the hurry to make the Allow or Block decisions before the Alert window drops.
Maybe, you can tell me how to make this kind of correction, without my posting a request to COMODO.
The problem is, that if you allow an action with/without remebering, this is not logged anywhere.
So if you don’t know which program it has been and which action you have allowed, you have to look up every single access right of every app to find what you have done, if you checked remember.