I’ve suddenly started getting multiple firewall events where basically everything is zero. Application is null, source is 0.0.0.0, destination is 0.0.0.0 direction and protocol are mainly 0, although the odd one does have a direction or non-zero protocol.
Can anyone give me a clue how to find out where this is coming from. I’ve tried to see what is coming in using wireshark but I can’t see anything which would indicate a packet anything like that.
Hi DLW,
Thanks for reporting, Could you check you personal message and provide us the requested logs.
Hi DLW,
Our developers have checked the issue,logs collected from device show as that Comodo Internet Security Helper Service terminated a lot of times,could you please recheck now,do you still face this issue,please also make sure to reboot the device and let us know the current status.
Device has been rebooted and a later insider build has been installed. I have just noticed the the Security Helper Service is restarting multiple times every few minutes. Network Intrusions with nothing in them continue to show in the firewall log and there are still no connections showing for the firewall.
As an added thought, this only started happening with a recent Insider build but I can’t be sure which one.
Hi DLW,
“Network Intrusions with nothing in them continue to show in the firewall log and there are still no connections showing for the firewall”, Does it means firewall log events are shown with entries like Direction - 0,Protocol - 0, Source IP-0.0.0.0 or there are no entries in firewall to show(Firewall event is empty). If possible could you please provide us recent logs by following the procedures that i have sent you in my earlier personal message.
The log entries were as you described and the firewall was still showing no connections. However the problem has been cured by uninstalling and re-installing CIS. But, I have some observations about the process of uninstall and re-install.
The first thing I did was to try the Repair option from the dialogue which comes up from Programs and Features. This said it couldn’t find anything wrong.
I then tried the Change dialogue and told it to remove firewall, completed the reboot and then went through the same process to reinstate the firewall and then rebooted. The effect of that was a complete block on my WiFi, which appeared to connect to the router but in reality didn’t have any usable connection. I therefore had to go through the complete uninstall/reinstall.
So, why didn’t the Repair function find anything wrong when it is now obvious that there was something wrong. And, why did the remove/reinstate the firewall completely ■■■■■ up my WiFi.
One other point, one of the options on uninstall is to uninstall to reinstall. I was anticipating that this meant retaining existing settings when the reinstall is done but that isn’t the case as the firewall settings were not retained.
A further point I meant to make about this. The problem showed up on one of the recent Insider Builds and it happened on two machines. I therefore conclude that there was something in the Microsoft update which corrupted something within CIS. As far as I can remember this is not the first time that Microsoft have sent out updates which has caused problems for Comodo products.
Oh, and one other point. The messages coming from CIS were that the Application Agent was not running but the eventvwr was talking about Internet Security Helper Service. If they are the same thing it might be helpful if messages were saying the same thing.