Firewall driver problem revisited

I had originally encountered this back in November '08, passed it on to Melih who in turn gave it to the developers. Not hearing back, I continued using my workaround of disabling the CIS Firewall Driver. It’s been “out of sight/out of mind” until I recently was reviewing my system security. This is my original post:

I find it takes websites 10-20 seconds to display when the driver is enabled, but immediate when disabled. I normally run Vista Home Premium, avast Pro v4.8, Malwarebytes MBAM, and CIS Firewall/Defense+ (Internet Security - Updated configuration, Firewall set to safe mode, and Defense+ set to safe mode). This occurs whether I’m using Firefox3 or IE7 and accessing the internet via wireless or ethernet adapters.

I just went back to a fresh install of Vista with only the system drivers installed. I then installed the latest version of CIS (including the AV component) and Firefox to rule out other software conflicts. It behaved exactly the same… I have no problems with my XP Pro desktop, but came to realize the driver doesn’t appear to be installed/used with XP (not asked if want to install it and it’s not listed in the network adapter properties). I also tried installing CIS in Vista and telling it not to install the driver but CIS reports it’s not functioning properly, have to run diagnostics which in turn has me install the driver after all…

The only impact I see in having the firewall driver disabled is the Network Defense summary does not display the outbound/inbound connections correctly. Stealth testing seems fine, but I’m concerned I’m creating a potential security risk. Any insights on this problem or most importantly, whether there are any security concerns having this driver disabled are appreciated.

Lastly, I have followed up with Melih and am waiting for a reply. Again thanks!

How do you connect to the internet? Are you using a router? If so, it’s likely your stealth testing has been testing your router and not your software firewall.

Good point - I am behind a router… One thing I had neglected to do was run the Leak Test Suite and think I came across one issue. The ICMP, DNS, and COAT tests failed when the Firewall driver is disabled. I did have to set the configuration from Internet Security - Updated to Proactive (with Firewall driver enabled) to score a 340/340.

This has me wondering if indeed I’m going to be operating at less than 100% secure in order to be able to browse at a reasonable pace.

If you are behind a router, it’s going to be taking the brunt of the nasties for you even if its firewall is off (Does your router have a built in firewall?) due to the way NAT works. Unless you are running your router in DMZ mode, your software firewall isn’t going to be doing much except for giving you outbound traffic protection.

Granted, I feel that outbound protection is worth running the Comodo firewall even from behind a router. But if you’re failing the leaktests, it sounds like you aren’t getting the outbound protection.

I wish I had a better answer for you, but unless the devs come up with something, you may be stuck with your router and a different software firewall than Comodo.

Thanks! I haven’t been extremely worried having the router in place, but still want to have my systems as secure as possible (as is most everyone’s desire). My router does provide dual firewall security (SPI and NAT) and I don’t have a DMZ in place. If I remember correctly, earlier posts showed CIS did the best in regards to leak testing performance. My thinking is that CIS at a slightly disabled level might still be better than others out there. I realize this isn’t the forum to be asking the question, but does someone have a better (and preferably free) option for my situation?

The secondary question I have is why am I the only one who appears to be encountering this issue? Thinking aloud, I can only think it has to be specific to my laptop (Dell Inspiron 1521/Vista Home Premium and does seem Dell drivers can be problematic), yet… I have it set up as a dual boot with Vista and XP Pro and it only occurs when running Vista. Of course only Vista appears to use the Firewall Driver, but would both adapters have driver conflicts? Is there something else that could be having a conflict with CIS’ Firewall Driver?

In any case, my main concern is maintaining optimal security whether it is with CIS or another package so any suggestions are appreciated!

when I install the latest version of Comodo, (using Vista Home Premium and Avast 4.8 as well) it completely shuts my internet connection down! (no access at all) A solution I’ve been using is rolling back to 3.5.57173.439, as none of the 3.8 versions work as well - for me!

I can’t remember if I tried that or not… The word back is to keep the fingers crossed that v3.9 resolves the issues (release is expected April 14, 2009). Thanks for the suggestion!

Want to try the 3.9 beta?

Are you using by any incident a motherboard with an NVIDIA chipset. They come or used to come with a hardware firewall built in that is a known as a possible troublemaker when switched on.

Does using another ethernet NIC, using a different chip then your current NIC, bring any solace here?

Are you sure the rules you set up for CIS are the same as to the ones used on your XP system?

I’d give it a go! I’m downloading it right now, will install and test keeping the firewall driver enabled, and post the results here. Let me know if you want me post it elsewhere or PM you or…

I’m running into problems on my Dell Laptop (Inspiron 1521) with integrated ATI Radeon X1200 series video, so no go there. I’d tried both adapters (wireless 1390 WLAN mini-card and Broadcom 440x 10/100 Integrated) with the same results. I thought it could be a conflict between the firewall driver and the network adapter driver, but doesn’t appear to be the case. All I know is if I enable the firewall driver, it slows to a crawl. Disable it and I’m back in business. Unless I’m not looking at it correctly, it seems the XP install doesn’t use the firewall driver - at least it’s not listed in the network adapter properties…

I can’t say for 100%, but almost positive (memory is going!). I used the installation default settings though did change to both using safe mode for Firewall and D+. I do see that I have XP running using the Proactive configuration while Vista is set to Internet, though I don’t think this would have any effect. I can always change my Vista install to use Proactive as a test… Also I did change IE 7 and Firefox 3 from custom to Web Browser.

Let me know if you have any other questions or thoughts - but as said, will give the beta a test and see how it goes. And as always, thanks everyone!

I installed the 3.9 beta version (minus the AV component) with the default settings and the problem still seems to exist - but I want to do a little more testing. Unfortunately I likely won’t be able to get to it until Monday.

A quick test of it using IE and the default settings from install (w/sharing enabled for all pc’s on the network) and seeing up to 25 seconds to load completely. Going in and disabling the Comodo Firewall Driver and waiting until network connection has reestablished, IE opens and displays within 2 seconds as expected.

Again, want to check over the settings and do some testing but it certainly appears to be there. It has to be the Firewall driver not playing well with something - question is what? Will keep you posted - or will start a new post in the beta area if that’s better(?)

I am wondering. In the past it has happened that even after uninstalling CIS or CFP there was a driver left that could be made visible in Device Manager.

Open Device Manager and go to View → show hidden devices in Device manager to make the non Plug and Play drivers visible. Select the Comodo driver → right click → uninstall.

Are you willing to uninstall CIS and try the above? Remember to export your configuration so you don’t have to repeat setting up CIS.

I see two drivers listed under non-Plug and Play Drivers: CIS Firewall Driver and CIS Helper Driver. I’ll export my configuration, uninstall CIS, and if necessary, uninstall these two drivers. I’m a bit doubtful it’ll do anything because I remember being asked if I wanted to install the(se) driver(s) the last time I installed CIS. Sorry, don’t remember the exact wording for this component, but will make note of it during the next install.

Testing awhile back (before trying CIS 3.9 beta), I was curious and and answered no. This led to my having problems with CIS and had to run the diagnostics repair. It recognized missing driver(s) and prompted me to do the install.

Will give your recommendation a try and let you know what I find…thanks!

Sorry for taking a bit to respond. I uninstalled, made sure the drivers were gone, and reinstalled with the latest update installed. The problem is still there - so can only figure it’s hitting some kind of conflict with my drivers since I’d tested before with a clean install without any software installed (granted at the time it wasn’t the 3.9 beta but…). Again have tried both IE7 and FF3 and both network adapters with the same e

I’ve attached a screen capture of my wireless connection properties in case something stands out…

A side note, just did a software install and I seem to be in an endless loop getting out of installation mode. The Defense+ Security level warning window keeps popping up and I select yes to return to the previous mode but it doesn’t seem to switch back. The summary window shows it to be in safe mode. I switched it from safe mode to clean mode and back to see if that would reset it. Curiously the summary window continued to show it in clean mode. Clicking on the link in the summary window, the bar showed it to be set to safe mode. Moving the bar to clean mode and back again to safe mode refreshed the summary page correctly. Also appears this stopped the pop up warning about still being in installation mode…

[attachment deleted by admin]