Firewall only recognizes connections to ports 137 and 138

Hi, I installed Comodo FW several times. But after reboot it seems not to work correctly. I set the Firewall Security level to Custom Policy, but I’ve never been asked, when a program wants to connect to the internet. And the Active Connections windows is almost empty. The only connections listed there sometimes are to the ports 137 and 138, nothing else. My application rules are empty in the network security policy rules. My system is Windows 7 Ultimate (64bit), no other firewall is running. What I expect is a huge set of connections, when the browser and messenger are running, but Comodo FW shows no traffic.

Please make sure that there are no left overs of previously uninstalled security programs around. Not all uninstallers do a proper job. And left over applications, drivers or services can cause all sort of “interesting effects”.

Try using removal tools for those programs to remove them. Here is a list of removal tools for common av programs: ESET Knowledgebase .

Thanks for the list. I tried some of de-installers, but that did not solve my issue.

Another interesting thing might be, that after installation (and before reboot) the Comodo FW seems to work correctly. The “Active Connections” shows multiple programs the are connected to the internet. But after reboot my PC the firewall falls back to the status described earlier.

What else can I do? Is there a way to list all kernel drivers that influence the network traffic (or something similar)?

Please let Diagnostics run and see if it reports a problem or not. If it finds one could you attach the xml file it made zipped to your next post?

When the firewall reports for ports 137 and 138 that indicates that the inspect driver is running. Active Connections tends to under report to say it diplomatically. However it is strange that no alerts are shown for program when running Custom Policy.

Can you check that cmdagent.exe is running using Task Manager with “Show processes of all users” enabled?

I ran Diagnostics several times with the result “All fine”! (Once I experimentally unchecked the “COMODO Internet Security Firewall Driver” in my LAN-connection. Here the Diagnostic and Repair worked fine and restored the check again. But without improvements to my original problem).

The cmdagent is running well. Maybe I can kill the process to force a failed diagnostic run to get an xml-File for posting it here. Would that help?

As I know that ports 137 and 138 are for sharing files and printers in Microsoft networks I remvoved all shares of my PC with the result that now there are no connections displayed in “Active Connections” in Comodo.

And to say it clearly: No rule for disabling a program to connect to the internet is working (e.g. if I define a rule to block all traffic of my browser, this rule is not working). But this is an expected behaviour: If Comodo doesn’t see the connection (in “Active Connections”), it could not block it :wink:

I my opinion it seems, that the Comodos driver is located too late in the list of network analyzing drivers (maybe that’s a naiv view, because I don’t know, how the firewall is technically implemented). I had look at SysInternal’s LoadOrder-Tool (LoadOrder - Sysinternals | Microsoft Learn), but without success, because I do not know the dependencies between the drivers running in my system.

May be there is damage to your profile. Try importing a factory default configuration from the CIS installation folder under More → Manage My Configurations and activate it.

When importing the configuration give it an applicable name like Proactive Configuration Test for example. You then won’t overwrite an existing profile.

Let us know if that helps or not.

Neither activating “Comodo Firewall Security” nor activating “Comodo Internet Security” solved my problem. (Additionally to the above mentioned connections from port 137/138, I temporarily saw a single connection “IGMP OUT to 224.0.0.22” but nothing else. I think I have missed it before.)

I think there is some kind of interaction with another installed driver. Any preferred listing tool from your side or any other idea? Maybe this problem is present for a year now. I got the PC last October (2011) but I never did have a closer look to a working firewall. The Comodo firewall was installed right after the time the operating was installed. So maybe this fact can help.

Assuming a driver of another program is at least a bit slippy territory.

The next step would be to consider other applications that interact with networking and see if removing them fixes it or not. Think programs like Netlimiter for example.

When that does not bring any solace you can, as a last resort for end users ,check the left over Legacy drivers.This is a tricky exercise and start it with making a system restore point.

Here is the drill. Open Device Manager from the command prompt using the following two commands:
set devmgr_show_nonpresent_devices=1
start devmgmt.msc

Set Device Manager to show hidden devices under menu option View. Now look under Non Plug and Play drivers. You will see alist of drivers of which some of them are of Windows. So you need to be very careful when going through this list; hence my advice for a system restore point. You need to look up the name of the drivers one by one using Google and see what the drivers are for. I once found a left over driver of Norton this way on a friend’s netbook with performance issues.

If you don’t feel like the manual search for Legacy Keys then that is something I understand.

Anyway. If none of the mentioned solutions work the only thing left to do is file a bug report and let the Comodo devs take a closer look.