Can you put CIS in Game Mode and try again?
Hi Ronny,
even to game mode FrontPage do not connects and no news in event list.
sorry
Firewall in Training-Mode then?
Hi Ronny,
I am very sorry, but even in training mode we have no connection and no event in list (with and without the special global rule).
Thanks
Can you switch Security profile to Firewall and try again?
it’s a “clean configuration” see if that helps, and if not can you export your current config so I can verify it?
Excuse me, but I do not understand what I should do?
After the training mode test, I switched again to safe mode.
Thanks
Sorry,
If you go to More, “Manage my configurations” you can switch the active profile from Internet Security to Firewall to test, and after the test you can switch back from Firewall to previous (assuming default = Internet Security).
You can also “Export” the configuration there.
Please don’t attach it to the forums as it contains to much details, if possible send me a PM on how to exchange.
I verified your configuration, and it seems you have blocked several Windows processes.
I’m not sure how FrontPage works but it could be that this killed the connection.
Can you please retry with a complete default install and not block any Windows processes and see if the problem still exists?
Hi Ronny,
how I can distinguish between a Comodo message telling about a Windows process (and a potential attack danger) and a real attack danger?
Thanks
If you run default CIS it should not alert you for FW actions on windows processes…
Do you mean you have alerts after install for lsass and system etc?
I get several messages about potential attack dangers on first days after Comodo installation. In some case I know the executables involved and I do not block them, but in other cases I am not able to understand the real nature of danger and, for security, I do block.
Hi Ronny,
I made a new Comodo installation then I tested FrontPage without/with the special global rule (the global rule was ENABLE TCP/UPD IN/OUT ANY log). The result is again no connection for FrontPage and only a log in eventi list:
Ah it seems that FrontPage isn’t connecting the FTP Session it’s the ALG (Application Layer Gateway) Service.
We can do 2 things here, disable the service if your not using Internet Connection Sharing or setup the connection to allow FTP for alg.exe.
Can you add c:\windows\system32\alg.exe to the Network Application policy and set it to Trusted
See what that brings.
I’ll remove the screenshot as it seems to contain your public IP it’s better to “blurr” that the next time to prevent people from using it for ban purposes.
Hi Ronny,
I added alg.exe as Trusted in Network Application Policy (Firewall) and in Computer Application Policy (Defense), I tryed either without global rule and with global rule but the result is the same to precedent.
I do not reboot PC every time I add/modify something in Comodo.
Thank you very much for patience.
PS: if Internet Connection Sharing service shares internet connection to other PC on LAN then I cannot disable it.
Well this could be a bug in combination with Frontpage and CIS.
I would opt to change the Frontpage behavior to Passive FTP that would be the most stable way to fix things. It won’t change anything on how you manage the site, it just uses a different method of FTP to transfer the files. As I don’t have Frontpage 2003 I can’t setup a test here to see what else could help you out.
Dear Ronny,
I checked “Passive FTP” in the website configuration, but unfortunately the result is the same, without/with global rule. There is only a little difference, because this time I can see the list of files to update on server (I never seen it before), but at last I get a FrontPage message telling about a webserver not found on Port 21.
Thank you very much again.
[attachment deleted by admin]
Can you verify the Firewall Logs again to see if anything matched and or blocked?
Can you try to do following steps:
- Check if there is any rule Application rules for system and svchost.exe and if exist- remove them.
- Set FW alert frequency level to High (Firewall->Firewall behavior settings->Alert Settings)
- Set FW to Training mode
- Reboot OS
- Set FW to safe mode
- Try to use FrontPage
- If all ok, clear your Firewall Application rules that have been created during reboot in training mode, except the rules for System and svchost.exe
Serg
Hi Serg,
I followed your steps, but FrontPage not connects again.
I do not see any new Firewall Application rule
Still I have FW alert frequency level to High
I tried even with a global rule (at first position) enabling TCP from source IP and source port 20
Thank you very much for attention, I consider Comodo suite a great software.
Hi Serg,
I have attached a screenshot of how the Passive FTP is handled.
I think the state keeping won’t like this behavior.
The FTP connection runs over alg.exe (Application Layer Gateway) to the FTP server on TCP21
But the FTP data-channels are handled by Frontpg.exe…
[attachment deleted by admin]