HELP Needed!! In dispair! limited or no connectivity

Hi there

Installed today Comodo Firewall on a wireless laptop. I have a router with DHCP server. After several intallations, in basic and expert mode, I can never get access to the network. I have a safe zone with the accurate IP range, the 2 extra network rules for that zone, setted skip loopback TCP, svchost allowed. Everything I found in the forum. Still, no connection. It halts when renewing IP address to a “limited or no connectivity”. If I Repair, same thing happens.

Log is empty btw.

Please Help!

Thanks,
JNV

Ok, I am assuming you mean there are no entries in the log at all. Go to the bottom rule, which should be the BLOCK ALL IN/OUT rule, and open it up and check the checkbox where it says “Create an alert if this rule is fired”. This should list anything that is getting blocked in the log.

jasper

Thanks for your reply.

I made sure the rule was logging (it was by default). This time I had 2 entries, related to 2 warnings when the wireless device was trying to aquire the address:

Date/Time :2006-12-23 19:31:31Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (svchost.exe)Application: C:\WINDOWS\system32\svchost.exeParent: C:\WINDOWS\system32\services.exeProtocol: UDP OutDestination: 239.255.255.250:upnp-mcast(1900)Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2006-12-23 19:31:28Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (svchost.exe)Application: C:\WINDOWS\system32\svchost.exeParent: C:\WINDOWS\system32\services.exeProtocol: UDP OutDestination: 255.255.255.255:bootp(67)Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

I allowed both.

Same thing happened… I have to uninstall Comodo in onder to get network access again. Allowing all traffic isn’t enough.

Make these 2 rules:

ALLOW-check the checkbox
UDP
OUT

SOURCE IP: any
DEST. IP: 255.255.255.255
SOURCE PORT: any
DEST. PORT: 67

and this rule

ALLOW - check the checkbox
UDP
IN

SOURCE IP: 255.255.255.255
DEST. IP: any or your IP address
SOURCE PORT: any
DEST. PORT: 68

Once you add these 2 rules to the top of the rules list in Network Monitor then right-click the connection icon down in the system tray and choose “REPAIR”. If something else shows up in the log as being blocked then you can make a rule for it or post it back here for someone to help you.

The 1900 port being blocked is Windows Upnp checking for other devices on the network(printers, etc…). This normally isn’t required to connect to the network so we won’t worry about it for now.

jasper

sorry… didn’t work… not a single extra line in the log… :frowning:

The previous messages are from the Application Monitor catching software and not from Network Monitor.

Try enabling all of the rules for logging because it might be denying access on OUTBOUND ports and the block messages aren’t being seen.

Once you get them changed to enable logging then do another repair on the wireless connection. Also clear the log before you do the repair so you only see entries from this instance.

Post back what you find out from the log. Hopefully something will show up in the log this time.

jasper

Sorry… No lines ever in the log… Could it be something about wireless connectivity? In the connection properties I get 0 bytes sent and 0 bytes received. The strange part is that I have to uninstall Comodo to get connection back. Killing the process doen nothing… I’m starting to think my system has something against Comodo… :cry:

G’day,

Can you just try one thing for me?

Can you check if it still doesn’t work if you assign a static IP address to your wireless network card?

To check what address you should manually assign, click START - RUN and type in CMD. In the DOS-type window, type IPCONFIG /ALL. This will show all parameters for the installed network cards. Find your wireless adaptor and write down the IP address, the subnet mask, the default gateway and the DNS servers. Enter these details in the TCP/IP properties of your WiFi card and reboot the PC.

If it does work with a static IP, then the fault lies in how CPF is blocking DHCP.

If it doesn’t work, we’re back at square one, but have ruled out another possibility.

Hope this helps,
Ewen :slight_smile:

I have same problem… :frowning:
My laptop can’t get valid IP address from the router (after 1min it get this ip: 169.254.156.188)
→ the network is not working, even I go “Allow all”-mode or even if I shutdown the comodo (kill from taskmanager)!!! The only cure is uninstallation of comodo.
I remember that first time when I tryed comodo (long time ago) the result was the same…

  • then I tested this app whit my desk-pc → same result (and the adsl box was connected directly to my pc)
    And now I noticed this new beta and same pain continues!

Anyone help? Tomorrow I try comodo in my desk-pc, but I dont expect much… :frowning:

Specs:
-Comodo Firewall 2.4.9.126 Beta

  • Intel PRO/Wireless 2200BG integrated (Intel P-M 1.6GHz / Intel 855GME)
  • avast! antivirus software v4.7
  • Buffalo WHR-HP-G54 & TeleWell EA200 ADSL
  • WinXP Pro + latest updates & drivers

I had a very similar (same?) problem that was just resolved here:
https://forums.comodo.com/index.php/topic,4924.0.html

Check your application monitor rules for any svchost.exe entries and delete them.
Run the “Define a new trusted network” wizard and select your host machine’s ethernet adapter as the “zone” to trust.
Create the two application monitor rules that AOwl specifies in the above post. Note that for me it was not sufficient to specifically allow svchost.exe to communicate with 255.255.255.255 on port 67 (which is precisely what it needs to do to renew the IP address) which seems to be the same experience you had.

I tried to set those rules, but no good… As I said: there is no activity in my lan when Comodo is installed, even I use “Allow all”-mode or the app is unloaded. → After I uninstall Comodo the internet works!

It doesn’t help if I set manyally the ip, dns, etc. to my wlan connection (the values are the same as when the comodo doesn exist in my computer = when the net works). Traffic is zero to both directions (packets).

No comodo in the system:

http://www.freeimagehosting.net/uploads/th.e76340012c.jpg

Comodo installed, WLAN software acquires settings
automatically:

http://www.freeimagehosting.net/uploads/th.5c98bf10c4.jpg

User defined settings to connection (same settings when
networks were working = no comodo in the system):

http://www.freeimagehosting.net/uploads/th.0d5cce80b6.jpg

And I noticed this thing when acquiring:

http://www.freeimagehosting.net/uploads/th.6b198c6de9.jpg

→ Why the DHCP addres is like that? My router address is 192.168.11.1, should it be that? I didnt found any place where to set that DHCP address.

Any help?

Hi,

You could try the following

  1. Go into security/advanced/miscellaneous and un-tick “do not show any alerts for applications certified by comodo”.

  2. Make sure your network rules allow all connections types (IP/udp etc) in + out of your trusted zone, udp in + out to 255.255.255.255 and IP-out to any (I suggest you log everything in network rules except IP-out to any & IP-in from your trusted zone).

  3. Repair your connection again, and see what alerts / logs you get. When I did this I added the following app rules (yours could be different, I guess)

app / parent / destination (port)

svchost / explorer / UDP in/out 255.255.255.255 (67)
svchost / explorer / UDP in/out trusted zone (any)
svchost / services / tcp/udp in/out any (any)
svchost / svhost / tcp/udp in/out any (any)
system / system / tcp/udp in/out any (any)

Note: if I remember correctly the alert that triggered rules 1&2 said explorer using services to use svchost.
Note: if anyone thinks any of these rules compromises security, let me know…I’m not an “expert”!!

  1. Once this is done go back and ticked “do not show any…” to avoid having a load more alerts. Do this on all computers on your network, if you have more than one.

  2. Re-boot, just incase !

This seems to have sorted my own wireless connection problems (so far! :)). And at least you get to see what’s going on.

btw: my router has “forever” as its lease time for IP addresses.

Good luck!

If you’re still not getting anything in your CPF log files, make sure logging’s turned on: Both for your network rules (by editing the rule and checking the box for “Create an alert if this rule is fired”) and for popups (go to Security/Advanced/Miscellaneous, make sure the top box is checked, for “Enable Alerts”, then click OK). (while you’re there, you can also move the Alert Frequency slider up to High or Very High to generate more alerts)

If this doesn’t give you some log entries to help you figure out what’s going on, and you’re still having trouble, you may try the following:

Go to Security/Advanced/Application Behavior Analysis, and uncheck the box “Monitor DNS Queries.” Then click OK.

Hope this helps you out,

LM