I hope it gets better

well I gave Comodo firewall a fair shake IMO, it’s gots some flaws in it that need fixing. so I will try comodo firewall out again, but I don’t think it’s quite ready for prime time. here are the issues I ran into.

  1. continuously blocking MSN Messenger even with a rule properly set.

2.If I set it to the same settings as Windows XP firewall I run into no problems other than it still won’t allow me to update my AV.

  1. doesn’t alert you on every net connection coming from the machine. I never even recieved an alert for my AV to update. You need to check what it going on when it comes to Avira AntiVir. The steps I took to fix this would not work. Uninstalled both Comodo and AntiVir, reinstalled comodo first then reinstalled antivir, same results, would not update let alone even see the step to update it.

  2. While browsing the web, I constantly got a “could not find server message” on my browser both IE and FF, causing me to refresh each time I went to a site then it would load with no problems.

  3. The process for setting firewall rules is clunky at best, and is hard to understand, I don’t have time, running my own business, to constantly monitor whether or not the firewall rules need to be adjusted for a new program, plus some programs use more than one port or IP address, which is the case with AntiVir.

I will check it out again after the new version is released, but at this time I must be productive, and I can’t be with the current version of CPF.

  1. MSN Messenger is working just fine here. What rules do you have? And what does the log in the firewall say?

  2. And what does the log in the firewall say? What rules do you have set for your AV?

basically it says the same thing over and over again.

they are all being blocked by Rule ID #5

Rule ID #5 is a default rule created at time of installation.

Block and Log IP IN or OUT from IP {any} to IP {any} where IPPROTO is any.

If I removed this rule or set it to “Allow” I might as well be using the Windows XP Firewall. The biggest problem with the rule for the AV is that for some reason it’s being routed to different IP addresses that aren’t even related to the AV. It’s not the AV software thats doing it, because when I have Comodo uninstalled it updates without even thinking about it. So Somewhere Comodo is messing up.
I don’t have time to mess with it anymore. a week of not being able to automatically update my AV or contacting out of state clients using MSN costs me $$$, I work on computers and Web Design for a living, I can’t waste time trying to figure out what I need to change in my rules to fix it. I have confidential information on this machine dealing with clients that I just can’t take the risk on compromising as well as “net meetings” that deal with deadline specific issues that I can’t miss waiting for the computer to reboot and hoping that MSN will work properly.

Sorry you’ve had such a rough time, Dragon. I understand that you don’t have time to jack with it; nonethless, I will briefly address the issues you’ve brought up.

  1. With a proper ruleset (combination of Network and Application) Messenger WILL work properly.
  2. Not sure how you can “set to the same settings” as WinXP FW, since they do not work in the same way (ie, no outbound protection on XP FW, for one thing).
  3. Network Monitor has preeminence. If an application (allowed or otherwise) is trying to create a connection in a way that is not already allowed by Network Monitor, NM will block it. CFP does not alert the user to blocked connections. Provided you’re logging, it will be in the logs.
  4. IF CFP is blocking some aspect of the application connecting, it’s because your ruleset does not allow it. With CFP, applications are prevented from connecting in any way other than as defined by the user.
  5. The process is very different as compared to other firewalls, I agree. I personally don’t find it clunky, although at first it was a little difficult to grasp the higher concepts of it; however, I quickly realized it was far superior in its methodology. Here’s a good place to start, to help you understand this FW. https://forums.comodo.com/index.php/topic,6167.0.html

We will be happy to work with you on all these issues if you want to take the time to do so. No insult intended, but I can pretty much guarantee you it’s a configuration issue. Also, I noted that in your post about the AV update issue, you had responses, but have not followed up on those in several days; I wish you had, as that might’ve already been resolved. :wink:

LM

tried them, to no avail.

AVnotify was not blocked

the thread I was pointed to did not do anything, I had found that previously when looking for a fix to this originally.

those are the only two bits of help I got, and it did not resolve the issue.

Panics answer was totally useless because it doesn’t give any ideas on what to do other than change the ruleset settings, which I already knew needed to be fixed. Then there is the issue that I never received a notice that the software even wanted to connect to the internet for updating. this is a critical process.

Every firewall I have ever used, even the paid for versions like Outpost, KPF when it was owned by Kerio, and others have asked every time a program tried to connect to the net. This is an important part of outbound protection. If you installed a new firewall and some nasty was in the system already, then being prompted when the software is in Learn mode helps you identify what could potentially be a problem program so you can remove it.
The only programs I ever received a prompt on was ones that I knew i had installed like Icechat, Dreamweaver, Firefox, Adobe Flash etc…, i never received a connection notice for googletalk, yahoo, MSN messenger, AntiVir update and a few others that I have that needed access to the net. The logs told me what part of the software was trying to connect, source IP, destination IP ( which is how I found out that the Ip address trying to be contacted for the update was incorrect), and what rule was being applied to either block it or allow it.

I don’t mind fixing the rulesets and trying to get the software to work, but after a week of trying to fix this issue without success is too long. I’m not a person who can spend countless hours trying to get my software to work the correct way. I’m not asking for the software to be “dumbed down”, but this is a serious issue that needs to be corrected if CPF is to outclass it’s competition. They need to have every program be notified on after the restart when in learn mode, not just ones that are not in the whitelist created by CPF on install. not to mention the fact that the whitelist consisted of 4 programs, Firefox, Googletalk, MSN, and my Weather notification software from my local tv station. This was after I had the firewall go through and detect all software components on the machine, that clearly defined that they were to connect to the net. I had even tried to set the specific IP address for AntiVir to update and it still was blocked.

I don’t mind trying to get this to work, and I will try. I had previously read your tutorial on the ruleset creation, and it’s easy to understand, however upon trying to create the rule for AntiVir to update, the firewall became a complete block, it skipped over the rule I had set and went right to Ruleset ID #5, which at that time had become #6 because I had made sure that it stayed at the bottom of the list like it is supposed to. I had to uninstall CPF and reinstall it just to get it to work again. removing the ruleset and rebooting didn’t fix the issue. I had even tried to set the specific IP address for AntiVir update and it still was blocked.

A few things to keep in mind…

  1. CFP does not have a “Learn” mode on startup. I realize a lot of FW’s do; this one does not. The only “learn” aspect of it comes in the Component Monitor, wherein it requires no user interaction until the mode is changed to “On” (which would be recommended after the majority - if not all - software that connects to the internet has been run in that way).

  2. CFP does not change in any way, the IP addresses to which your software is connecting/attempting to connect. It has no control or authority over that. Not sure what the deal is with Antivir; when you were told it did not connect to the IP address you saw, was that by an actual Antivir rep, or another user? Also, did you check the IP address to see who owns it?

  3. CFP has a safelist (encrypted), which by default is enabled. If an application is on it, you won’t be alerted for that application. If you also run the Known Application Wizard, rules should be automatically created as needed, in the Application Monitor. While related, these two things are also separate. Can’t explain that easily. Safelist will be a LOT bigger in version 3.

  4. After changing rules, it is good to (at a minimum) stop & restart the firewall GUI, to clear memory and reset the changes. I have found it efficacious (especially w/network rules) to reboot.

  5. When you’re having issues, before uninstalling, try changing the Security Level to Allow All to see if the connection is successful. If this works, it guarantees there is a rules problem. 99% it will be Network; the other 1% will be Application (in general).

In closing on that, it sounds like there are other issues going on. When you installed CFP, did you have ANY active security programs - AV, AS, HIPS, Registry Guards, etc running? I have seen a number of times where these in some way interfere with the installation (since CFP goes deep in the core) and things end up just not working right, for no apparent reason. It’s best, IMO, to temporarily disable such apps b4 starting the install (or at least their active/real-time modules).

I’m sorry you didn’t feel that you were getting any help from panic. I know his first response to you keyed on the malformed network rule; that’s simply because he saw something that was a sizable security issue. He is very knowledgeable and would definitely be able to help you with the problem at hand. We sometimes key in on a different issue than the user brings up, if we see something serious; and in a lot of cases this is indicative of other issues that need to be addressed first (wherein the user has completely trashed the firewall in trying to configure it the way they think it should work - no offense intended to anyone). While CFP can very easily be a “set and forget” firewall for the average user, it has a level of complexity to it that confuses even experienced users; I think because it is so drastically different than what everyone is used to.

We are definitely here to help you with any issues/problems you have. This thread is not the place for that, though. Post in the Help forum, and we’ll be glad to do so. All the Mods are volunteers, so we’re not all logged in all the time. Comodo Staff usually lets us handle things without getting involved, unless we request help or they see we need it (or it’s a specific issue they’re trying to resolve). AntiVir will work; it works for others, it will work for you. I’m confident of that! :wink:

LM