Installs But Can't Do Anything On Net [RESOLVED]

Hi lashf. Unfortunately your log is corrupt. Could you post it in HTML please.

Despite corruption, it appears that you denied on a lot of alerts that popped up from actually all 4 monitors: Application, Network, Application Behavorial, and Component.

The one that might hinder your internet access must be related to at least this one entry:
Application:* D:\WINDOWS\system32\svchost.exe

That being the case, you must realize svchost.exe should not be denied internet access. Instead, if you allowed on such alerts, what would be the outcome?

And yes, we do need a working log as Toggie requested in order to fully see what events transpired.

No sir, didn’t deny anything that was presented to me. “svchost.exe” was never presented. I edited the log to remove any references to my address, so I’ve attached a log file in HTML format.

So should I allow svchost and what sort of rules do I include and under what conditons could this have not popped up an alert?

OK guys, don’t give up on me yet!!

Thanks.

[attachment deleted by admin]

You gave up on me!

Nope, just that I didn’t know how to interpret your entire log :-[. I only know that this entry is the one that’s out of the ordinary:

D:\Program Files\Mozilla Firefox\firefox.exe contains 7 components to be approved → There were 2 other members who had the same type of log entry, but since I don’t use Firefox or the Component Monitor, I don’t know what it could be.

The other thing that caught my attention is CFP is installed on the D: drive. Some have reported to have issues with installing another drive or path other than the default C: drive.

But the last entry is what I believe directly blocked your internet. According to the log you denied an ABA alert related to svchost.exe and services.exe, both of which are vital system processes.

Any clues, Toggie and gang?

Hi lashf

Maybe you could post a screenshot of your rules. I think that it may be easier to figure out from that.

John

Some observations:

Loopback for firefiox seems to be being blocked.
Your blocking NetBios Datagrams (port 138) on what appears to be your local LAN
firefox seems to want to load numerous dlls, which are being blocked and hence will prevent firefox from connecting.
DHCP may be an issue, according to that last log entry.

Post the rules lashf :slight_smile:

Yes, for the Application Monitor screenshot, please maximize CFP gui first.

Thanks for all the help.

I had to uninstall it again to use the net so I’ll reinstall it and take another run at it.

I noticed the dll’s being blocked but I believe not long after I sent the log file, those dll’s were approved without me taking any action but still no net.

I didn’t think it was important so I never mentioned I have a dual boot system. 98SE on the C drive and XP on the D.

As for the ABA and DHCP (don’t even know what those are) alerts, I didn’t block them. In fact I didn’t block any alerts. Not very many to begin with: FF presented some, AVG and my email checker were all approved but other than those I don’t think I got any alerts. Is it possible svchost and services were blocked without my knowing about it?

I’ll reinstall it tonight and get another copy of the log and take a few screen shots and send those.

You help is really appreciated. I was afraid you guys abandoned me. Thanks again.

That’s what I was suspected and afraid of: no alerts yet things were still blocked. This is definitely not usual, especially since you just reinstalled in Safe Mode. Have you ensured that there are no previous traces (files/registry entries/hidden devices in Device Manger) of other firewalls on your computer and/or CFP when you last uninstalled?

Ok I see now why you had to install on D: drive due to OS incompatibility with 98SE.

As I recall, you mentioned that disabling CFP didn’t help either. Disabling as in Adjusting the Security Level to Allow All? What about creating a Trusted Network in the Wizard? I believe this pc is networked with the others.

ABA is Application Behaviour Analysis. It’s part of CFP and is used to monitor various interactions between applications.

DHCP is Dynamic Host Configuration Protocol and is used to obtain an IP address from your ISP. Blocking this will prevent you from using the Internet.

I was afraid you guys abandoned me

We wouldn’t do that :slight_smile:

I used the uninstall program (that I downloaded from here) to remove traces of CFP and searched the registry for anything related to my old firewall. In addition, before I reinstalled CFP, I scanned for viruses with AVG then used AdAware and Spybot S&D to check for bots and malware and found nothing with all three. Then installed CFP in Safe Mode and it made no difference.

Nothing in Device Manager that shouldn’t be there but I’ll check again. How does one find hidden devices in Device Manager?

I did set it to Allow All then closed CFP and neither worked. Couldn’t even get to the net with CFP not running. I didn’t create a Trusted Network because these pc’s are not networked. They are connected to a DSL router by wire.

Thanks again.

View menu > Show hidden devices > They’ll be under the Non-Plug and Play Drivers (also in other entries, but the others are usually irrelevant) → Be careful on what you disable/remove unless you know what each are!

Also wouldn’t hurt to check the Event Log (Start > Run > eventvwr)

Athough you did ran a winsock checking utility, I personally would run the XP’s internal command from the run menu: netsh winsock reset. Like I posted earlier, this just resets all your network settings (files & registries) to the XP defaults. If you go for it, a reboot is needed.

Another thing to try: reinstall your TCP/IP stack in Network Connections. This worked for a member before with a strange internet access issue. https://forums.comodo.com/help/frostwire_wont_load_resolved-t9903.0.html

Be careful with the netsh command, it will reset you to defaults. If you have any additions LSPs installed you will loose them

Even with wiki’s definition of LSP, I’m still confused. Is there a way to know if it’s on a pc like a collection of files?

That was interesting. Ran the uninstall program, then looked in Device Manager and found 2 entries belonging to Sunbelt so I deleted them. Installed CFP and same thing. So I ran netsh winsock reset and FF got to my homepage but then couldn’t get anywhere else and not even back to my homepage. Worked only once.

What sort of LSP’s might I have lost and what might I expect as a result of loosing any LSP’s?

You can use something like Autoruns from MS (Sysinternals) or Spybot Search and Destroy to list LSP’s. They can be installed by all sorts of Internet proggies.

This is really strange lashf. the fact you were able to connect is obviously a good thing, but why only once…

Anything in the logs?

There is also the possibility that the rule that was automatically created for Firefox is faulty. You may have to edit the rule to make sure that it is doing what it is supposed to do. For a tutorial on rule creation, see:
https://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/how_to_understanding_creating_network_control_rules_properly-t1125.0.html
For a backgrounder on Svchost.exe see:
https://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/why_does_svchostexe_need_to_connect_to_the_internet-t14464.0.html
You should check that Svchost is listed as a “Trusted Application”.

Is the only way you’re testing for connectivity using the browser? If so, try pinging a site from command line and see if that works. (you’ll of course have to allow the ping utilituy)

It’s still a no go. If you only reached your home page, it was obviously cached. Trel has an good point. Try pinging from the command prompt. e.g. Start > Run > cmd > ping www.google.com

If CFP’s default Network Monitor rules disables pinging out (anybody confirm this?), you’ll have to at least temporarily create an Allowed rule on ICMP.