Thanks for the answer.
Let me know if is my PC issue or an issue in CIS.
For now I need keep ARP spoofing disable and i don’t understand if I have an issue and a risk on my PC or is just CIS that with wifi create issues with this option enabled.
Do you tested also in the WiFi?
If yes do you have any suggestion for resolve the issue I have?
I tried also to remove completely CIS and reinstall but same issue.
@infosec why use a beta version?
The stable should work. I don’t wanna remove the stable to install the Beta or at this time I was using the version 2024
All my PC that i have at the moment are production.
I can try maybe the Beta… I’m sad to be unable to fix the issue in the stable… and if the issue is the PC?
But the PC is clean i made a full scan no issues…
I have just this issue with the Comodo Firewall.
Yes we tested with wifi.
Are you using any other security software other than cis ? If so kindly disable the other software and check.
If not disable all the components in Cis one by one and restart the pc. Then turn on all components and check.
Still the same issue also with the beta 2024.
The question is: why only one PC, same software that the other one… and why the operative system is locked. I tried to disable, reinstall, etc but nothing works.
Out of curiosity, are you using Comodo’s DNS one one system and not the other? You get the option which is ticked by default to change your DNS settings to Comodo servers on installation.
Go to Network & Internet in settings then Wifi and Hardware properties and see if it’s sent to Automatic for DNS or Comodo’s DNS IP Addresses.
I found that the issue is not present if I use LAN.
If I attach the LAN cable to the Notebook, I have no issue surfing with ARP protection.
As soon i remove the cable and use wifi the ARP spofing cause issues.
I tried also to disable this on the Notebook but on or off seems doesn’t make difference.
Wifi use comodo DNS now i set DNS to get automatically but connection still be slow in wifi with ARP spoofing protection active.
Thanks for the advice. So, based on your message you think can be my Wi-Fi network issue?
So maybe an internal IP is ping my Notebook and CIS identify this as ARP spoofing but is normal that my Internet connection get cutted, stop to work because of this?
I suppose Comodo should block an attack not my Internet connection on that PC.
Also is strange that in the same network the issue is not present if Internet is taken by the LAN cable.
Hi @peopleinside I do not know if CIS anti-ARP spoofing feature, which is for preventing ARP cache poisoning, is (also) triggered by ARP packet flooding. Perhaps @C.O.M.O.D.O_RT can comment on this.
ARP flooding can certainly bog down the network, but normally that would not be limited to the wireless section of the network only, assuming they are on the same subnet as the LAN boxes. ARP packets are not routed, so they remain limited to devices on the same subnet.
Have you made sure your devices are “clean” and have you checked for possible network misconfiguration and/or inspected traffic with Wireshark as suggested above?
Umh I don’t understand much of network. Once downloaded the program ask to install other plugins so I stopped… Also I’m asking why only on WiFi this issue… the network is the same of the cable.
Big problem with the ARP function for me also with Comodo CIS.
It’s Amazon’s small air quality monitor that triggers it. (Amazon Smart Air Quality Monitor)
Comodo CIS does not intend to disable this security only for a particular IP address on the LAN or WAN network, so either I get lots of ARP alerts or I have to completely disable this feature.
There is really no benefit to enabling anti-arp spoofing when you are connected to your own home network. You could have it enabled if you connect to untrusted networks, and even then it may be useless unless you are actively being targeted with a MitM attack.
But if you want to know why you are having issues with it when you are connected via wifi, you need to provide wireshark packet captures by saving a packet capture with anti-arp enabled, and another capture with it disabled.