I just downloaded comodo firewall. It says new private network detected each time I start my computer. This message also says to name the network and decide if I want to trust other pc’s in this network. I have no idea what to.
There are boxes that I can click that say:
I would like to be fully accessible to other pc’s in this network (how am I supposed to know?)
and
Do not automatically detect the new networks.
Can someone please tell me what to do? I have searched the faqs and have found similar posts but all seem to have a different twist so I decided to post my own. There is no ip address shown in the message. I think there was at first but since I have closed the pop up multiple times without answering it doesn’t show up anymore.
If you have a single PC and the IP Address you see in the pop-up begins with 169.254…
Don’t worry, it’s not a problem. This usually occurs when your PC cannot connect to a DHCP server to obtain an IP Address.
In this situation a process called Automatic Private Internet Protocol Addressing (APIPA) kicks in an issues an address from the range 169.254.0.1 through 169.254.255.254. Because CIS has not seen an address from this range before, it believes it’s connected to a new network.
If your PC is on a LAN the address might begin with 192.168…
Please identify the address and let us know.
You can disable the prompt for new networks under:
Hi Quill. There is no ip address given in the pop up. See the last two sentences of my first post for a bit more detail on this.
Maybe this will help. I was getting a second pop up at the lower right hand of my screen for a while that said something about a system trying to access my netwrork. The pop up said something like this: system is safe . . . but another computer is trying to access your network, if you are not sure what to do, you should block this. If I remember correctly, this pop showed a 192… number.
I also ignored this pop up several times as well since I didn’t know what to do and it must have given up on me because I no longer get it.
@ Quill I Join with you and appreciate our delima. I am there with ya.
@ Wolf2 This is a good opportunity, if you are willing to do so, to set out procedures for folks newer to this commodo/firewall>>networking process. It would be a great “how to” opportunity for all.
Are you on a LAN with other PC’s. If so what IP Address range do you use?
Open CIS from the system tray, go to Firewall/Common Tasks/My Network Zones. Make a note of any zones you find there and post them here. You can ignore the loopback Zone.
@Diligent
I posted a couple of links in your other post. I’ll make a stick with some extra detail a little later.
OK. Please forgive my computer dumbness. I’m not exactly sure what a LAN is but I can tell you this. My apartment has 2 people in it and we both connect to the internet wirelessly through a modem/router.
When I have had to play around with setting this connection up, I entered the following number 192.16 . . . with a few extra digits in my address bar. Is that what you mean by IP address?
I don’t see any zones aside from the loopback.
Thanks.
ps way to put a positive spin on things diligentinquirer
Hi, as you are both using the same router you are both receiving an IP Address in the same range, therefore you could be considered as being a part of the same LAN (Local Area Network)
CIS will have detected the IP Address issued to your computer via DHCP from the router and will have recognised this a new Network. unless you have somehow blocked this feature it should reoccur every time your PC is started.
I suggest you try a restart first and if you receive the prompt allow it. Alternatively you can manually add the address range as a new Zone in My Network Zones:
Open CIS from the system tray, select firewall/common tasks/my network zones.
Click add and select New network Zone. Give the Zone a name something like Home etc.
Right click on the new Zone, click add and select An IP addresses Mask.
In the first box enter the start address in the second add the subnet mask, something like:
192.168.0.1/255.255.255.0
You can probably get the exact information from your router or you can post the address from your PC here and I’ll tell you. These are private ip addresses and not accessible on the Internet.
OK Thank you. I restarted and just allowed it. Then I went to my network zones and it showed up with IP in [192.168.0.67/255.255etc] Should I be concerned that my actual IP address as I understand it ends in .0.1 and not in 0.67?
I would think 0.1 is actually the address of your router (gateway) and 0.67 is your PCs address. However, the entire range is covered by the Net Mask, so you should be fine.
OK. Thank you Quill. I have 2 more quick questions and then I’ll be done. Each time I clicked on start<network in an attempt to find my real IP address, I got a pop up saying svchost.exe is trying to receive a connection from the internet. The popup said it was safe so I allowed it. It also said if you are unsure what to do then don’t allow it. Is it OK that I allowed it?
Also, can you tell me how to find my real IP address? There is nothing on my router. I have windows vista.
I’m not sure why you were getting the svchost alerts, however, if you take a look in the firewall logs you should see some entries that relate to these prompts. If you post a screen shot I’ll be able to determine what was happening.
To gather information regarding your IP configuration do the following:
Open a command prompt and type ipconfig /all [Enter]
This will show you what you need to know.
Please feel free to ask as many questions as you wish.
Thanks for your consistent replies. I just want to know your opinion on the safety of svchost.exe. I haven’t a clue how to make or send a screen shot of the pop up or I would but I’m certain it didn’t say much more than I already stated. Come to think of it, I think it listed my IP address. Anyway, since it kept poping up directly after I went into the start area and clicked networks ( a pretty begnign action) I think I can assume it wasn’t a big threat.
Also, going back to that range of the net mask isn’t 192.168.0.1 outside of the range 192.168.0.67/255.255etc since .1 is less than .67?
Svchost.exe is pretty essential for a lot of network communication and the default rules pretty much allow it to do what it has to. The alert you received may well have been generated by some communication between your PC and the router.
If you want me to take a look, here’s a tutorial on how to take screen shots:
Any given range of available IP addresses is governed by the Subnet mask. The process of calculating the number of subnets and their respective IP addresses is beyond the scope of this short answer. That said I can pretty much assure you that with the information you have supplied, you are covered:
On a Comodo install usually two of the first pop ups one gets is “System is trying to receive a message from an unknown computer”, or words to that effect and a similar one in regard to svchost. I have used Comodo for several years and have always believed that both System and Svchost should be set to the “Outgoing Only” setting either in the pop up box which appears with the message or in the Firewall Rules option.
For new users there is also a very good set up tutorial by Kyle in the Guides section of these forums which I believe is still relevent. Remember also to set Firefox and Internet Explorer as Web Browsers. Other than that the default settings work fine.
To Quill: Thanks for the screenshot links. I’ll take a look at them when I get a chance. What exactly do I take a screenshot of though? I no longer get the pop up because I accepted it.
As far as the range is concerned your explanation makes perfect sense and I trust you but since I’m a little OCD I have to at least make sure you are noticing that my network range is different than the one you posted in your last post and seems to be less inclusive.
To Bluesjunior: Yes. Those are the first and only 2 pop ups I got. How do I get to the Firewall Rules option to do this? Or is it explained in the tutorial? I’m off to follow Kyle’s advice.
To Quill: Thanks for the screenshot links. I'll take a look at them when I get a chance. What exactly do I take a screenshot of though?
All we were interested in really, was making sure the alerts for svchost.exe were nof for anything they shouldn’t have been.
Usually, when an alert is generated a corresponding entry is captured in one of the log files. So, by taking a screen shot of the log entries related to the svchost alerts, we can see what they were doing.
The log files can be found by opening CIS from the system tray, going to Firewall/Common Tasks/View firewall Events.
Once open, click on the ‘More’ button at the bottom and you’ll also have access to the D+ and AV logs.
As far as the range is concerned your explanation makes perfect sense and I trust you but since I'm a little OCD I have to at least make sure you are noticing that my network range is different than the one you posted in your last post and seems to be less inclusive.
I’m not certain I completely understand? Did you check the details with the ipconfig /all option I posted, if so what were the details?
I’m just referring to the fact that when I go to my network zones in comodo, the ip range under "my local network #1 that comodo assigned for me is: 192.168.0.67/255.255.255.0
Yet the range you keep mentioning is: 192.168.0.1/255.255.255.0
The details for the ipoconfig show my Ip address as 192.168.0.67
Then it says default gateway which I assume to be my router as 192.168.0.1
So I was concerned that the router seems to be outside of (lower than) the range that comodo has set for me.
Also, when I go to view firewall events, the is nothing there.
The address CIS found and based the new Zone upon was the address issued to your PC at the time CIS was started.
Think about it this way. If you take an IP address, for example 192.168.0.0. and apply a subnet mask of 255.255.255.0 you effectively end up with a single subnet (for simplicities sake read LAN) that supports 254 individual hosts (read PCs).
in this scenario the first available address would be 192.168.0.1 and the last available address would be 192.168.0.255 (this last address is reserved for local broadcasts and therefore not issued to clients)
In most situations where a (home)router is acting as a DHCP server (A server the issues IP addresses to clients upon request) it uses the IP address range mentioned above, typically taking the first address (192.168.0.1) for itself, then allocating IP addresses from the remainder (192.168.0.2 - 192.168.0.254) Any device with an IP address within this range on the same subnet is valid.
If you wanted, you could modify the Zone information, replacing 0.67 with 0.1…
Go Firewall>Advanced>Network Security Policy>Application Rules. Then right click on the entry for svchost.exe or system.exe and in the box that appears choose edit and uncheck the custom rule and choose outgoing only from the predefined drop down list. Then OK your way out again. You can also set your trusted security scanners SAS, MBAM, Spywareblaster etc to trusted applications in this way. Another good tip is to use the purge button in both Firewall and Defence + to keep your applications list from being cluttered up with uninstalled programs etc. Just click Purge and delete whatever appears on the list. You want to have it telling you All Programs are Valid.
To Quill: OK, Thanks. I at least get it enough not to worry about it anymore.
To bluesjunior: I was able to set svchost to outgoing only. Why did I need to do this? What does setting something to outgoing only do? Do I do this cause I should be worried about more svchost stuff coming in?
I did not see any of the many trusted security scanners that I currently use in this application rules area. So if I find them do I set them to outgoing only (Is that what you mean by setting them to trusted applications?) I did see something related to alwil (which is avast) Should I set this one to outgoing only too?
Also not sure how to set firefox and IE up as web browsers.
I just want to know your opinion on the safety of svchost.exe. I haven’t a clue how to make or send a screen shot of the pop up or I would but I’m certain it didn’t say much more than I already stated. Come to think of it, I think it listed my IP address. Anyway, since it kept poping up directly after I went into the start area and clicked networks ( a pretty begnign action) I think I can assume it wasn’t a big threat.