I got good news!!! I have just tested and the problem was in Application Behavior Analysis. I went into the Configure and UNCHECKED the “Monitor DNS queries.” The sites now loads at good rate and everything looks good. I assume that the problem lies in there.
Glad you got it working now (:CLP)
Nitr0x, I’m glad it’s working, but I wonder why you’ve seen this behavior…
Have you restricted web access for svchost.exe in some way, or destination ports for your browsers? DNS queries are normally performed by the system (using svchost.exe), to destination port 53. If the system is not able to resolve the sitename, the application may try to itself.
- Check all application rules to make sure you’re not limiting/restricting Outbound port access (ie, to Destination port)?
- Make sure you using the built-in encrypted safelist - Security/Advanced/Miscellaneous/Do not show alerts for applications certified by Comodo. Check, and OK.
- Re-enable CFP’s “Monitor DNS Queries.”
- Go to Security/Tasks/Scan for Known Applications. Follow the prompts; reboot when finished.
See if that works,
I have checked and the only restricting that I have is that I believe it came with default firewall settings and it’s Under Network Monitor > Block Protocol IP IN/OUT with logs. Source: ANY Destination: ANY, Criteria: WHERE IPPROTO IS ANY. ID= 7
svhost.exe never came up as a rule, so i didn’t block it. I believe it works normally.
I do have some logs, which shows some blocking which i don’t understand:
Date/Time :2007-10-03 13:48:44 Severity :Medium Reporter :Network Monitor Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)Protocol:IGMP OutgoingSource: 192.168.X.X Destination: 18.104.22.168 Reason: Network Control Rule ID = 7
Date/Time :2007-10-03 01:20:15
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 22.214.171.124, Port = 4904)
Protocol: TCP Incoming
Destination: 192.168.X.X:4904 TCP Flags: SYN ACK Reason: Network Control Rule ID = 7
I did do Scan for Known Applications, and also enabled “Monitor DNS Queries,” but the problem still persisted, so i had to uncheck it again, for everything to work fine. Maybe its a bug in firewall?
If this is a bug, it’s the first time I’ve come across reference to it. I don’t think those two log entries are related - IGMP is a protocol commonly experienced on a network (behind a router) that is blocked by default, and the other is a blocked unsolicited inbound request from another resource on your network (because that bottom BLock & Log all rule is working -which is good!).
Have you just recently installed the firewall?
Would you be willing to follow some specific steps to uninstall and reinstall to see if the issue persists?
I installed this firewall few days ago… since I was switching from Zonealarm firewall PRO. I did follow all procedures in removing zonealarm pro completely, since I thought that interfered with the comodo firewall. If you want me to test out, I can uninstall and reinstall it again. What procedure should i follow?
P.S. I’m using Comodo Firewall Pro 126.96.36.199
Yes, there is a lot of evidence to support various FW conflicts, and ZA seems to leave some stuff lying around afterwards… However, that’s not entirely what I’m looking at.
When you installed, did you do so in SafeMode?
If not, would you:
- Boot to SafeMode
- Uninstall CFP
- Reboot to SafeMode
- Run a registry cleaner such as ccleaner or regseeker (be sure to use the “backup” feature prior to deleting any registry entries)
- Reboot to SafeMode
- Reinstall CFP (use Automatic, not Advanced/Manual).
- Reboot normally into Windows.
- Run the Scan for Known Applications.
- Keep the safelist enabled (it will be by default).
- In Security/Advanced/Miscellaneous, make sure both boxes for “Skip Loopback…” are checked (unless you use a local proxy).
- Allow w/Remember any alerts for your browser.
Then see how it does. If it still has the same problem, I’d say we have a reproducible issue, and we’ll report to Support. I want to rule out a random blip occurring during installation, though.
I have done everything like you said, and it still gives me the same problem on loading website, for example Citibank credit card website.
P.S. I also have Google Web Accelerator Active…
After numerous tests, I came to conclusion that Google Web Accelerator is conflicting with Comodo Firewall. I have turned OFF google accelerator and turned ON the “Monitor DNS Queries” and the websites were loading at good rate. Then I turned ON google accelerator and turned ON “Monitor DNS Queries” and the problem of loading slow has appeared. Then I turned ON google accelerator and turned OFF “Monitor DNS Queries” and there was no problem with the loading.
I did that couple of times to be sure, and it confirmed. So now, i assume the problem is between Google Web Accelerator v.s. CF Monitor DNS Queries. Is it a bug? I have no idea.
That’s how you approach problems, isolating.
2. How does Google Web Accelerator work?
Google Web Accelerator uses various strategies to make your web pages load faster, including:
* Sending your page requests through Google machines dedicated to handling Google Web Accelerator traffic. * Storing copies of frequently looked at pages to make them quickly accessible. * Downloading only the updates if a web page has changed slightly since you last viewed it. * Prefetching certain pages onto your computer in advance. * Managing your Internet connection to reduce delays. * Compressing data before sending it to your computer.
- Can I use Google Web Accelerator with a dial-up connection?
Dial-up users may not see much improvement, as Google Web Accelerator is currently optimized to speed up web page loading for broadband connections.
This thing seems to do a lot of work, but… do you need this?
I do feel a difference in loading of websites with google web accelerator. :-\
Then i don’t know. Have you seen fasterfox (for firefox):
Never used it note, i don’t know what’s bad or good about it. I never saw the need for it.
Here’s my guess (and it’s just a guess)… some websites (especially banking) are making efforts to protect users by employing strategies to prevent phishing/pharming/fraud in any way. I’ve run into some of these methodologies as they negatively (from my view) impact my ability to quickly do the things I need to do with my job. They may be more secure but they’re a pain.
In efforts to identify the machine attempting to connect to their site, and validate the user’s authenticity, the fact that DNS queries are re-routed thru google’s servers could be negatively impacting the load time. Regardless of the other aspects (pre-fetching, local caching, etc) any time the connection is being routed thru an unrelated server I personally see the connection as being forced to take more time. It’s another point of contact, and every point of contact will (by default) slow it down.
For example, in a simple wiring scheme (let’s say for your home’s network, or telephone, etc) every time you have any coupler or junction box, it slows down the transfer of data, and also adds a little bit more corruption into the stream. Although none of it individually may have a big impact, all of it collectively can make a difference (with phones this is especially noticeable).
BTW, the prefetching and acceleration puts a negative strain on the hosting servers and is not considered to be a polite thing to do. Fasterfox does this, and has several modes, which allow the user to not use the strain-causing features. Without those features, I don’t see that it makes that much difference, really. With those features, well… it’s faster, but at a price to others.
Does “DNS Monitor Queries” play a critical role in protecting the system from hackers? Or I can be protected without this?
its called recursive dns and just means at least it will deny if not orign DNS call was.