Most URLs blocked with default settings - what's wrong? [Resolved]

mhairo · January 24, 2007, 7:21pm

I hope this is not FAQ …

I installed Comodo and everything works as expected except that comodo blocks
almost all URLs somehow. I though first that it blocked all but while trying out sites
in my Favourites, one site did come through.

Opera, Exploder and Firefox all behave same way.

Turning application monitor off helps but I would not want to leave it that way.

I have also done the “scan for known applications” with no effect.

I puzzled ??? ???

Any ideas I could try??

Little_Mac · January 24, 2007, 7:32pm

Welcome to the forums, mhairo!

If CPF has blocked something, then it will be in the logs. And it sounds like there’s something in your Application Monitor that’s gotten messed up (perhaps you have a block entry for svchost.exe?).

At any rate, will you do the following:

Open the CPF GUI to fullscreen, and take a screenshot of the Application Monitor. Save it as a jpeg or similar image file, and attach it to your next post, under “Additional Options”.

Go to the Activity Logs in CPF, right-click and select “Export to HTML.” Open the file, copy/paste the text into your next post. You can mask out any IP addresses or personal/sensitive information that you don’t want others to see.

Then we’ll see what’s going on, and get it fixed.

LM

mhairo · January 26, 2007, 8:45pm

Thanks for replying!

I realized that the site that loads ok is using https. So https loads ok but with normal http sites
the browser says that the traffic is blocked to the address or cannot be loaded.
And like said - Opera, Firefox, and Explorer act all the same way. I also tried the
IE diagnostics and that reported ok connections to Microsoft.com with http, https and ftp.

Here is the screenshot and log you asked but I think it does not help much. There is no trace
that Comodo blocks the traffic. Something is does - every time I turn the app mon off, everything
works perfectly.

Thanks for helping me out! :■■■■

Mika

Here is the log:

Date/Time :2007-01-26 22:15:14Severity :HighReporter :Application MonitorDescription: Suspicious Behaviour (WkUFind.exe)Application: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeParent: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeProtocol: UDP OutDestination: 193.xxx.0.xx::dns(53)Details: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe is an invisible application

Date/Time :2007-01-26 22:15:07Severity :HighReporter :Application MonitorDescription: Suspicious Behaviour (WkUFind.exe)Application: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeParent: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeProtocol: UDP OutDestination: 193.xxx.0.xx::dns(53)Details: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe is an invisible application

Date/Time :2007-01-26 22:15:06Severity :HighReporter :Application MonitorDescription: Suspicious Behaviour (WkUFind.exe)Application: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeParent: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeProtocol: UDP OutDestination: 193.xxx.0.xx::dns(53)Details: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe is an invisible application

Date/Time :2007-01-26 22:12:08Severity :MediumReporter :Application MonitorDescription: Application Access Denied (ashWebSv.exe:127.0.0.1: :12080)Application: C:\Program Files\Alwil Software\Avast4\ashWebSv.exeParent: C:\WINDOWS\system32\services.exeProtocol: TCP InDestination: 127.0.0.1::12080

[attachment deleted by admin]

Little_Mac · January 27, 2007, 1:32am

Nope, Comodo’s not blocking the URLs, or the internet. It’s jamming up because of the application WKUFind.exe is trying to connect invisibly, and it’s not allowed to by your Application Monitor Rules.

Do you know that you’re using WKUFind? I’m presuming it’s connected with your browser, or internet surfing in some way… It would appear (since it’s using Port 53) that it’s trying to verify your DNS, or query that server.

If so, you need to create/add a Rule for it in the Application Monitor, to Allow it outbound traffic. If it’s always the exact same IP address, you can set that as the Destination in the Application Rule, and even Port 53, if you like. If you know and trust it explicitly, you can create the rule to allow it connect as it wants (ie, invisibly).

Hope that helps. If you need/want any help with that rule (of if you have no idea what WKUFind.exe is!) let me know…

LM

mhairo · January 29, 2007, 6:57pm

(:CLP) Big hand for your help !!

Works great now. I Googled the process and found out this:

" Wkufind WkUFind.exe

(Microsoft) Microsoft Works 2002 PictureIt! update detector. Another auto-update feature that you should turn off ! If you are not convinced, then this from a Microsoft document should convince you : “You may notice that when this feature runs your computer may freeze or the program may try to update itself… You may also notice that the computer will try to dial your Internet Service Provider, connect to the Internet, and download any updates.”

Recommendation :
Turn the feature off. Auto-updating is the worst feature to ever have ON in any computer program. (1) Open PictureIt!. (2) Open a picture. (3) Choose the Tools \ Options menu option. (4) Clear the “Check for updates online” option. (5) Close PictureIt!. (6) Reboot your PC. If that still does not get rid of WKUFIND, then also disable it in The Ultimate Troubleshooter. "

So i turned it off and now everything works! Once more thanks for the wuick reply and help!

MH

Little_Mac · January 29, 2007, 7:07pm

Great, MH, I’m glad that’s working for you now! Glad I could help…

Would you go to your first post in this topic, Click to “Modify” and add “[Resolved]” to the subject line, either before or after your original text. This way other users will know there’s a potential solution for them as well.

LM