network printer problem (on maxtor nas) [Resolved]

I have a printer hooked up to a Maxtor Shared Storage Plus drive. I cannot print over my wireless network when Comodo is on (also, on the printer status page, the status is listed as “Opening” when Comodo is on). If I select “Allow All”, then the printer works fine.

The logs do not show anything being blocked.

I have already tried the following: (1) made my network “trusted”; (2) added rules allowing connections in/out from the Maxtor NAS’s IP address; (3) turned off the “Do protocol analysis” option.

File sharing works fine, and I can access files on the Maxtor drive.

Any suggestions would be appreciated.

Hi Capitol K, welcome to the forums.

Check CFPs Log (Activity tab). Unless there is silent block in the Network Monitor, then CFPs Log should detail which CFP element issued the block & what exactly was blocked.

The log does not show anything being blocked at the time I unsuccessfully attempt to print.

The only activity on the log within 30 minutes of my recent print attempt is:

Date/Time :2007-01-28 12:24:28
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.104
Destination: 68.87.71.226
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 16

Date/Time :2007-01-28 12:24:28
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.104
Destination: 68.87.73.242
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 16

Date/Time :2007-01-28 10:52:59
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.104
Destination: 224.0.0.22
Reason: Network Control Rule ID = 16

(I added 224.0.0.22 as a permitted connection after seeing this in the log, because it appears to have something to do with networking; however, it did not solve my problem.)

Do you have any blocks without logging in the Network Monitor?

No - I only have one block (the one set up automatically), and it is set to display alerts.

EDIT:
Also, note that this doesn’t act like a normal block – I don’t get an error saying I can’t access the printer – when I try to print, it just freezes the program that is trying to print. If I select “Allow all,” a couple of seconds later the program is unfrozen and printing begins. It’s the same with the print status – in the “Printers and Faxes” folder, the printer doesn’t say its unavailable or something like that, it just says “Opening” forever…

Hmm… since its hanging, then I guess that’s why nothing is getting to CFPs Log. Is anything listed in Windows Event Log during these hangs? Do you have any blocks in either the Application Monitor or the Component Monitor?

Re: 224.0.0.22 is a multicast broadcast. You probably do not want to allow these outbound announcements unless it is something that your network/router uses.

Nothing listed in the Windows Event Log. I have no blocks in the Application Monitor or Component Monitor.

Then sorry, but I cannot help. I recommend that you go to Comodo Support, register on their system & raise a ticket on this issue. Please post any feedback or resolutions that Comodo Support give you here, thanks.

Well, I submitted a ticket: over the course of several emails they basically told me to do what I had already said I’d done, e.g., make network trusted… After I explained I’d done all the basic setup already, they stopped responding…

I have discovered something new that hopefully gives someone here an idea: it looks like Comodo doesn’t block the connection to the printer completely - it just significantly slows down the connection. If I click print with Comodo running, it appears to freeze the program trying to print – BUT if I wait 5 minutes or so, eventually the connection goes through, the program unfreezes, and it prints.

If I select “Allow All,” and then try the same print job, it goes through instantaneously without freezing the program.

Have you checked “skip advanced security checks” in misc tab in the application monitor rule for your printer program?
Try to check “allow invisible” too if the other option don’t work.

Another user had a problem where his network printer wouldn’t print; network rules ok, no logs showing a block. He had to allow his print spooler executable (App Monitor) and I think may have had to Skip Advanced Security checks on it.

LM

Added App Rule for:

C:\WINDOWS\system32\spoolsv.exe

  • Allow all activities
  • Allow invisible connection
  • Skip advanced security checks

Still have same problem with printing. Is there another file I should be adding an App Rule for (I have Windows XP)?

I’m not sure. But here’s something that may help show that…

Go to Security/Tasks/Miscellaneous, and move the Alert Frequency slider to High or Very High. Click OK, reboot. This is obviously going to get you a lot of alerts; but when you send a print job out, you should now get an alert for it. On that alert, you can check “Remember” and click Allow. That will set your application rule for you.

Then once it’s working, you can go back in & turn the Alert Frequency back down, and remove any superfluous rules you created (or just tone them down by removing all the extra details). The rules will now be IP, Port, Direction specific, and you will have a separate entry for each one; this creates a lot of clutter which may be unnecessary or undesirable for you.

LM

OK - did that. Only new thing I noticed was the following entry in the Log:

Date/Time :2007-02-04 00:18:56
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (System:192.168.1.250: :nbsess(139))
Application: System
Parent: System
Protocol: TCP In
Destination: 192.168.1.250::nbsess(139)

The ip address is for the print server. But I can’t tell from this what file I should be adding to the App Monitor

Well, this is incredibly frustrating.

I did a little test to narrow down the problem – I tried turning off the Application Monitor completely (but leaving Network Monitor on) and then printing: still had problem. Then tried turning off Network Monitor but leaving App Monitor on, then printing worked fine.

I still get NOTHING in the log from the Network Monitor when trying to print – even though, based on my little test, the Network Monitor is clearly the source of the problem.

Can anyone suggest anything else that could help here?

Try to disable “block fragmented IP datagrams”

Disabling “block fragmented IP datagrams” has no effect.

Ok.
My last guess. (if this one does not fix it I give up ;D)

Try to disable “Monitor DNS queries”.

Nope… :frowning:

In fact, if I turn off EVERYTHING except Network Monitor, I STILL have the problem (i.e., I completely turn off Application Monitor, Component Monitor, AND Application Behavior Analysis – still have problem). On the other hand, if I turn off just Network Monitor - but leave everything else on - I don’t have any problem.

Very annoying that Network Monitor is doing something and not telling me about it in the log!!! (:AGY) (Especially since all activity within the network is set to be allowed…)

Any other ideas???

Is this log entry consistent (IP address and Port)?

Is the IP address part of your Zone/Network rule to allow all traffic? (I presume it is, but want to make sure…)

Do you have a specific entry in the Application Monitor to allow System.exe access? If not, add a new Rule there, with System.exe as the application, Parent set to “Learn.” Probably want to allow Invisible, Skip Advanced Checks. OK. Reboot.

See what that does for you.

LM