Network printer problem solution with Comodo firewall?

Frequently Asked Questions (FAQ) for Comodo firewa
1

Summary:

Networking printer problems - i.e. Brother MFC-425CN - seem to be solvable by unchecking [Block fragmented IP datagrams] under [Advanced Attack Detection and Prevention].
Additionally, deleting all entries in the Network Monitor and [defining A New Trusted Network] by using the wizart in [Tasks]

Hi,

As I’m new to this forum - or any other forum for that matter - I do hope this post is put in the proper way in the right place.

I’d like to share my experience with a problem that finally appeared to be a Comodo-firewall conflict with my Brother MFC-425CN network printer.

The problem that I encountered was known by Brother’s helpdesk, who could not give me any other solution than switch back to the Windows firewall … an advice that appeared to be unacceptable to me. (:AGY)

I recently installed Comodo firewall on 2 PC’s in a small home network, consisting of:

  • one Pentium II / Windows 98SE system,
  • one Pentium III / Windows XP Pro system,
  • one Pentium IV / Windows XP Home Edition PC and
  • one Brother MFC-425CN network connected printer.

After installation all seemed to be working fine, until attempting to print a .pdf document.
This printing-attempt resulted in very different types of errors on the PC’s and even a complete system block on the PIV / Win XP Home system.

The Windows taskmanager showed a driver, called BrMfcWnd.exe, mentioned - even up to 25 times - in the “Processes”-window. All of this without any response of the printer, while all other functions of Windows seemed to be blocked.

Only by manually stopping the BrMfcWnd.exe-process, the system became operational again.

Since BrMfcWnd.exe cannot be found on this PC by means of Windows Exporer, I learned from the Brother helpdesk that this program is sent from the printer to the PC in a bi-directional process.

Not being an IT-specialist myself, I tried to find a solution to establish a possibiliy for bi-directional communication within the network.

First I deleted all entries in the Comodo firewall [Network Monitor] and
Secondly I [defined A New Trusted Network] by using the wizart in [Tasks].
(The firewall is in learning mode, so I guessed it will restore any settings that should not have been removed)

By trial-and-error I found out that unchecking [Block fragmented IP datagrams] under [Advanced Attack Detection and Prevention] finally solved the problem.
Also, a considerable increase on inter-network communication speed was achieved.

Questions:

  1. Is this the proper solution to the problem, or did I also open the firewall for communications with malicious intent?

  2. If this is not the proper solution for this problem, what is?

2

Welcome, TheFranz,

Let’s take this little problem for a spin…

First, “Learning” mode in CFP is only for the Component Monitor, while it “learns” what components make up each application, checking and certifying those as legitimate. After you’ve been using it for a few weeks, and have used pretty much all your programs, I recommend switching it to “On” so as to fully enable that level of protection (then any that aren’t known, or have changed, will generate a popup).

As to removing all the Network Rules, yeah, that’s not so much of a good thing, really. :wink: Kind of weakens the security.

Our options are:

  1. Rebuild the ruleset one piece at a time (“by hand”) and take time, along with possibly entering something incorrectly.

  2. Uninstall and reinstall, to get everything right, from the start.

I really recommend the uninstall/reinstall option; it may seem like it takes time, but in the long run, I think it will be the easier option, and with CFP, the most time is spent on the reboots.

With that in mind, watch this installation/configuration tutorial video by AOwl. https://forums.comodo.com/index.php/topic,4766.0.html.

After uninstalling CFP and rebooting, turn off any other security software - antivirus, antispyware, HIPS, etc - these may conflict with the installation.

Then follow the video tutorial to install CPF again. AOwl will walk you through installing, setting up your Zone and Network, and setting up some default application rules.

When you set up the Zone, make sure it encompasses all the PCs, along with the printer IP (are they connected through a router, hub, or how exactly…?). That way, when the rules are added (automatically, by the Network Wizard) to the Network Monitor, the two will be able to communicate back and forth.

We may still need to do some tweaking to enable that .exe from the printer to come through, but we’ll see that in CPF’s logs.

If you’re completely opposed to reinstalling CFP, let me know and we’ll go through the process to recreate all the default network rules.

LM