Network Rule

Help for v3
21

I have been working through the latest ideas from AnotherOne, macondo & SW but I haven’t taken them in order.

Firstly of all macondo’s suggestion of a new shared folder because it was easy to try. I made a folder on PC-1: C:\ share_2 and checked “share this folder…” & “Allow network users…” The result is the same – I can see it from PC-2 but I can’t open it. You also said in the same post to try Revo Uninstaller – I’ll try that on the next uninstall but if I jump right in and do it I’ll need to spend time going back and setting rules etc.

Continuing with macondo’s suggestions, I checked “log event” for the Global Rules and tried to connect from PC-2. The only event logged was…

App: Windows Operating System Action: Allowed Source IP: 192.168.1.101 Source Port: 137 Destination IP: 192.168.1.255 Destination Port 137

That’s the correct IP for PC-2, but I don’t understand why it says “allowed” when it denied access.

I also looked in Active Connections and yes I can see PC-2’s (laptop) IP under System: 192.168.1.101:49230 plus other entries coming up with the same IP but different suffixes (port numbers).

You said “I presume you find the PC from your laptop by typing its IP address into Start… Run.”
No: When I type PC-1’s IP (192.168.1.100) into PC-2’s Start, Run I get a Windows message saying it cannot be found. But the same thing happens if I put PC-2’s IP (192.168.1.101) into PC-1’s Run box, and I can still access PC-2 from PC-1 so I suspect I’m doing something wrong here. Is it just a matter of doing Start, Run, Open: 192.168.1.100 [OK]?? – I have never tried this before so I need to know the exact procedure. I’ve also checked those IPs again using C:>ipconfig .
The next suggestion from macondo was to make a port set “Any”. Access still blocked. Rebooted PC-1 in case Comodo hadn’t actioned it but no change. Removed the temporary ports set.
I’ve taken another look at the log – Global Rules. All rules are checked “Log as a firewall event if this rule is fired”. Cleared the log and tried to get access to my shared folder – no entries appeared in the log. I’m beginning to think that Windows is the block – but only when Comodo is installed. The printer (on PC-1) still works fine from PC-2 (laptop).

I then tried SW’s suggestions by going into Application Rules and moving the System Group to the top. I went into My Ports Sets and made a set for ports 139 and 445 and went back to the System Group and made a new rule Allow/TCP/In
Source Address: 192.168.1.101 (PC-2 – laptop)
Destination Address: Any
Source port: Any
Destination Port: 139,445
[Apply] x2

You said “two specific rules” but I assumed you mean one combined rule using the port set 139,445 I made.

Access was still blocked at this point.

Regarding your last item SW, I am connecting to PC-1 via PC-2’s “Network” window (Vista).
I’m not familiar with mapping a network drive but I tried your suggestion.
My share folder (one of them) is “temp” so I opened My Network Drive, selected drive Z from the dropdown menu and then typed in \192.168.1.100\temp (correct syntax?) I use the same username and password on each PC.

After a short while a Windows message popped up saying “The mapped network drive could not be created…
Not enough server storage is available to process this command”. I tried again with the same result.

I will post this and then return to the items from AnotherOne re network definition and editing rules, and uninstalling Comodo followed by using Revo Uninstaller. I can’t say whether that will be Tuesday or Wednesday.

22

I’m not sure, AnotherOne, whether I understand your post regarding IPs and rules but I’ll do my best to work through it. The System Rule 192.168.1.101/255.255.255.0 is the IP for PC-2 (laptop). I don’t know what svchost.exe should be – as you say it is 192.168.1.1/255.255.255.0 at present. I thought I’d try (temporarily) making them both encompass a range that includes both IPs, ie 192.168.1.1 to 192.168.1.101. The Realtek range is 192.168.1.100 to ~ .109. I’ve temporarily made that 192.168.1.1 to ~ .109.
I then ran the Stealth Ports Wizard again. You also say I should edit any rules in the Network Security Policy page that use the Zone – there are six rules in Global Rules that refer to the Realtek zone but I don’t know what changes I need to make to them.

Rebooted PC-1 and tried to access it from PC-2 but still no go.

Wednesday I will try macondo’s suggestion of uninstalling Comodo, running Revo Uninstaller, then re-installing Comodo – unless you no longer think it’s worthwhile macondo. I’m beginning to give up on Comodo – it surely shouldn’t be this difficult to set up a firewall and allow another PC to talk to it.

23

The change to the Global rules would be to select the rule, click Edit and on the Edit dialog, select the rule that uses the Realtek zone and then click Edit on that page. You would then choose the tab with the zone listed on it and re-select the zone and then click Apply. This updates the zone definition in the rule. I would be worried about the System rule, since it only refers to 192.168.1.101 and up. I have allowed 192.168.1.0 - 192.168.1.255 on my system, partly because I was seeing some communications to 192.168.1.255 which appears to be a system address. I don’t see harm in allowing the full range unless you have a wireless LAN and worry about freeloaders - it is a reserved IP address range for LAN’s.

24

Well, eccles, it’s either a Windows problem or a Comodo one. You wouldn’t know until or unless you completely removed Comodo and

  1. Re-installed it on the system knowing there’s not a trace of Comodo left on it
  2. Tried another firewall to see if the same thing happened

If you wish to try Revo Uninstaller, just type those words into google to download it. It’s free and excellent.

To get rid of Comodo I suggest restarting the computer in Safe mode, but CREATE A RESTORE POINT before you do anything else.
1.Shut down comodo if it starts up, but it shouldn’t in safe mode, I don’t think.
2. Run Revo and find Comodo in the list - it may take a minute or so to fully populate the list.
3. Right click it and select Uninstall from the drop down menu.
4. After it has uninstalled, DO NOT reboot yet even though Comodo’s uninstaller may ask you to do so. INSTEAD, select to have Revo do its own check of the registry and files to see if it can find anything left behind by the uninstaller. This is what places Revo ahead of other third party uninstallers.
5. Use a registry cleaner if you have one, or download a free one such as at
http://personal.inet.fi/business/toniarts/ecleane.htm
It should find any remaining orphan entries in your registry and delete them.
6. Restart the computer in normal mode.
7. Right click My Computer and go to Hardware… Device manager
8. Click on View and select Show hidden devices.
9. Scroll down until you get to Non Plug and play devices. Click on that and you should see quite a list.
10. Scroll down the list and see if there are STILL any drivers such as Comodo Application Engine, Comodo Pro Help Driver, and/or Comodo Network Engine. Right click any Comodo items you find and select Uninstall.
11. After all that, if you really want to be thorough, get a registry search program like Registry Crawler (30 day trial at http://www.4dev.com/regc/index.htm), which will do a search for the term Comodo in a few seconds, unlike Regedit which takes forever. You can then double click any of the entries it finds and delete them from Regedit, which Reg Crawler will open up for you.
12. Reboot and try your network connection without firewall.
13. Go to Windows Security Center (Start… Prgrams… Accessories) and make sure it is NOT still reporting Comodo as ‘ON’!
14. Create another restore point suitably named, so that if you want to uninstall Comodo again after the next step, it’ll be much easier and quicker!
15. Reinstall Comodo and try again! If you still don’t have any success it might be time to give it up and try something else.

If you prefer, you could follow the very detailed instructions for doing the complete removal posted by USSS at:
https://forums.comodo.com/help_for_v3/comprehensive_instructions_for_completely_removing_comodo_firewall_pro_3_info-t17220.0.html
They don’t involve Revo and would probably take you a lot longer. Some of the things he suggests are also mentioned above. He does mention another program called Your Uninstaller, but I have tried them both and believe Revo is far superior and much more powerful. If you scroll down a bit you will find USSS has made a batch file available to perform a lot of the work he details in his post. It’s worth reading the whole thread, anyway.

BTW, are you using Comodo on the laptop?

25

@eccles

I have to hand it to you for all your patience. There are a lot of great ideas in this thread and I can’t believe it’s still not working. Is the ID you’re using an admin on both machines? Also- your syntax for mapping the drive was correct. Instead of mapping to your manual share, try the administrative share c$ in the “map network drive” instructions you used before. I.e., try to map z: to this:
\192.168.1.100\c$

26

@eccles

One other thing: change the system rule that you allowed 139 and 445 on to allow and log. This way you can see if the rule is even being triggered.

-SW

27

Firstly I’ve looked at AnotherOne’s post re rules.

Went back to Global rules and updated the zone definitions in the way you described. The System Rule you refer to had the range (since I changed it) 192.168.1.1 to 192.168.1.101 . I’ve now changed it to 192.168.1.0 – 192.168.1.255 – the range you use. However I do have a wireless LAN (PC-1 is hard-wired to the router but PC-2 goes via a wireless card) and I have been told to watch out for freeloaders – so I don’t know whether it’s a bad idea to leave it set that way.

Access to shared folder still denied.

I moved on to macondo’s post and uninstalled Comodo, removing any traces of it that I could find.

The bottom line, sadly, is that having done that and re-installed Comodo my shared folders are still blocked.

Downloaded and installed Revo Uninstaller v1.42 on PC-1. Made a restore point and restarted in Safe Mode. Comodo didn’t start. Ran Revo in Advanced (most thorough) mode. Did not reboot when Comodo suggested, Revo continued to check Registry and folders. Revo offered to delete a number of registry items which I told it to go ahead and do. It also found a number of folders and files which I told it to remove. It then said it had successfully completed uninstalling Comodo. Rebooted to normal mode, downloaded EasyCleaner 2.0, scanned Registry and deleted all orphan entries.

Looked in Device Manager Non Plug & Play devices – no Comodo items found.

Searched through registry using Registry Workshop, found a couple of Comodo items and deleted them.

!! Can now access all three of the PC-1 shared folders from PC-2.

Enabled Windows firewall on PC-1 – can still access the shared folders. This is the same as when I last uninstalled Comodo.

Checked in Windows Security and confirmed it’s NOT reporting Comodo ON.

Made a restore point.

Switched off Windows firewall and re-installed Comodo 3 – without Defense+.
Once again it detected the network and I checked “I would like to be fully accessible to the other PCs”

Once again access to my shared folders is denied, though as before I can get online OK from both machines. Looks like the problem is Comodo. Sharing works fine with no firewall or Windows XP’s one-way firewall, but not with Comodo. I’ll uninstall it and run with the Windows firewall until I decide which alternative to use. I have a current subscription on Norton Internet Security 2007. I haven’t tried it since I set up the network. I ditched it in favour of Comodo because it slowed down the PC too much, but I could try it just to see what happens. Longer term I could try Zone Alarm I guess.

I don’t have Comodo on the laptop, I have Norton 360 – it came with the machine, and as it doesn’t have the same adverse effect I’ve left it on for the moment. I had hoped that I could switch to Comodo on that machine too, but I’m feeling too Comodo-shocked at the moment to try it on anything else.

SW’s posts appeared while I was trying all of the above. Yes I am using an Admin account on both machines, with the same user name. Also both Workgroup names are the same. Besides, if any of these weren’t correct why would it work just great without Comodo?
I tried the admin share \192.168.1.100c$ but it said “The network path \192.168.1.100c$ could not be found”. I tried it using \192.168.1.100\c$ and \192.168.1.100\temp$ with the same result.

I also tried to change the system rule 139 and 445 on to allow and log. In uninstalling and re-installing Comodo I only have the rules it made when I installed it. I went into Application Rules and moved the System Group to the top. I went into My Ports Sets and made a set for ports 139 and 445 and went back to the System Group but it wouldn’t allow me to make the new rule Allow/TCP/In – it wanted to know the application path. I’ve obviously gone about it the wrong way but as I’m sure the problem is some incompatibility between my setup and comodo I’m ready to call it a day.

Thanks anyway to all those who tried to resolve this for me.

28

Hi eccles.

Sorry we couldn’t get to the bottom of it. Very frustrating. There must be a basic incompatibility between your computer or your windows installation and CFP. The only other thing I can think of is that you have a network card for which the driver will not function properly with CFP. I think you said it was hard-wired to the router. My last suggestion, short of the absolutely drastic reformat/reinstall windows, is to upgrade the driver for the network card, if possible, or try another card, either ethernet or wireless, or even try updating the firmware for the router. As long as it doesn’t cost any money!

If you do give up on CFP3, and you wouldn’t be the first (!), a highly regarded free one is Online Armor free version, which I installed on three of the four computers in this house because they are used by people who would have a seizure if they saw all the Comodo3 pop-ups and reminders about pending files and so on, and I couldn’t stand all the complaining. It has the ability to warn the user about unknown programs, but this can be turned off, and so can the pop-up bubbles giving information about what it is doing. It has a Learning mode that allows it to run silently, and seems to allow trusted network traffic by default.

Jetico also have a free version of their firewall. Both it and Online Armor have been highly rated by Matousec at http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php. But so has Comodo! It took me a while and a few reinstalls of Comodo to get it working well and to understand it; it’s certainly not easy in its current form. You never specified what was wrong with your installation of Comodo v.2; it might be worth trying that again now that you know how to remove all trace of Comodo v.3.

Anyway, fair play to you, as the Irish say.

29

Hi macondo

Thanks for the extra useful info. Yes the PC with Comodo is hard wired to the router, and the laptop is on a wireless card. I don’t want to risk upsetting the PC’s network card because it’s been perfect ever since I fitted in several years ago when I first got broadband via a cable modem. Before I uninstalled CFP today things had become even worse – I couldn’t get online with IE7 from the PC. Firefox still worked fine (& both browsers OK from the laptop) but a couple of sites I use need IE. I also found that Mail Washer and Outlook Express were blocked. I uninstalled CFP and everything worked again.
Comodo v2 (which I’d used for 4 months or so) was OK before I setup the network just a few weeks ago. I had to tinker with it a lot to get access from the laptop to the PC, and although it worked eventually I wasn’t sure that I hadn’t drilled so many holes in it that it was no longer very effective. I was just going to uninstall and re-install it when I noticed that ver 3 was available so I thought I’d try that. The rest you know.
I decided that I can’t spend any more time experimenting with CFP so I took your advice and installed Online Armor. It’s early days but it looks very promising, especially as the LAN worked straight away with no tweaking necessary. I like the interface and the simple, intuitive way it takes you through everything when you install it. It’s just a pity it says it isn’t suitable for Vista or I’d put it on the laptop as well.
Thanks again – and I’ll send you a message about the land of the Yarra.

30

I, too, wish we could’ve gotten this working for you. Good luck with Online Armor! I looked at that before settling on CFP, and the only things I didn’t like were:
- the free version does not allow restrictions on the destination IP address
- the paid version DOES allow that restriction to be applied, but requires online activation

While I appreciate the need to prevent piracy, I do not want to rely on online activation for my firewall. The last thing I need at 3AM is to be reinstalling an OS, and having activation problems with essential software. Not to mention if the company goes out of business, etc.

-SW

31

SW, you are dead right about not being able to restrict the IP addresses in a network. For many home network users this wouldn’t be a problem, though, and the firewall does a good job according to various testing sites. The online activation is also a peeve for the paid version and is one reason I would not consider paying for it. If you have PAID, they should just give you a code to unlock it. Online activation is a Microsoft ploy that to my mind does no credit to a small company that otherwise has a good product. Comodo, for all its complications and teething problems at present, is wonderfully free. Now that I’ve worked it out, I think I’ll stick to it.