New user- can't download yahoo pop3 messages or use active sync

I am unable to download pop3 messages from Yahoo but I can from google mail and I am unable to cennect to my PDA using microsoft active sync. These problems dissapear when I exit comodo.

I am using the latest beta version of active sync but previous versions struggled too, I am using outlook 2003 to download my mail.

Help me please

Colin

Welcome to the forums, Colin. (:WAV)

You can download POP email from Google, but not Yahoo? And you’re using Outlook for both?

Were you set up and doing this prior to the installation of CPF?

What Antivirus are you using? Does it scan email?

I have some ideas; your answers will help. I know I’ve seen posts about ActiveSync; I’ll look at that.

LM

Here’s a thread discussing the PDA/ActiveSync issue. It looks promising.

Have a read through that, especially note Jasper’s post about halfway down the page…

https://forums.comodo.com/index.php/topic,4244.0.html

LM

Thanks, I use outlook 2003 for both. I can connect to google but not to yahoo, this issue is resolved as soon as I shut down comodo. Google and yahoo use different incoming and outgoing server port numbers.

I use AVG free for virus checking.

I’ll have another look at the active sync thread, it seemed a little complicated at the first read. :frowning:

Okay.

Next thing to check, what do the Activity Logs say when you’re trying to get your Yahoo mail using Outlook?

Since CPF appears to be blocking it, you should have some entries in the Log. You’re looking for entries from the Network, as well as the Application (Outlook).

Here’s what you can do: Go to Activity/Logs. Right-click any item, Export to HTML. Resave the HTML file as a .TXT file (change “file type” to All Files, then highlight and change the file extension from .htm to .txt). Copy and paste the applicable items into your post.

LM

Comodo Firewall Logs
   

Date Created: 23:18:12 22-12-2006

Log Scope: Today
   
Date/Time :2006-12-22 19:20:47
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 192.168.1.100:dhcp(68)
Details: C:\Program Files\Windows Media Player\wmplayer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 18:03:24
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: 194.168.8.100:dns(53)
Details: C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 18:03:23
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 64.233.183.109:pop3-ssl(995)
Details: C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 18:03:23
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 68.142.206.14:pop-3(110)
Details: C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 16:49:03
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:207.46.130.100:ntp(123))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 207.46.130.100:ntp(123)
Date/Time :2006-12-22 16:45:01
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 207.46.130.100:ntp(123)
Details: C:\Program Files\Windows Media Player\wmplayer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 14:57:22
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (iexplore.exe)
Application: C:\Program Files\Internet Explorer\iexplore.exe
Parent: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Protocol: TCP Out
Destination: 64.62.158.18:http(80)
Details: C:\Program Files\Windows Media Player\wmplayer.exe has tried to use C:\Program Files\Internet Explorer\iexplore.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 08:15:02
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol =  IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.100 
Destination: 224.0.0.22 
Reason: Network Control Rule ID = 10
Date/Time :2006-12-22 07:55:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.100, Port = 33715)
Protocol: UDP Incoming
Source: 24.110.170.91:12493 
Destination: 192.168.1.100:33715 
Reason: Network Control Rule ID = 10
Comodo Firewall Logs
   

Date Created: 23:22:23 22-12-2006

Log Scope: Today
   
Date/Time :2006-12-22 19:20:47
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 192.168.1.100:dhcp(68)
Details: C:\Program Files\Windows Media Player\wmplayer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 18:03:24
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: 194.168.8.100:dns(53)
Details: C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 18:03:23
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 64.233.183.109:pop3-ssl(995)
Details: C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 18:03:23
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: 68.142.206.14:pop-3(110)
Details: C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 16:49:03
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:207.46.130.100:ntp(123))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 207.46.130.100:ntp(123)
Date/Time :2006-12-22 16:45:01
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 207.46.130.100:ntp(123)
Details: C:\Program Files\Windows Media Player\wmplayer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 14:57:22
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (iexplore.exe)
Application: C:\Program Files\Internet Explorer\iexplore.exe
Parent: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Protocol: TCP Out
Destination: 64.62.158.18:http(80)
Details: C:\Program Files\Windows Media Player\wmplayer.exe has tried to use C:\Program Files\Internet Explorer\iexplore.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2006-12-22 08:15:02
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol =  IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.100 
Destination: 224.0.0.22 
Reason: Network Control Rule ID = 10
Date/Time :2006-12-22 07:55:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.100, Port = 33715)
Protocol: UDP Incoming
Source: 24.110.170.91:12493 
Destination: 192.168.1.100:33715 
Reason: Network Control Rule ID = 10
End of The Report

I don’t know if they are what you need.

:-\

Here’s one thing:

You have this block (shown in your first post of the activity logs):

Date/Time :2006-12-22 16:49:03
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:207.46.130.100:ntp(123))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 207.46.130.100:ntp(123)

You’ve got to allow svchost.exe; when that’s denied, it messes everything up. It’s a Windows thing… The IP address is Microsoft; it’s probably Windows Updater trying to connect.

There’s a couple other things of interest as well. WMPlayer and Photoshop keep “hijacking” your internet - thru Outlook, etc. If you want them to be able to connect, you need to create Application Rules allowing them to do so. Or to block them if you don’t want them to connect.

The last item in the logs, the block of the inbound traffic, is an Earthlink IP. Is Earthlink your ISP?

Or is Luton Cable?

Do you have an Application Rule for Outlook?

LM

The last item in the logs, the block of the inbound traffic, is an Earthlink IP. Is Earthlink your ISP?

NTL is my ISP.

If you want them to be able to connect, you need to create Application Rules allowing them to do so.

As far as I’m aware nothing is blocked, all my lists say allow.

I’ve added SVChost in application control rules, is that the way to do it?

Outlook has a rule which says allow all activities for this application, nothing else is ticked. As it struggles to connect for mail the small box that normally appears for avg above the clock becomes large and scrolls 20-30 lines of attempts to connect. The strange thing is sometimes it works, but only rarely/

:frowning:

Adding svchost to the app rules can potentially work; what I recommend is going to Security/Advanced/Miscellaneous, and unchecking the box that says, “Do not show alerts for applications certified by Comodo” and moving the alert frequency slider up to High or Very High. Then reboot.

THis will increase your alerts by quite a bit (which can be annoying, but you’ll turn it down later). After rebooting, you should soon see an alert for svchost.exe. Click “remember” and Allow. That will set it. After that if you want, you can reverse the steps, to reduce your alerts.

You can also speed up Outlook’s connection by doing the following. Go to the Application Monitor, to the Outlook rule. Double-click to Edit. Go to the Miscellaneous tab, and check the box for “Skip advanced security checks.” This will cause CPF to not hook into Outlook as much, and speed things up. Obviously, it reduces your security a little, but for a known/trusted app like Outlook, that’s probably not a big deal. Sometimes that’s the only way to get full speed ahead with it.

LM