Am a new user (1 day ) and have a couple of issues with CFP.
After a fresh reinstall I have installed CFP, and all seamed well… but when I started do my MS Updates I noticed my connection was very slow…
At beginning I have not really cared as I said it’s maybe my WiFi (being a dell laptop I thought I might have missed some of the custom drivers) but at the end it turned out it’s not…
Downloading is throttled down to ~10 KBs.
Now since i’m in France, and have a connection of ~20 Mbs this is not funny…
Well after some testing, I did found out it was CFP causing the slowdown (exit cfp - enable ms fw)
As a result I was not able to watch TV also (VLC on a freebox - see the pattern? ).
After some browsing on these forums it seams my problem is coming from flood protection… and maybe rejection of broken packets… (not tested, at office atm)
But would like to make sure if this could be the cause of my download speed slowdown also? (I’m no network specialist )
Also my other issue with CFP is that when it’s on, the system tray icon changes to an up and down arrow animation, and in this moment if i hover on it with my mouse the tool tip is actually something like comodo firewall is being initialised…
This is strange especially since it’s not happening only at start-up… it’s quite random…
I hope it’s just a visual glitch and my fw is not actually going down all 5 minutes…
Did you install CFP using the “Automatic” install, rather than “Advanced”?
Have you made any changes to the default Network Monitor rules?
In Security/Advanced/Miscellaneous, do you have the 2nd box checked, “Do not show alerts for applications certified by Comodo”?
Have you run the application wizard (Security/Tasks/Scan for Known Applications)?
Will you go to Activity/Logs (during or immediately after you experience this slowdown), right-click an entry and select “Export to HTML.” Save the file, reopen it; copy/paste the recent entries as text into your post. You can edit/mask personal IP address for privacy; just leave enough to show a match where needed.
That will get us started there.
Regarding the tray animation and “initializing” message; no your firewall is not shutting down and starting back up again. Some other users have reported the same thing; I’ll try to look up the relevant posts and see what was going on there. In the meantime, try turning the animation off and see if the “initializing” message continues.
I’ve also noticed this “comodo firewall is being initialised…” tooltip. The first time I saw it, was after I installed the AVG free antispyware. After deinstalling it, I never saw it again. Maybe it is just a coincidence ???
The key thing to understand is that the firewall is active at the kernel level from the moment you boot the machine. The GUI (application interface) side of it is the last thing to load; it may be this that the message relates to, or it may be simply a cosmetic glitch. At any rate, it is not the core of the firewall.
Here’s three other threads where this or a similar instance is discussed:
thanks for your replies
I have not answered before as i wanted to play arround a bit more (and actually reinstalled my system - from an image, so no big deal…)
on the fresh install i have made an “autmatic” install of comodo, and now all seams fine…
spead wise. remaining problem is the use of VLC but on this i think i may find the answer here on the forums…
Good to know part of it’s taken care of. Keep digging on the VLC part, and ask questions as you need. I have every confidence that these issues can be resolved.
Does VLC have a software integration on your computer? In other words, does it have an interface and a rule in the Application Monitor? If so, you may want to consider editing that rule, going to the Miscellaneous tab, and checking the box, “Skip Advanced Security Checks.” This will disable Application Behavior Analysis just for that application, and will increase the response time.
Actually i would like to undertand why is that in all firewalls the incoming rules are not app bound.
We say, open port x, so evreything can come in on that port.
Why cant we say: open port x if app y is listening on it?
(:NRD)
—edit—
and where can i read more on flood protection in comodo (basic concept of it)
and to your question VLC has an interface, am using the latest client (not only the dlls) - i will post back more on settings later on (at office atm )
I think (but not certain) that Kerio may do this; possibly others as well. I seem to recall other users asking for this feature in the WishList, based on experiences they have had with other FWs.
With CFP, although we can’t link an application directly to a network rule, there is a tie-in. Let’s say you use utorrent, and have it set for port 5368 in your network monitor. That port is not open, as CFP doesn’t hold ports. In order for that network monitor rule to be used, there has to be a matching application monitor rule. So in that scenario you’d have to add port 5368 to your utorrent application rule; otherwise the network rule just sits there with nothing to do…
Have you looked at CFP’s Help files?
Regarding VLC, okay tnx; just let us know how that goes for you, once you make those changes.
Thanks for the clarifications.
But does this not mean that when utorrent (or whatever app) is not actually running, another application (malware) might start listening on the port?
–edit–
Actually re-re-reading it, you just told me the contrary, sorry for being a slow one…
To continue with the utorrent example, a lot of users note a large number of blocked inbound connections after closing the torrent. This is because the app is closed, the port is no longer available, but the other external users aren’t aware, and by the nature of the p2p application, the connections keep coming for a little while, until it’s realized that they’re being dropped.
That’s why allowing an incoming ICMP port unreachable NetMon rule will help speed things up, including those constant connection attempts after a closed p2p program.
Well it was simple to solve my last issue… I have set up a new Zone
By the way, what should one do, if he has let’s say 3 different IPs that are not fallowing each other and would like to set them as a zone…? Not possible huh?
The only funny thing was that even with a zone set I have faced a DOS attack… so I had to raise the values there…
Is there a way to say for the given zone all is possible? No advance checks, no flood protection, etc
3 Different IPs, huh? If this is three different computers networked together, why don’t you assign static IPs manually? Then create your zone that way.
If that’s not possible for some reason, you would have to create 3 different zones for greater security.
As far skipping all advanced checks for a trusted zone/network, no I don’t think so. You’re allowing all IP traffic, but the advanced detection & prevention occurs outside of that, and is only available globally. So in other words, you’d have to turn it off for everything, in order to not have it for your Zone.
Well the 3 IPs are related to the same VLC issue…
Actually the stream comes from 2 distinct ips (these 2 are fallowing each other so I made the zone on it) but there is a 3rd IP used for actually reading the stream list or play list… and this ip is not in the same range like the other 2. (Actually is the 3rd segment that is different…) - this one i had to create as a separate rule…
I should’ve thought of this b4, since you mentioned flood protection in your first post, but if you’re looking at that as relating to VLC, you can increase the flood values - Security/Advanced/Advanced Attack & Detection. Might go fairly small amounts at a time (like say, 50 or so), to get to a point that works, without crippling that aspect of security.
Actually the flood values are at 300 (bit high?) as the flood alert was saying around 294 - 297 packets, so I thought 300 will be ok…
The 3 IP issue is related just in the means that VLC uses 3 IP to receive the stream and play list (all these IPs are from my ISP so they should be ok) - it’s like this the service from the provider…
And the “problem” is, that only 2 off them are consecutive the 3rd is quite different (diff on 3rd segment) so to set up a zone on the full 2 last segments of the IP it seams a bit big as range…
why i opted to make 1 zone (2 consecutive IPs) + 1 ip rule
Yes, it makes sense, and that should work. All you’ve done is created a very limited Zone/Trusted Network with that single IP rule. So that’s fine.
Does it all seem to be working the way you want/need it to, in regards to your initial question?
) and have a couple of issues with CFP.
)