Hi: I’ve just installed the firewall and am already somewhat lost. It seems that the program has REALLY slowed down my url loading. I have done no tinkering with the program; so it is set-up in the standard protocol built in.
Problem #2 … everytime I click on a new url or link, it pops up that IE Explorer needs to be approved. I always check the remember little box … but next page … same thing.
What do I need to do?
Thanks
Chuck
Sorry you’re having troubles, Chuck, but welcome to the forums!
You shouldn’t be experiencing this kind of lag from CPF; it’s really pretty low on resources.
Let’s do a couple things and see where that takes us…
Make sure you have run the Wizards for Define a Trusted Network (if you’re on a LAN) and Scan for Known Applications.
Make sure you have logging enabled: Go to Security/Network Monitor, to your “Out” rule(s) and make sure next the “Allow” box you check “Create an Alert if this rule is fired.” This way you can see in your logs specific details about CPF alerting you on IE (if it’s alerting, there’s a reason).
Stop and Restart CPF: Close the application window. Rt-click CPF icon in the system tray. Select Exit. CPF will warn you it won’t be protecting. Ok. Then go to Start/Programs/Comodo/Firewall/Comodo Firewall to restart CPF.
Now when IE connects, if CPF prompts you to allow it, you can go to Activity/Logs and see why. There is a reason, I guarantee it. 
It may come from the process that’s run when you click on the links…
Post back what happens next…
I hope this helps,
LM
Thank you. Let me state this right up front; being a ‘newbie’, it may be obvious that I am not versed in the program yet. So please bear with me if you will.
Yes, I had already done the scan and wizard processes. With that in mind, I went ahead an uninstalled and rebooted and then re-installed. Upon activating, the same things occurred. This time though, due to my ‘stupidity’, I noticed that there was continuation arrows on the alert. They aren’t that obvious and so I missed them. With this, I then clicked the approve box for each one and then onto the next and did the same; and then approved the whole process … apparently.
That was #1. Next I went to the monitor screen and … I presume this is what you meant … I noticed a reference to my NIC card. So I clicked on it … and somewhere in there I came across “IN” … only. So I scouted around a bit more and came across a pull down menu to change this to “IN/OUT” … which I did. I ‘think’ it added another reference line to the NIC … but don’t quote me on that.
Also, as the new re-install started, it alerted me to a problem; and there was a “Send” problem to you … which I did. It addressed a little utility called YahooPops … which permits one to monitor their free web site based email programs via Outlook Express … rather than having to sign in and sign out of each one individually … just let OE do the work. It addresses the POP3 process by the way. So your end should have received this program by now.
All in all, it ‘seems’ to have corrected it’s slowness somewhat.
Closing … regarding YahooPops, it’s interesting that with the first installation of the firewall, nothing popped up regarding a problem with YPops. Yet, after uninstall and reinstall, suddenly it noticed it … even though YPops had been there all along.
Chuck
Chuck,
No problem, I’m hangin’ with you here; don’t worry about being a newbie to CPF…
Please do the following:
Go to Security/Network Monitor, check all of your rules which are flagged for “Out” and make sure the box next to “Allow” is checked for “Create an alert if this rule is fired.” This way you can see in Activity/Logs what is occuring. I’ve attached a couple screenshots. On the Activity Log, the lower section of the screen shows the details; the very last entry gives the reason (what Network Rule) caused the entry. You may have stuff connecting that’s slowing down your performance… The Network Rule screenshot is just there for point of reference, to give you an idea of what I’m talking about. After you’re satisfied with performance/connection issues, you can uncheck the outbound logging if you want (obviously it will be creating a lot of log entries).
Personally, I’m suspicious about YahooPops (I’m suspicious about a lot of things, LOL). I’ve used OE extensively with multiple web-based email, and never used any other additional interface to retrieve those emails for me; it can do it without them. What this means functionally is that OE, which is your email management program is connecting to the internet through YPops, which then acts like a proxy server to your web-based email, to retrieve your messages. This means instead of one program directly accessing, you have two… Not only do we have more resource drain, I have found that these extra programs frequently eat a lot more resources than we want them to. Just IMO.
Sometimes with software, a little “burp” within the computer on installation can cause some annoying problems not resolvable by any means other than reinstallation. Which can be even more annoying…
The arrows on the alert boxes typically show multiple processes/services for the application being activated - these relate to the Component Monitor (where you’ll see a “ton” of entries that have been authorized). If you just click “Allow” on the popup without looking through the arrows, it will automatically allow all of them.
Oh, and I don’t usually run combined In/Out rules in the Network Connections. If I need both for one type of connection/port/etc I create two rules which are identical except for the In or Out aspect. This way (for one thing) when a log entry is created, it’s easier to tell which happened…
When you’re going through the logs, you have have to check some of the IP addresses to see what they are. You can disregard 127.0.0.1 as that’s an internal loopback (if you see them, you can disable that by going to Security/Advanced/Miscellaneous and checking the “Skip Loopback…UDP, TCP” boxes; that will speed up performance as well). If you’re behind a router (not referring to a modem, but a dedicated router) you will see a connection to that as well (and when you check the IP, you’ll probably get some sort of error); depending on the router you may be looking at something like 192.168.1.1.
You can monitor the Connections under the Activity tab, to see what’s connecting at any given point in time. Watching Windows Task Manager as well will help show where your resources are if you experience slowdowns.
I just realized that’s quite a bit; sorry, I don’t mean to overwhelm you. My mind got to working and just I kept going…
A summary:
Check your logging.
Check for Loopback connections.
See what is connecting.
There, I’ve color-coded it… ;D
Then let’s see what’s happening.
LM
[attachment deleted by admin]
Chuck,
How’s the slowness factor going?
Any improvements? Additional problems? Confusions…?
LM
Hi,
I am new to CPF and to the forum so I didn’t want to create a new topic, and this one seemed titled appropriately.
My question is really simple: how do I figure out which application did something that appears in the log? I mean, I don’t seem to be able to see the source app at least for outbound traffic…
Thankies.
That may not be as simple as we’d like, elfstone. If you’re looking at the Network traffic in the Activity Logs, it does not presently show the associated Application that created the traffic. Bummer. 
There’s a couple things you can do at this point to help you narrow it down. You can look for an Application Activity in the log, at the same time as the Network Activity you’re trying to resolve. See if you can match that up. If, however, the application is not breaking a rule, it probably won’t be logged. The other thing is to try the IP address given in the Network log; see if that sheds any light on it (if it’s just a network address, like your router, or the loopback (127.0.0.1), or something like that, it’s probably svchost.exe. If it’s an external IP, maybe that will help you resolve it.
For the future, you can go to Security/Advanced/Miscellaneous and do the following:
Move the Alert Frequency slider to High or Very High.
Uncheck the box that says, “Do not show alerts for applications certified by Comodo.”
This will increase the popup alerts that CPF is giving you (which can be annoying; you’ll turn it back down once you’ve figured out what’s connecting), but they will show you the details of IP, application, that sort of thing, to help you figure out exactly what’s transpiring.
Hope that helps. Be sure to post back your results…
LM
PS: If no one’s said it to you yet, welcome to the forums! (:WAV)
Thanks for the welcome, and for the answer.
I managed to find out the ‘culprit’, it was Skype. It seems Skype works hard behind the scenes, I’m guessing it’s acting like a node for other people’s calls or something…
Aha! I have seen a number of posts with questions about Skype. If you put that in the search field, you should garner some results - if you have any further issues in that area.
Glad you got it tracked down, and I hope everything is working well with it for you.
There’s a lot of info available about CPF in the Help and FAQ sections here on the forums, and there’s also KB articles on the Support site, http://support.comodo.com. There’s a lot of helpful people here as well, so if you have questions you can’t find the answers to, or are unsure about, please feel free to post in the appropriate open thread, or create a new one. I highly recommend reading about Network Control Rules here:
https://forums.comodo.com/index.php/topic,1125.0.html, as this sets the stage for how all communications are allowed to take place. From there, all applications can only connect in accordance with those rules; if something is different, CPF will let you know.
LM