NOD32 with COMODO Firewall - Problems...?..

Hi,

I have recently switched to Comodo and like what I am seeing so far

I have a question about something I think may be an error though?

I have Comodo running (firewall) and have disabled defense.

I have NOD32 3 running also.

Now.

On my old firewall (Sygate) it used to alert me to ANYTHING going past the firewall, unless I have set the program to be trusted.

Now, when I use a web browser (firefox or explorer), it doesnt ask me with Comodo, it just allows it access.

Bear with me, as Im not that up on my computer security as I should be…
But Isnt that a security risk in case another program piggybacks onto it?

Ive tried going into the Comodo settings “Predefined Firewall Policies”, and gone into Web Browser.

The options
“Allow outgoing HTTP requests”
“Allow outgoing FTP requests” &
“Allow outgoing DNS requests”

Are all set to allow by default. I have switched these to “ASK” and it still doesnt ask me when I open the browsers, it just allows access again.

I think there is a conflict with the NOD32 file/kernal ekrn.exe

I have set that to “allow all” as I want the latest signature files to be downloaded no question.

However, I have noticed that if I dont grant this access it interferes with the browers access to the internet.

Is there a conflict of some sort?

Is this common / has anyone else noticed this?

Any help appreciated… really frustrating me this one!

I have searched around and have seen threads which I think are the same problem but some of the tech speak is over my head so apologies if this has been posted a lot.

Thanks

Just need to make a rule like so:

  1. Firewall>Advanced>Network Security Policy.

  2. C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe.

  3. Ask IP IN/OUT From IP Any To IP Any Where Protocol Is Any.

Now when IE, Firefox,Outlook, etc. goes out a pop up will appear once for ever single Port you go to within that session (i.e. 80,443,20, etc.). Make sure you set your Firewall Behavior Settings to High and NOT Very High. If you set it to Very High you will get endless prompts from Comodo because of the Show alerts for every IP Address.

NOD32 v3 uses a Proxy Server. That is why you do not get any pop up’s from Comodo when you let Firefox go to the Internet.

Robert

P.S. Do not forget to NOT make it a permanent rule within the alerts! I do not know what other rules you have for ekrn.exe but if it does not work then reorder the rules.

That rule will get you pop-ups for every connection. The rule for Firefox is in that window also:Firewall>Advanced>Network Security Policy. It was probably created by you clicking “Allow” for the first pop-up that Firefox caused. It may need editing. If it is a single “Allow” IP rule, highlight the entry and click Edit. On the Edit dialog, click the “Use a predefined policy” button and select the “Browser” policy.

Sorry but for me it does not do this. Sometimes it may pop up twice for the same port but that is it. Been using this rule for 2 days now and it works just fine.

  1. Open Firefox (blank page).
  2. Alert for ekrn.exe on Port 80 to IP blah blah.
  3. Hit allow but not to remember.
  4. Go to MSN.
  5. No alert.
  6. Go to Comodo.
  7. Alert for ekrn.exe on Port 443 to IP blah blah.
  8. Allow but do not remember.
  9. Go to my banking site.
  10. No alert.

Any application that wants Internet access is being alerted that ekrn.exe wants access.

Maybe a bug but works for me every time.:slight_smile:

Robert

I think the problem is with NOD.
Try disabling the web monitor in nod32. You may also want to check out https://forums.comodo.com/help_for_v3/cpf_3_eset_nod_antivirus_v3-t15192.0.html;msg105696#msg105696
this topic discussing the same.