OK folks I read for several hours and I either can’t understand the answers or have not found them. I was happy with CPF 3 for several weeks until one day I could no longer connect to my wireless router. I get the “limited or no connectivity error.” If I set the security level to “disable” the connection comes back. I can them set the security level back to “safe mode” and surf for several more minutes until I have to do that all over again.
I realize that it might have something to do with rules, zones and I suspect IP ranges but I understand enough to fix it. How do I go back to the way it was for weeks after I installed CFP?
BTW this started happening on all the networks that I use at the same time.
Its somewhat difficult to understand what exactly is happening, and your last comment of its happening to all the networks I connect to really puzzles me when I have only one comodo defined network I connect to.
But the fact connectivity comes back when comodo is set to disabled is somewhat a definitive diagnostic that it comodo doing the blocking. And its also puzzling that you can then continue to network for a short time when comodo iis set back to safe mode. Which leads me to form a testable hypothesis that comodo is detecting some unsafe condition that it then proceeds to block totally. And the test may be in your various log files you can view by opening comodo, selecting the top firewall tab and looking at some of the log files. Or it could be in D+ also. But that is the seeming starting point for testing that hypothesis. Look at these log files and see if something seems amiss which may then imply what the solution is. Its also possible that some form of malware is trying to set up internet connections in the incoming or outgoing direction and until that malware is removed, comodo will block it.
Or alternately some legitimate program is doing the same thing, and putting it in the trusted zone may fix the problem. And that answer would also be found in your log files.
Just my immediate take on the matter. But its also something other forums members may want to help on and they may have other ideas. But to get the best possible advice, its probably best to post in more detail about how your network is configured and what your ip addresses are.
Thanks Osage for your reply. I like the testability idea. working off of that I turned on the firewall and looked at the log as soon as it blocked the network. The last few lines are below. I turned it on around 3:42 PM and everything stopped soon after. Being a NOOB I can recognize the fields and the values but have no idea if any of this indicates a problem.
Any help understanding the log output would be great. Thanks again.
Sorry the columns don’t line up and some wrap around.
Is part of the problem the source IP of 0.0.0.0 or is that more of an indication that the connection is down?
Date/Time Application Action Source IP Source Port Destination IP Destination Port
5/30/2008 9:50:17 AM C:\WINDOWS\system32\svchost.exe Blocked 0.0.0.0 68 255.255.255.255 67
5/30/2008 9:50:34 AM C:\WINDOWS\system32\svchost.exe Blocked 0.0.0.0 68 255.255.255.255 67
5/30/2008 3:42:04 PM C:\WINDOWS\system32\svchost.exe Blocked 192.168.2.15 Type(8) 192.168.2.1 Code(0)
5/30/2008 3:42:06 PM C:\WINDOWS\system32\svchost.exe Blocked 192.168.2.15 Type(8) 192.168.2.1 Code(0)
5/30/2008 3:42:11 PM C:\WINDOWS\system32\svchost.exe Blocked 192.168.2.15 68 255.255.255.255 67
5/30/2008 3:42:19 PM C:\WINDOWS\system32\svchost.exe Blocked 192.168.2.15 68 255.255.255.255 67
5/30/2008 3:42:38 PM C:\WINDOWS\system32\svchost.exe Blocked 169.254.33.184 4212 18.104.22.168 1900
5/30/2008 3:42:40 PM C:\WINDOWS\system32\svchost.exe Blocked 0.0.0.0 68 255.255.255.255 67
5/30/2008 3:42:44 PM C:\WINDOWS\system32\svchost.exe Blocked 0.0.0.0 68 255.255.255.255 67
5/30/2008 3:42:51 PM C:\WINDOWS\system32\svchost.exe Blocked 0.0.0.0 68 255.255.255.255 67
5/30/2008 3:43:07 PM C:\WINDOWS\system32\svchost.exe Blocked 0.0.0.0 68 255.255.255.255 67
All of the blocked items seems to be related with svchost.exe and the ports 67 and 68, which are required for the acquirement of your IP-adress.
I suppose that svchost.exe got Internet-access, as that’s default, and unless you’ve changed the rules, they shouldn’t just start to run havoc all of a sudden.
Do you remember if you did any change to the network rules when this started to happen? Or did you add something to the blocked zone/removed something from my network zone? Like I wrote before, this doesn’t just happen all of a sudden.
Also, can you please post your global rules, and tell us if you have any entries in ‘My Network Zones’ or ‘My Blocked Network Zones’. And according to iana.org, a type 8 code 0 ICMP-message means ‘echo’ (ping request).
I did not intentionally change any rules. At the time I had not even poked around in CFP. I do wonder if I was hasty in replying to one of the requests from CFP. Could that cause the problem?
Please find the following screen shots attached.
MyNetworkZones.JPG – I did change #36 to any in hopes of changing the symptom to no avail. I expect I should change that back but I have no idea what to change it to. Can I just delete a Network Zone Rule? Will if prompt me next time I select that network and make a default rule?
There are no blocked network zones.
In general can I just delete a rule or zone and have CP remake it according to the default rules?
[attachment deleted by admin]
Unblock svchost.exe and all should be well.