I am a sys admin trying to administer a remote workstation.
Both mine and the workstation have Comodo Firewall 3.0 loaded and are using UVNC 1.0.2
When the remote user disables comodo, (mine is still enabled) I can connect. When the remote user enables comodo, I cannot connect.
Here’s what is strange. The remote user firewall event logs show UVNC blocked even though the exact same program has been configured as a trusted application and can be viewed as such in the Network Security Policy. Also, the IP has been added to a Trusted Zone. So, I can flip from Trusted Zone and see the IP allowed, Security Policy to see the app allowed, and logs to see the app/IP blocked. This doesn’t make sense to me. Am I doing something wrong?
I just received the new version 3.0.14.273 from John and still have the same problem. Only, now it’s worse. I used to be able to use Windows Remote Desktop and now can’t. Same problem there. I allow svchost and the IP, yet still see svchost & IP blocked in the logs.
Chayes open comodo. Goto the firewall tab. Then goto “Stealth Ports Wizard”. Then pick “Alert me to incoming connections”. Now try your programs and an alert will come up about an incoming connection. Allow and the rule will be automatically created and your vnc/remote desktop will work with comodo open. You could also make your own rule for more tweaking/security.
I have attached the global rules screen shot as requested.
You will see that I tried coolio10’s idea and used the Stealth Ports Wizard to allow all connections to “me” which is the computer which is trying to remote into this computer. Unfortunately, both of coolio10’s suggestions did not work for me
If you cut the informations we cannot understand the issue.
Are you using a dialup modem?
Is that [me] a range of private IPs what class are these?
please try to create a global rule to allow inbound tcp for ports 5500 and 5900 on both pc
svchost log entries are strange are these caused by known IPs?
Would you mind to export the full log?
I created the global rule on both PCs and that did not help
the svchost are caused by the IP in “Me”
I would prefer not to post the firewall logs on a public forum but I would be willing to email them to you directly. Your email address is not listed on your profile, so I tried to use the “Send this member a personal message” link on your profile, but it does not allow attachments.
If you are behind a routher then your router is set as DMZ or bridged mode.
There is no way you could have both source and destiantion addresses of svchost as public IPs if your router is not using some particular configurtion.
Do you have dynamic public IPs or static ones?
Also I guess you have some multicast traffic blocked 239.0.0.0 to 224.255.255.255 range.
You can export the log as html and then remove the last number from ip changing them to the same letters.
Anyway in order to sort this issue you need to reset cfp logs on the failing pc and record the VNC activity.
So we can guess were the issue lies.
Anyway usually VNC uses ports 5900 and 5500
Did you set VNC to run as service instead of standalone app mode?
Please post a screenshot from CFPof your active connetions on the failing pc
I am not using VNC but am using the Windows Remote Desktop. I use VNC on other computers.
I had to uninstall Comodo 3 from both computers because it kept crashing. I am now running Zone Alarm Pro on one computer, and Comodo 2.4 on the computer being remoted into. It is working fine as before. All I have to do is add the IP (of the computer which is going to remote in) to the Comodo Network Control Rules and everything is fine. Something changed between 2.4 and 3.0 that is inhibiting remote control. I will have to wait for Comodo 4. Thank you for your help. You might want to try using Windows Remote Desktop to remote into another computer to see what I’m talking about. Then try uvnc or realvnc.
Actually I prefer VNC over remote desktop. VNC works fine here.I can connect on other internet natted pc as well. As for remote desktop a trusted network should have worked. Maybe you could post a detailed bugreport in the bugreporting board. There is a chance that also system process needed some privileges as well. Anyway I guess that adding destination port 3389 allow rule for tcp and udp could have shed more light on this issue.
