Strange random disconnections

Hi, first post. I really need help here.

Here’s the situation:
I’ve been using Norton until it expired, then I had to get a new antivirus/firewall.
The Antivirus program works fine (btw, it found 24 viruses/trojans that norton had never found), but I’m in trouble with the firewall.

First I tried ZoneAlarm, now I use Comodo. The problem exists in BOTH programs.

And here it is: I get randomly (?) disconnected from the internet; well, sometimes I will get completely disconnected, more often it will say I’m connected, but I can’t receive or send any data (not even a singe bit or byte). When this happens I just have to disconnect (not physically, just click disconnect on the internet-symbol) and reconnect again, and everything works fine again.

And here’s the strange thing: I play a lot of online poker, and when I do so, I NEVER ever get this problem! It only occours when I surf with netscape or when I’m using a p2p program (azureus), or even when I do NOTHING at all (have no internet-related program open)!

I belive it happens way more frequently when there is no data exchange; when I go to any website and click reload all the time, I NEVER get disconnected. When I play poker (there’s always some data transfer) I NEVER get disconnected. But when theres some inactivity (like when I write this very post), I ALWAYS get disconnected.

I know some people have already posted disconnection problems, but it seems that these were different (they often had to restart the computer or the firewall); I haven’t found a really similar problem.

I’ve used the search function and read all the related faqs, but I can’t find any solution.
Please somebody help me.

BTW, when I turn off the firewall and activate WINDOWS firewall, the disconnection problem completely disappears, so it has to be a firewall problem.

Sorry for the longish post, I’m loooking forward to replys.

Thank you very much, ThomasBB

Make sure Norton’s thoroughly, completely, unequivocally, totally (you get the point) removed.

My first thought was that svchost.exe was blocked. But the more I read, the more I think that’s not the case.

There are frequently issues when uninstalling one firewall and installing a new one. In order to do the things they do, the FWs frequently install hooks into the system, and leave bits and pieces behind that just get in the way.

Might check for remaining NIS files/folders. Run a registry cleaner like RegSeeker, or even CCleaner (both free) to get rid of remnants; or do a manual search & destroy of Norton entries with MS Regedit. In all cases, be sure to make a backup of the registry prior to attacking it. That way if you mess up, you can recover…

I also want to say that Norton publishes a total uninstall tool. Might check their support and/or download site.


Thanks for your reply!

I’ve run RegSeeker and CCleaner, and then manually deleted Norton-suff from the registry (2 were left).

Unfortunatly the problem is not solved.
I have found some NIS entrys in the registry, but I don’t really know what that is. Should I delete them?

I wonder why the Windows-Firewall does not cause these problems. What does it do differently?
I have not blocked anything (except RealPlayerUpdate) and even manually allowed svchost.exe.

Here is a screenshot of the processes that are running, maybe this is usefull (I don’t know):

BTW, while I ate lunch for 15 minutes, the connection got broke. (this was the test).
While I wrote this post the connection didn’t brake (strangly). It’s very randomly.

Thanks again, ThomasBB

Normally NIS stands for Norton Internet Security, but I can’t confirm that in your registry. :slight_smile: Did you check Norton’s site for a complete removal tool?

After cleaning it out, you may want to uninstall and reinstall CFP (running RegSeeker in between, and reboot after).

The weird thing about it is the randomness. Makes it difficult; that’s why I’m keying in on a conflict issue, rather than a rules issue. Next is the hammer… :wink:


I have now used the Norton removal tool, uninstalled Comodo, ran RegSeeker, installed Comodo and didn’t change anything in the settings.

It doesn’t work.
I still get disconnected when I don’t do anything.

Well, is there anything left to do or do I have to use the Windows-Firewall (:SAD)

Thanks for your help, ThomasBB

Have you checked the power saving settings properties for your NIC card? Just something else you might check.

On my wired NIC on my laptop there is a setting for power saving which I can enable. Could be something to do with that.

Is there anything in the log showing as being blocked?


I’ve tried to unable this “power-saving”-thingy, but it didn’t change anything. And no, nothing gets blocked. Still, thanks for your advice.

I did some carefull observation and found the following interesting stuff:
The disconnection occurs whenever my computer does not send anything for about 4 minutes. It does not matter if or how much it receives.
I guess a simple solution would be to write a script that pings any adress (may it be google) every 2 minutes or so. This should work, but obviously is not a satisfying solution.

When I disabled comodo and ran the windows firewall I observed that there is some data exchange every minute or so, which would explain why the disconnection does not happen when running the windows firewall. I suspect that this has also been the case when running norton.

This all would mean that there’s nothing wrong with the firewalls but with my computer/connection/provider. Maybe my provider kicks me out after not sending stuff for a few minutes (which wouldn’t make much sense, btw).

What do you think?

Secondly, when I ran the test with the windows firewall I got an unhandled exception in the process svchost.exe! I’ve never seen this before, and it worries me a bit. What could that mean?

PS: I gotta take a nap now, so I will reply as soon as i get up again.

Thank you so much, ThomasBB

Are you behind a router?

Do you know if your ISP has any “keep alive” procedures for activity & IP address retention?


No router.

I have no idea about such procedures. All I know is that the provider cuts the connection after 8 connected hours to give out new IP addresses. Maybe I should contact them and ask for help.

Well, I use a smallish program now that pings google every two minutes, and since I use it, I had no disconnections any more. It works, so I guess I gotta be happy with that. Only the guys at google will wonder why I ping them so often :SMLR

Thanks for your help anyways. If any other solution occurs to you, please tell me, otherwise I gotta live with the situation.

Thanks, ThomasBB

I imagine what’s happening with your ISP is that they ping you (at the 8-hr mark) to see if you’re still there (“alive,” as it were). When there’s no response and the ping drops, the IP address is not renewed.

You may benefit from this thread,7926.msg57471.html#msg57471 where the user was having this happen, and so created some network rules to allow a ping. You’ll need to know the IP address of their DNS server(s). You can find out from your ISP, or by going to Start/Run and type “cmd”; then at the DOS prompt, type “ipconfig /all”. However, the 2nd will only give you the IP address at that moment; if it changes, you won’t have the range of IPs they may use.


BTW, your issue was why I asked Miteto my last question; I thought it might be pertinent for your situation.

OMG, this seems to work! (:CLP) (:CLP) (:CLP)

Do I understand this correctly? My ISP tries to ping me whenever I’m inactive for a few minutes, and this ping (or my answer-ping) was blocked, that’s why they kicked me.
Is that right?

I’m gonna try this setting now for a day to see if it’s not just a coincidence and then report it here.

Till then, THANK YOU! (:LOV)

BTW, my ISP seems to have only two DNS-IPs (one “main” and one “alternative”), at least that’s what it says on the homepage. Can that be?



Do I understand this correctly? My ISP tries to ping me whenever I'm inactive for a few minutes, and this ping (or my answer-ping) was blocked, that's why they kicked me.

That’s the general scenario, yes.

BTW, my ISP seems to have only two DNS-IPs (one "main" and one "alternative"), at least that's what it says on the homepage. Can that be?

Sure. In that scenario, you may want to use both in your rule(s). There are a few options.

Create separate rules for each IP address.
Create one rule, with a Range of IP addresses (provided they’re sequential).
Create a Zone (security/tasks) to encompass both IPs (really need to be sequential for that, too).

So really, unless they’re sequential, you will want to create separate, Single IP rules. Or, you could just make one rule for the main DNS; if the alternate one tries to ping and you lose the connection, just refresh using your systray Network Connections icon (provided you have it in there).

Okay, now I’m just rambling. And that’ll probably create more confusion and questions. Woops!


They are sequential, so I just use a range of IPs.
Looks good till now.


Monitor it for a couple days, and let us know how it comes out…