hope someone can help me with this problem…
i can not browse the Internet while i have a firewall turned on
i had been running Sygate Firewall Pro for about 12 months, but for about the last week or so haven’t been able to browse the Internet while the firewall is turned on… i have uninstalled Sygate, run reg clean up programs, run a full AVG scan and also a Trent micro online scan…
thought id try Comodo firewall as iv read good reviews
but the bad news is, i still can not browse while Comodo is turned on ??? if i allow all traffic all is fine, but i need a working firewall running…
this problem is driving me nuts, so any help would be much appreciated… 88)
Try rebooting to see if that clears up your problem.
I’m betting that this log entry (your second post) is a part of the problem:
Date/Time :2007-02-13 04:27:20
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: 203.x.x.x::dns(53)
Details: C:\Program Files\Mozilla Firefox\firefox.exe has loaded C:\Documents and Settings\name removed\My Documents\= PROGRAMS =\Internet Download Manager\Internet Download Manager 5.03\Patch\idmmkb.dll into C:\Program Files\Mozilla Firefox\firefox.exe using a global hook which could be used by keyloggers to steal private information.
Any time you get one of the Application Behavior Analysis popups, if you know the applications in question, it is considered safe to Allow (without remember). If you Deny, you will lose your connection - CFP presumes that your security is compromised, and will block the application(s) in question. Generally a reboot will clear that up (provided you didn't select "Remember").
Reason is, a lot of “safe” activities by known programs resemble “unsafe” activities by malware (ie, trojan, keylogger, etc). CFP doesn’t distinguish between them; so it’s up to the user… If you Allow (without remember) it’s only for that instance. If you Deny, your internet connection is blocked for the target application (in this case, Firefox). Sometimes closing and reopening the application will resolve it; a reboot always will.
There may be other issues as well, but we’ll start with that. Hopefully it’s nothing more than that and you’re all set.
I just re-read your first post, and realized I’d overlooked the fact that this happened prior to CFP. Here’s a question for you, regarding the time this started.
Did you have ANY changes to your system at that time?
Windows Updates
Driver Updates (for modem, video card, sound card, etc)
Software Installations/Updates
Hardware Changes/Upgrades
What’s weird to me from your logs is that CFP is blocking (what seems to me to be) a lot of inbound traffic, from varying IP addresses. I’m on a LAN at work, and I don’t have that much inbound traffic (and if I did, it would be from similar IPs).
Now that you’ve removed the download manager, I presume from your post that you’re still having the issue?
i have a backup hard drive that i keep unplugged that just has my operating system and a few other basic programs that i use Only for ghosting if i need a format… the hd never gets updated…
now the strange thing is >> i thought a format is my next option
so have just carried it out (ghosted my old backup hd) the only thing iv added is Comodo firewall, firefox 2 and AVG pro which i had saved on cd, and damnnnnnn WTF still the same problem …
could it maybe a isp or modem problem
i am realy lost with this problem now … and could sure do with some idea’s to try next…
somthing i forgot to add…
i can open both my browsers FF and IE with Comodo on,
they will both open up google search page fine, they will even search… but anything it finds in the search will Not open…
Have you had any Windows Updates, or updates to your drivers (video, etc)?
In CFP, will you open Network Monitor to full screen, capture a screenshot, save the image as a jpeg, and attach it to your post under Additional Options. Then do the same thing for your Application Monitor.
my original drive i cloned diden’t have Sygate or any other 3rd party firewalls, i cant realy remember if i first put it on the drive and removed it 6 months ago.
AVG has no Webshield that i’m aware of
cloned drive shouldnt have had any updates on it in 6 months
hope these screen are ok… your help is much appreciated
I don’t see any problems with your rules; not something that would explain this.
One other thing to check, let’s see if we can “force” the issue…
Go to Security/Advanced/Miscellaneous. Uncheck the box, “do not show alerts for applications certified by Comodo.” Move the Alert Frequency slider to High. OK. Reboot.
When you log back in after reboot, you’ll get a lot of popups about stuff you may not have seen before. The primary thing you need is to allow (with “Remember”):
svchost.exe (this is needed to update your IP address, etc, for connectivity)
You may also see an alert that your browser is trying to “act as a server.” This is safe to allow.
Then when you’re browsing, let’s see if you get some popups.
Oh, and two other things that I just thought of ~ do you have your Component Monitor to “On” or “Learning” ? In Security/Tasks/Miscellaneous, is the box “Enable Alerts” checked?
a complete format with a fresh OS install, nothing else installed besides my OS, Firefox, modem and Comodo… and grrrrr still the same problem ???
another format
everything installed… thought id try Zone alarm Pro this time >>>> everything worked fine, although i don’t like Zone alarm as it slows down my PC, so i uninstalled Zone alarm and tried Kerio (trial) again everything worked perfect… ;D
that was last week
so thought i would try Comodo one last time, and guess what :-[ :-[ :-[ could not browse again >:(
iv just read in another thread about disabling the feature Do Protocol Analysis in CFP so i tried this and Comodo now seems to be working fine and allowing me to browse ;D ;D ;D ;D ;D ;D
now my question is
is it ok to to leave Protocol Analysis disabled??? is my computer protected??
I do see a problem with your rules, but it’s about something else. I would never allow any AppMon rules for incoming connections to IE and FF. If you don’t run a proxy server, skip the tcp loopback checks (Security>Advanced>Misc>Config>…)
Your computer is still protected with Protocol Analysis disabled. It’s just a more rigid security feature. Quote from the help file: Protocol Analysis is key to the detection of fake packets used in denial of service attacks. Checking this option means Comodo Firewall Pro checks every packet conforms to that protocols standards. If not, then the packets are blocked
