utorrent problem

Hi!

I’ve been using comodo for some time now and it’s a great firewall. But I can’t get utorrent to work properly.

I’ve done the rules settings in network monitor
[ALLOW TCP or UDP IN FROM IP Any TO IP Any WHERE SOURCE PORT IS Any AND DESTINATION PORT IS My Port Nr], but it doesn’t work.

The problem is, to get “port open” in utorrents port checker I have to turn off comodo (allow all), start utorrent then switch on comodo. I can’t just start utorrent because then it shows “red lights” in the port checker (and slow downloads).

Does anyone know what the problem is?
And isn’t the port open for other programs when utorrent isn’t active? Couldn’t that be a danger?

Best regards.

Robe.

Is the rule above the default block rule in network monitor?

Have you turned off UPnP and random port in uTorrent?

Have you rebooted since making the rules?

Yes, it’s as nr 0.
Have UPnP and random port turned off.
Have rebooted.

What else can it be?
Thanks for your help.

If it’s getting blocked, you should see if it’s in application monitor or network monitor. Check the log.

It’s listed in application monitor as allowed.
When I go to Activity > logs, utorrent is not mentioned.
Am I looking at the right places?

Thanks for taking time and helping out.

Yes, you are in the right place.
You can right click in the log, and export as html and attach it here or paste it in your post. Be sure that you do it while trying to use your torrent program.

Log while running utorrent.

Log Scope: Today

Date/Time :2006-12-20 15:17:11
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: xxx.xx.xxx.xx:xxxxx
Destination: xxx.xxx.x.xx:xxxx
Reason: ACK FIN RST is an invalid TCP flag combination

Date/Time :2006-12-20 15:12:41
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: xxx.xx.xxx.xx:xxxxx
Destination: xxx.xxx.x.xx:xxxx
Reason: ACK FIN RST is an invalid TCP flag combination

Date/Time :2006-12-20 15:11:36
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: xxx.xx.xxx.xx:xxxxx
Destination: xxx.xxx.x.xx:xxxx
Reason: ACK FIN RST is an invalid TCP flag combination

Date/Time :2006-12-20 15:11:31
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: xxx.xx.xxx.xx:xxxxx
Destination: xxx.xxx.x.xx:xxxx
Reason: ACK FIN RST is an invalid TCP flag combination

Date/Time :2006-12-20 14:58:37
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (mysqld-nt.exe:0.0.0.0:mysql(3306))
Application: D:\test01\xampp\mysql\bin\mysqld-nt.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP In
Destination: 0.0.0.0:mysql(3306)

Date/Time :2006-12-20 14:58:37
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (apache.exe:0.0.0.0:http(80))
Application: D:\test01\xampp\apache\bin\apache.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP In
Destination: 0.0.0.0:http(80)

Date/Time :2006-12-20 14:58:33
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (FileZillaServer.exe:127.0.0.1:14147)
Application: D:\test01\xampp\FileZillaFTP\FileZillaServer.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP In
Destination: 127.0.0.1:14147

Date/Time :2006-12-20 14:58:30
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (FileZillaServer.exe:0.0.0.0:ftp(21))
Application: D:\test01\xampp\FileZillaFTP\FileZillaServer.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: TCP In
Destination: 0.0.0.0:ftp(21)

End of The Report

Shutted down utorrent, Allowed All in comodo, started utorrent, Set comodo on Custom.
This is the log.

Date/Time :2006-12-20 16:15:02
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program\uTorrent\utorrent.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xx.xx.xxx.xx:xxxxx
Details: C:\Program\Internet Explorer\IEXPLORE.EXE has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2006-12-20 16:15:01
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program\uTorrent\utorrent.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xx.xxx.xx.xx:xxxxx
Details: C:\Program\Internet Explorer\IEXPLORE.EXE has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2006-12-20 16:15:01
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program\uTorrent\utorrent.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xx.xx.xxx.xxx:xxxxx
Details: C:\Program\Internet Explorer\IEXPLORE.EXE has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2006-12-20 16:15:01
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program\uTorrent\utorrent.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xx.xx.xx.xxx:xxxxx
Details: C:\Program\Internet Explorer\IEXPLORE.EXE has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2006-12-20 16:15:01
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program\uTorrent\utorrent.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xx.xx.xxx.xxx:xxxxx
Details: C:\Program\Internet Explorer\IEXPLORE.EXE has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2006-12-20 16:15:00
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program\uTorrent\utorrent.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xx.x.xxx.xxx:xxxxx
Details: C:\Program\Internet Explorer\IEXPLORE.EXE has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2006-12-20 16:15:00
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program\uTorrent\utorrent.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xx.xxx.xx.xx:xxxxx
Details: C:\Program\Internet Explorer\IEXPLORE.EXE has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2006-12-20 16:15:00
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (utorrent.exe)
Application: C:\Program\uTorrent\utorrent.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xx.x.xx.xx:xxxxx
Details: C:\Program\Internet Explorer\IEXPLORE.EXE has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2006-12-20 16:08:29
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: xxx.xx.xxx.xx:xxxxx
Destination: xxx.xxx.x.xx:xxxx
Reason: ACK FIN RST is an invalid TCP flag combination

Date/Time :2006-12-20 16:08:24
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: xxx.xx.xxx.xx:xxxxx
Destination: xxx.xxx.x.xx:xxxx
Reason: ACK FIN RST is an invalid TCP flag combination

Date/Time :2006-12-20 16:08:19
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: xxx.xx.xxx.xx:xxxxx
Destination: xxx.xxx.x.xx:xxxx
Reason: ACK FIN RST is an invalid TCP flag combination

Date/Time :2006-12-20 15:54:27
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Invalid Flag Combination)
Direction: TCP Incoming
Source: xxx.xx.xxx.xx:xxxxx
Destination: xxx.xxx.x.xx:xxxx
Reason: ACK FIN RST is an invalid TCP flag combination

Don’t you have a application rule for this?
Application: C:\Program\uTorrent\utorrent.exe
Parent: C:\WINDOWS\explorer.exe

If you don’t, you should have it.

One thing you could try, is delete your uTorrent Application rules.
Then go in to security/advanced/misc and uncheck “do not show alerts…”, and then raise the alert frequency slider to the top.
If you haven’t done it, check the "skip loopback…“TCP” while you are there.
Now reboot and start uTorrent. Allow and remember everything that pops up.
If it gets to many rules and/or popups, you can go in to application monitor and “generalize” the rules a bit for uTorrent.
Post back the results.

Yes, I do have application rules for that.

Tried your suggestion. But it doesn’t seem to work. Still get “Error! Port xxxxx does not appear to be open.” when doing utorrents port checker.
Got loads of rules and popups. Checked the log also and it was a lot of these:

Date/Time :2006-12-20 22:26:41
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (utorrent.exe:xx.xxx.xxx.xxx:xxxx)
Application: C:\Program\uTorrent\utorrent.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: xx.xxx.xxx.xxx:xxxx

And also lots of the same but with Protocol: UDP Out or In and TCP In

By the way what does the “Skip loopback…” do?

Some application need that to be checked. Running a server like FTP and Apache, or using Google desktop and so on…

Do you use a port that have a high number to be sure that it doesn’t conflict with another port?
Use one between lets say 40000-60000.

I don’t understand how you can get an block for uTorrent if you have an application rule for it…?

Didn’t you get popups when you tried my suggestion?

Yes, I have a high nr. on the port.

I don’t have app. rule for that specific port, only in Network Control Rules.
The application rule I have is Any on both TCP/UDP in and out.

Maybe I should specify the port there as well…?

Date/Time :2006-12-20 16:15:02 Severity :High Reporter :Application Behavior Analysis Description: Suspicious Behaviour (utorrent.exe) Application: C:\Program\uTorrent\utorrent.exe Parent: C:\WINDOWS\explorer.exe Protocol: TCP Out Destination: xx.xx.xxx.xx:xxxxx Details: C:\Program\Internet Explorer\IEXPLORE.EXE has tried to use the Parent application C:\WINDOWS\explorer.exe through OLE Automation, which can be used to hijack other applications.
if you didn't allow it, utorrent would be blocked.

Reinstall CFP maybe solve this issue, try it.

After a harddrive crash, I’ve now reinstalled comodo and utorrent. But I still get a yellw or red light in utorrent.
I’ve checked the logs and now I get Inbound policy violation (Access denied, ICMP=Port Unreachable) when I start utorrent.

What is ICMP and what has it got to do with utorrent?

To be, or not to be…
ICMP is the question…
It’s up to you, and you can just try and see if it makes a difference…
Make 3 new rules in network monitor that allow,
ICMP IN for Port and Host Unreachable.
ICMP OUT for Port unreachable.
Remember to have them ABOVE the block rule.
Restart CFP, or better reboot.
Remember to close uTorrent and all unnecessary programs.
Now only start uTorrent and see what happens.
Post the log here if it doesn’t work.

Or ICMP uTorrent Unreachable… :wink:

It’s possible in my Comodo Firewall Professional Ultra 2 Platinum Edition… :wink:

Does anyone know if this has been fixed in the 2.4 versions? It relates to ICMP Unreachable alert (there’s no NET, HOST, PORT, etc., just ICMP = Unreachable). There has to be a better method than allowing all incoming ICMP to get rid of that alert in the logs.

After the ICMP rules you want to allow if any, you can make a net mon rule that block all ICMP.