I have a webservice that are obviously getting blocked by Comodo but there is no indication of this other than if I turn Comodo off, everything works. I have been unable to find any reference to what Comodo is finding as a security problem with my webservice. Help is appreciated.
Hi Goon, welcome to the forums.
If you can just confirm a couple of things for me… Which Webrserver are running? There is nothing in CFPs Log (Activity tab)? When you say “turn Comodo off”, do you mean setting CFPs Security Level to “Allow All” or something else? Thanks.
Hello,
I’m running IIS. Correct, nothing at all in the CFPs Log. Yes, setting security level to “Allow All” and the webservice works as expected. Thanks!
Another problem I’m getting. When I kick off the client java applet that accesses the webservice, I get the expected Comodo dialog “javaw.exe is trying to connect to the internet…” I hit “Allow” however, Comodo still blocks it and the Log shows:
High Application Monitor Suspicious Behavior (javaw.exe) …
Hi Goon.
Would you provide a little more detail please. I appreciate your running IIS, but how are you trying to connect and with what. Is it a webpage, ftp… Are you using standard ports, etc.
Do you have CFP logging fully turned on, i.e. capturing details from all logs (go to the log page, right click on the log window, from the context menu select ‘Log Events From’ and make sure all are ticked.
Toggie
Connect to it using a browser to test. e.g. http://localhost/myrserver/myserver.asmx
Yes all log events are checked.
Seems that I’m getting inconsistent behavior. I shutdown/restarted everything and this time I received a dialog “inetinfo.exe is trying to connect to the internet…” so I hit “Allow”. Still fails and the log shows this:
High Application Behavior Analysis Suspicious Behavior (inetinfo.exe) …
Pretty much just like it does with javaw.exe. I’m saying Allow but it still blocks.
Would you post your Network and Application monitor rules as screen shots. Also you log entries for the problem connections.
Toggie
To allow other users access to your server on your PC you would have to allow them in to whatever you are serving. I noticed that you only have the default rules in the Network Monitor list.
If you are serving a web page then you would need to allow port 80 in.
If they have to log in then you would need to allow port 443 in.
If it is an FTP server then you would have to allow at least port 21 in and maybe a rule for port 20.
Noticed Toggie wasn’t on so thought I would interject this and try to help out here. Don’t want to step on Toggie helping you.
jasper
The Zone “LAN” allows any ip on my lan IN to any port. All users are local to the lan and in this case, the client browser is on the same machine as the server.
I installed IIS on my machine(XP Pro SP2) cause it has been awhile since I have used it. Wanted to see what you are seeing. I then set up a web page using notepad, stuck it in the \inetpub\wwwroot folder, set the Intranet settings in IE7, typed my IP address in 2 different browsers and an alert popped up about “inetinfo.exe” on the first time I accessed the page. I then allowed it and checked the box to remember and it worked ok. I brought the page up numerous times, just to be sure, in both browsers (IE7 and Firefox) without any trouble. I then tried “localhost” and “127.0.0.1” and they both brought up my web page. I then added a new folder named “myserver” and got the same directory structure as you and was able to access the page using all 3 of the above ways.
I noticed that the firewall application monitor didn’t list “inetinfo.exe” at all, even though I approved it and said to remember it. I checked all of the browser entries to see if maybe it listed it under one of those and it didn’t. It did however put an alert in the log.
I did everything you did, except the java part and it worked. Maybe the firewall didn’t install correctly and you need to uninstall and reinstall it again.
jasper
Perhaps “inetinfo.exe” is listed under the Components because it is not directly called by the user?
I checked in the Component Monitor section and it’s not listed there either, but I went back to the log entry and the parent is services.exe and it loads 32 dll files that are listed in Component Monitor, Kail. Inetinfo.exe sets in the sytem32\inetsrv\ folder on my machine.
You can delete one of the dll files in Component Monitor that it loaded (iisadmin.dll) and the firewall will pop up the inetinfo.exe alert again for approval. At least you can do that and see if it will load again Goon.
Also, what OS are you running IIS on Goon?
jasper
I tried removing all components from the Component Monitor, that’s when I did get the inetinfo.exe popup but Comodo still blocked it as “suspicious” as shown in my screenie of the log. I’m running Win2k. I just tried a simpler test, instead of trying to access my webservice, I tried http://localhost/localstart.asp which is a “welcome” page installed by IIS. I got the inetinfo.exe popup again, hit Allow, it still gets blocked as suspicious and shows up in the log.
So you are using IIS5?
Ok, I’m just gonna throw out some things to see if you can get in then maybe that will help pinpoint exactly where the problem is.
Maybe use “default.asp or default.htm” to see if those bring anything up.
Copy and paste this url “http://localhost/iisHelp/iis/misc/default.asp” into a browser to see if it brings anything up.
Have you changed any settings from the default installation settings?
jasper
Here is the location of the log file for IIS:
C:\WINDOWS\system32\LogFiles\W3SVC1
Maybe it will show you something there.
Boy, I’m running out of ideas here. Anyone else that has any ideas please feel free to jump in here.
jasper
Trying default.asp yields the same results. Fails with Comodo security set to Custom, works fine with Comodo security set to Allow All. No additional info in the logs, no popups. I’ll try the reinstall now…
Grrrr, reinstall did not change a thing. Exact same behavior.
OK, I have no hair left!!!
Have you tried using your IP address instead of localhost?
I have seen some problems with 2K on here but never paid any attention as to what those problems were and if they got resolved or not.
I don’t have 2K anymore or I would install it to see what I get.
You might have to put a support ticket in and let the dev guys look at this to see if they can dig deeper than us. Also the new firewall should be out in a week or so and that may fix the problem you are having.
jasper
Hi Goon.
Just some thoughts. I have set CFP ‘Alert Frequency’ (Advanced/Misc/Alert Frequency) to Very High. Installed IIS (XP/SP2) and received numerous prompts for inetinfo.exe.
I haven’t created any additional rules in Network Monitor but my Application Monitor rules now include six additional rules for inetinfo.exe.
inetinfo.exe 0.0.0.0 80 TCP In Allow
inetinfo.exe 0.0.0.0 443 TCP In Allow
inetinfo.exe 0.0.0.0 25 TCP In Allow
inetinfo.exe 127.0.0.1 1024 - 4999 UDP OUT Allow (modified by me - port range)
inetinfo.exe 0.0.0.0 1024 - 4999 TCP In Allow (modified by me - port range)
inetinfo.exe 127.0.0.1 1024 - 4999 TCP Out Allow (Modified by me - port range)
These rules allow me to connect and perform administrative tasks.
Try setting the Alert Frequency to VH, connect to IIS, Allow and Remember. Then modify the rules. You will probably want to place these rules into the home zone, unless you need access to IIS from the Internet.
Toggie
I’m baffled like Jasper… this morning everything is working as expected! I made no changes to anything, it just automagically started working.
Maybe forcing the reloading of “inetinfo.exe” and all of the dll’s again let it see all of the appropriate info that it didn’t see on the first time.
Good to hear you got it working.
jasper