I upgraded to Win10 last weekend. During setup, I received the usual “new network” discovered and replied that I was a home user.
Now this morning when I returned to my computer after sleeping, I was surprised to see another “new network” discovered notification (see attached).
WHY did this pop-up again?
[attachment deleted by admin]
It is possible that the first discovered network was for the Automatic Private IP Addressing scheme with an IP address range of 169.254.0.1 - 169.254.255.254 you can see all defined networks that are defined in comodo by going to the network zones section under firewall settings and expanding each network zone name and noting the IP addresses.
CIS has always asked me twice about network discovery. After that, it never asks again.
I have 6 entries in the Network Zones tab0. The first is “Loopback zone”. The next 5 are “Home #1-5”.
Home #1 looks to be the router address
Home #2 has a 169.254.x.x address
Home #3 has a 10.0.0.0. address
Home #4 has a a different (from Home #2) 169.254 address
Home #5 has a 10.0.0.0. address
Why all these entries? Do I need all of them?
Do you have online printers or other wireless devices connected?
A printer but it is wired connected from the router.
Interesting I have never experienced this before but you can remove Home #2 and Home #4 as those are the Automatic Private IP Addressing I mentioned before. Also do you happen to have more than 1 network adapter that you use to connect to a network? Do you have VMWare installed or use any kind of VPN client or server software? How many adapters do you have listed under network connections?
My mobo has dual networks (Intel & Realtek) but I am only using the Intel LAN connector. I have Realtek disabled.
I don’t have VMWare or virtual machines installed. Also no VPN or separate servers.
I deleted zones 2 & 4. Now I have Zones 1, 3, & 5 left. Can I get rid of 3 now?
Don’t understand. Can you elaborate?
Automatic Private IP Addressing (APIPA) is a network client-side process used as a fallback position when DHCP services are not available on the network but the client devices are configured to use DHCP for their IP address configuration.
The APIPA service also checks regularly for the presence of a DHCP server (every five minutes, according to Microsoft). If it detects a DHCP server on the network, APIPA stops, and the DHCP server replaces the APIPA networking addresses with dynamically assigned addresses
APIPA allows the client device to randomly choose one of the 65,534 addresses available in the Class B network address of 169.254.0.0/16. After choosing an address from this range, the computer sends an ARP request to see whether another device on the network is using that address, and if it is not, the client device uses the address.
Even though the device uses this made-up address, it continues to send out DHCP Discover broadcasts to locate a DHCP server on the network as soon as the DHCP server becomes available.
While waiting for a valid DHCP-delivered address, the device that is using an APIPA address can communicate with any other device on the network that is using an APIPA address.
If two or more devices are connected to a switch and the devices are using APIPA, therefore, all of them can communicate at least with each other, but not with any other devices on the network that are using proper addresses for that network segment.
IP private 10.0.0.0.
@ZorKas - OK, seems that you are saying that sometimes DHCP gets lost and this APIPA temporarily kicks in? And that Comodo gets mixed up because of this?
Yes and comodo will prompt you to define that network for APIPA when your assigned an APIPA address.
OK, then we have a resolution. It would be nice if Comodo could put out a msg stating “lost network” or whatever, so we know what might be going on.
Is there anything I need to do on my side to stop losing the DHCP server?
Nope, nothing you really can do as that’s the nature of networking in general as you could get an APIPA address on windows login even if you’re directly connected to the network.
Woke up to see that I had received another Comodo “Join a New Network” prompt for 169.254.x.x. during the night. Whew.
Also had a Comodo screen prompt to allow access by SYSTEM to “C:\Windows\System32\LogFiles\HTTPERR\httperr1.log”. I had this same prompt yesterday and allowed it. Today, it went away before I could re-approve it. Does the contents of this log file indicate anything as to why these new network prompts are occurring?
When I look at this log file, I see the following (all new since the Win10 upgrade).
#Software: Microsoft HTTP API 2.0
#Version: 1.0
#Date: 2016-07-24 18:42:29
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri streamid sc-status s-siteid s-reason s-queuename
2016-07-24 18:42:29 192.168.0.1 1 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/rdggzdkyuq - - - Connection_Abandoned_By_ReqQueue -
#Software: Microsoft HTTP API 2.0
#Version: 1.0
#Date: 2016-07-25 12:29:20
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri streamid sc-status s-siteid s-reason s-queuename
2016-07-25 12:29:20 192.168.0.1 6 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/xymtfewsoo - - - Connection_Abandoned_By_ReqQueue -
2016-07-25 16:41:16 192.168.0.1 18 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/mkhkujnwtj - - - Connection_Abandoned_By_ReqQueue -
#Software: Microsoft HTTP API 2.0
#Version: 1.0
#Date: 2016-07-27 09:59:16
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri streamid sc-status s-siteid s-reason s-queuename
2016-07-27 09:59:06 192.168.0.1 93 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/epnxyghcou - - - Connection_Abandoned_By_ReqQueue -
2016-07-28 03:40:08 192.168.0.1 102 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/apyynjetvc - - - Connection_Abandoned_By_ReqQueue -
#Software: Microsoft HTTP API 2.0
#Version: 1.0
#Date: 2016-07-28 16:31:57
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri streamid sc-status s-siteid s-reason s-queuename
2016-07-28 16:31:57 192.168.0.1 120 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/xtproxxcmx - - - Connection_Abandoned_By_ReqQueue -
2016-07-29 09:29:08 192.168.0.1 133 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/xhheoklbeq - - - Connection_Abandoned_By_ReqQueue -
#Software: Microsoft HTTP API 2.0
#Version: 1.0
#Date: 2016-07-30 03:26:14
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri streamid sc-status s-siteid s-reason s-queuename
2016-07-30 03:26:14 192.168.0.1 160 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/jsfkhacptv - - - Connection_Abandoned_By_ReqQueue -
2016-07-30 06:09:33 192.168.0.1 4 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/eqxcabmhgg - - - Connection_Abandoned_By_ReqQueue -
2016-07-30 17:14:15 192.168.0.1 7 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/fslyrurepy - - - Connection_Abandoned_By_ReqQueue -
2016-07-30 22:55:48 192.168.0.1 10 192.168.0.102 2869 HTTP/1.1 NOTIFY /upnp/eventing/mcimetklxn - - - Connection_Abandoned_By_ReqQueue -
2016-07-31 04:37:04 192.168.0.1 16 192.168.0.104 2869 HTTP/1.1 NOTIFY /upnp/eventing/zfllfzfclr - - - Connection_Abandoned_By_ReqQueue -
Any time exceeded connection
Network configuration problem (hardware / software)
I did not have these problems until switching to Win10. I did a straight upgrade and made no changes.
Might this be something that Comodo needs to change for Win10 users? Or a Win10 problem? Or something I need to look into and change?
Any ideas for me (please be specific)?
Can you check the router logs to see if there are clues there? Can you also see if there are newer drives for your network adapter?
When this happens is your computer going into sleep or hibernate mode?
Since you’re using a stationary computer hooked up by wire you can also consider to let CIS stop detecting new networks.