Windows Remote Desktop not working

Hi, i recently installed comodo and all seems to be going ok apart from using windows remote desktop to access my office machine. if the firewall is disabled i can connect without a problem and even if i then re-enable the firewall it still works fine (but does randomly seem to lock the remote access session at some point). I’ve given mstsc.exe what i think are full access rights (skip parent, allow all activities, etc) but it still prevents a session from properly starting once launched. can anyone help?

You need to add a network monitor rule for RDP to make it operational. Please follow the topic below
https://forums.comodo.com/index.php/topic,374.msg2265.html

Hi,
I’m having similar issues with Remote Desktop Connection. I’ve looked at the message thread that you suggested and have several questions.

  1. Am I to substitute mstsc.exe for WinVNC.exe and 3389 for the port numbers in the thread?

  2. Are these rules to be added to the host or remote computer?

  3. The comment was made to leave the Windows Firewall active. I thought it wasn’t a good idea to have more than 1 software firewall running on a single computer. If the Windows Firewall is left active, does it have to be modified in any way?

Thanks in advance for your help…

Clem

Hi i’m still having trouble with this and as i use remote dialup everyday for my job it’s getting to be a drag. i’ve followed the previously linked threads and created the specified network monitor rule and i’ve also created an application monitor that allows all for the app (C:\WINDOWS\system32\msiexec.exe) and skip the advanced security checks yet i still cannot use remote desktop. can anyone help with any other possible ideas to get this working? it just seems strange that a commonly used part of windows seems to be blocked from use with a firewall with common sense rules created.

anyone? support?

Could you describe your settings under the “Network monitor”? It will help to understand where the problem is :wink:

hi, i have three rules in there,

ID: 0
Action: Allow
Protocol: TCP or UDP
Direction: In/Out
Source IP : Any
Remote IP: Any
Source Port: Any
Remote Port: A set of Ports: 5500,5800,5900,5901,443

That is the one i created after reading the other threads. The other two were in there by default i think. The rule in the application monitor is:

Application: C:\WINDOWS\system32\msiexec.exe /Skip Parent
Allow All Activities for this Application
Skip Advanced Security Checks

I’m on XP SP2 with windows firewall disabled and when i use remote desktop i do the following:

  • connect via windows vpn connection (windows firewall disabled
  • launch the remote desktop session
  • the session seems to connect but where the remote desktop normally appears there is only my normal desktop
  • i can disable the firewall and then connect and then enable the firewall and it works but normally only for around 20 minutes if i’m switching between the home desktop and the remote desktop alot

thanks loads for any help you can offer with this

Are you behind a router? If yes, do you have defined your trusted zone?

nope, not behind a router, just a normal usb broadband modem

Try to disable secure the “host will booting” and “monitor dns queries”, and reboot.

still doesn’t work with those options disabled

Try the latest beta and see if it works

is the latest 2.3.1.20?

Can you please activate “Create an alert when this rule is fired” option for all BLOCK network rules you have and paste your firewall logs so that we can see what is going on.

Egemen

Yep. available at
https://forums.comodo.com/index.php/topic,1047.0.html

After installing the beta all my rules have been reset so i haven’t included the special network monitor rule as suggested earlier in this thread. the log is as follows:

Comodo Personal Firewall Logs

Date Created: 17:16:52 17-07-2006

Log Scope: Today

Date/Time :2006-07-17 17:16:41
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 222.18.184.144:24087
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:16:41
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (msnmsgr.exe)
Application: C:\Program Files\MSN Messenger\msnmsgr.exe
Parent:
Protocol: TCP Out
Remote: 207.46.27.68:1863
Details: C:\Program Files\Messenger\msmsgs.exe has tried to use C:\Program Files\MSN Messenger\msnmsgr.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2006-07-17 17:16:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 84.133.97.166:63986
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:16:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 200.88.84.117:60640
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:16:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 222.18.184.144:24087
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:16:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 222.187.181.200:7744
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:15:56
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 24.132.53.204
Remote: 62.56.87.161
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:15:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 221.195.151.182:15468
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:15:51
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 24.132.53.204
Remote: 62.56.87.161
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:15:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 222.187.181.200:7744
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:15:46
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 86.203.173.18:40000
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:15:46
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 61.216.189.225:21702
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:15:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 222.216.233.76:21113
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:14:56
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 202.158.190.15:13321
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:14:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 60.177.74.114:16979
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:14:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 71.194.140.183:32917
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:14:41
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 222.67.140.199:13333
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:14:41
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = nbsess(139))
Protocol: TCP Incoming
Source: 62.56.110.194:1697
Remote: 62.56.87.161:nbsess(139)
TCP Flags: SYN
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:14:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = nbsess(139))
Protocol: TCP Incoming
Source: 62.56.110.194:1697
Remote: 62.56.87.161:nbsess(139)
TCP Flags: SYN
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:14:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 87.97.98.223:32459
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:14:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 222.18.184.144:24087
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:14:11
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 222.18.184.144:24087
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:56
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 60.177.194.3:26588
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 88.15.199.31:15757
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:46
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 1026)
Protocol: UDP Incoming
Source: 204.16.208.60:54626
Remote: 62.56.87.161:1026
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:46
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 1027)
Protocol: UDP Incoming
Source: 204.16.208.60:54627
Remote: 62.56.87.161:1027
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 221.223.145.220:1100
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:26
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 219.78.44.62:10518
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:21
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 85.75.238.252:13147
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:21
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 5446)
Protocol: UDP Incoming
Source: 217.207.37.82:51666
Remote: 62.56.87.161:5446
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 5446)
Protocol: UDP Incoming
Source: 217.207.37.82:51666
Remote: 62.56.87.161:5446
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:11
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 5446)
Protocol: UDP Incoming
Source: 217.207.37.82:51666
Remote: 62.56.87.161:5446
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 60.177.151.248:27635
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:13:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 86.106.210.180:18712
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:12:56
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 24.132.53.204
Remote: 62.56.87.161
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:12:51
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 24.132.53.204
Remote: 62.56.87.161
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:12:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 125.229.0.9:22312
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:12:41
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 72.134.239.179:62526
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:12:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 85.226.130.189:9138
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:12:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 5446)
Protocol: UDP Incoming
Source: 217.207.37.82:5520
Remote: 62.56.87.161:5446
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:12:26
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: UDP Incoming
Source: 60.50.37.241:10654
Remote: 62.56.87.161:11006
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:12:26
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 5446)
Protocol: UDP Incoming
Source: 217.207.37.82:5520
Remote: 62.56.87.161:5446
Reason: Network Control Rule ID = 3

Date/Time :2006-07-17 17:12:21
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 62.56.87.161, Port = 11006)
Protocol: TCP Incoming
Source: 201.235.119.192:4628
Remote: 62.56.87.161:11006
TCP Flags: SYN
Reason: Network Control Rule ID = 3

…edited to fit post limit

Ok. I am not sure whether or not the IP addresses which are trying to connect the host “UDP IN 62.56.87.161:11006” are your windows RDP client hosts. If they are so, it seems you need to add port 11006 to your port list in the rule you posted before:

ID: 0 Action: Allow Protocol: TCP or UDP Direction: In/Out Source IP : Any Remote IP: Any Source Port: Any Remote Port: A set of Ports: 5500,5800,5900,5901,443

Trial and error would help you if you watch the logs for what CPF is blocking. Please let us know when you find the correct configuration so that we can post it in our FAQ section as well.

Thanks,
Egemen

hi, i added the rule again and this time i closed all other software (like skype, bitlord, outlook, etc) and the vpn connection and the remote desktop connection. when i checked the log ports 11006 and 15700 were still coming up as inbound violations so i think they may be attacks. when the remote desktop app is listed in the programs accessing the internet it lists the ports it uses as 3389 - 3869…i created a rule to allow the app full unrestricted access and it still doesn’t work. i’m at a complete loss now.

also if i now clear the log and connect nothing appears in the log, so it seems to not be triggering that network rule to write a log entry somehow

Could you try this rule?

Action: Allow
Protocol: UDP
Direction: In
Source IP : Any (or your computer IP)
Remote IP: Any (or the IP of the remote computer)
Source Port: Any
Remote Port:3389

also check these links for more information
http://www.microsoft.com/windowsxp/using/mobility/rdfaq.mspx
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rmassist.mspx
http://windowshelp.microsoft.com/Windows/en-US/Help/f55326fa-e629-423b-abba-b30f76cc61e61033.mspx

ps. give it a try and tell us if it worked