I am connected to a Netgear router and there is a wireless access point connected to one of its ports (for my wife downstairs). She previously had Sygate, but due to the much publicised loopback vulnerability with Proxomotron, I uninstalled it today (thoroughly !) and put her on Comodo (default settings with scanning for known apps.).
Everything on the ADSL wireless side is fine. However we also have dial up (occasional use when ADSL is down or want to send a fax). Mine works fine with Comodo (and NOD32) but her Comodo throws up a large number of log entries, mainly for inbound policy violations:
IP xxxx (ours) and port Ms-ds 445 (the remote procedure locator which is disabled in services).
Then after a short while Norton AV pops up a worm attack warning:
Intrusion - Portscan
Intruder - 196. xxx.xx domain(53) … our dns server.
Protocol - UDP
Attacked - our IP ?
Nothing like this with Sygate.
Will have another look, but any idea why her wireless is fine, and these problems are only when switching to dial up ?
Regards.
EDIT: I think it is Norton as I have the same large logs when using dial up, with the exception that there are no warnings from NOD32. Nav blocks access for 30 minutes.
On dial up the inbound/outbound access violations are all for ports 135,137,445, and UDP port scans as shown above. Why only on dial up ? Ports 135,137,445 are all closed !
Very similar post here - also NAV’s worm protection:-
To make sure it isn’t Comodo can you go ahead and disable it and see if she can access the internet, once you check and see if she can or still can’t go ahead and enable it again. If she can access internet it is a Comodo issue and we will need to figure out a way to resolve this issue, if she still cannot access the internet it is Norton.
Thanks for reply. Please note there is no connection problem, internet access is fine on dial-up. The problem is that Norton AV worm protection kicks in as described before, and blocks internet access for 30 minutes.
As NAV subscription expires in two weeks, I will try NOD32 and see what happens, or do you have another idea ?
The large number of log entries is obviously due to bypassing the router when using dial-up.
BTW. Shields up and leaktest all fine on dial-up.
PS. We are not sharing, ie. no network configured or present.
WOW… I’m beginning to feel not OK, myself now.
Comodo Services sent me to a file that would work with my ME Os. Well, it downloaded lovely, but like the former version I immediately got a message telling me that the Application has requested the Runtime to terminate it in an unusual way!!!.. makes my imagination soar… hahaha.
So to date, I’ve downloaded COMODO 4 times, and constantly get that message when I double-click on the file to open and install it. At first I thought it might be a bad link… but, several… nope! So, it must be something my computer OS is doing, but I have no idea what that might be.
ANYONE… any ideas to solve my problem? I really am looking forward to having COMODO as my firewall.
Yes, it is Norton AV. After installing NOD32 there were no problems with dial-up.
BTW. it was a ■■■■■■ uninstalling Norton AV. Their uninstaller is no good and left close on 250 redundant registry entries.
Very difficult to clean everything without doing a repair install afterwards. Thank God for NOD ! (works nicely with Comodo).
