What on earth?!

About 10 minutes ago, I was playing the new Ghost Recon game online and found it to be very choppy - usually it runs perfectly. Exiting the game and looking at process explorer, I found "System" to be taking up 50% of CPU time... through trial and error I found the culprit to be Comodo Firewall - which had logged over 100 "Blocked by protocol analysis" events from a single IP. This is annoying in itself, but when it continues after my network adapter is disabled, something is not right...

Can anyone shed some light on this situation? I think its just a buggy firewall, so can anyone recommend another free firewall? PCTools and ZA free didnt really float my boat, so are there any other good firewalls about?

These events have really confused me... Help the firewall n00b please

EDIT: In depth scan from NOD came up clean, as did SAS and Spybot... *is even more confused*

 

Cheers for the link, it does certainly look like a comodo bug, but I wanted to get another opinion before I went and posted on the Comodo forums.

 

Hi The_Duality.

Yeah, you could also disable "protocol analysis" (as suggested by panic, Comodo mod). Your protection level would be insignificantlly crippled, as this is basically for DoS attacks. Very unlikely to happen on a home system. But I don't find this to be a viable solution. These CPU issues with Comodo are really starting to annoy me. Whatever it blocks/filters, a well written firewall code should not do this to a CPU! And the official solution (from the official forums) is to turn of a feature in a software? Very professional...

Regarding the second part of your post, you could try Jetico v1. It is free and has it's downsides like every app, but it's overall an excellent firewall. If this is too "intrusive", you could very well use Windows firewall for inbound and a free HIPS with network filtering, like DSA or ProSecurity free, for outbound. A "light" setup...

Cheers.

 

Ghost firewall is good too.

 

Seer, Panic is a forum moderator. Even though he understands CPF like few others, he is not a developer, nor a Comodo employee.
There's nothing unprofessional about it.

Edit: The Duality, probably won't help much about the spikes, but you should do as Toggie says in that thread and show the logs you're refering to, otherwise no one has a chance to help, even if they can.

 

Hello Pedro.

You & me on a Comodo CPU issue again, huh?

Well, my point of view is that he is an official there. He should at least clearly state that it's an error in software and that the developer is working (or not) on it. It's like this - I just bought a brand new bicycle, and found out that my rear brakes are not working properly. I then call a service, and their suggestion is to disregard this, disable the rear brakes completely and rely on front ones exclusively... Well, that's not what I want, I want my money's worth. So, even if Comodo's free, this kind of "workarounds" are not acceptable (by me anyway). I may even need a DoS protection.

Cheers.

 

Cheers for all your replies. I have to agree with you, Seer. Even though I may not require DoS protection, I should not have to disable it because the firewall isn't coded well enough to handle it smoothly! What good is DoS protection when the use of it is a denial of service in itself! If i did not have a Core2, my machine would have been unusable. Thats unacceptable to me.

This wasn't even a spike. It was consistant CPU blockage, so much so that I heard my CPU fan rev up! I never hear my fan rev up. Plus the fact it was using CPU and reporting these blocked packets - WITH NO NETWORK CONNECTION. Riiiiiight... Im sorry Comodo, but that is really bad.

I'm currently trialling Sunbelt/Kerio firewall, as the free edition which works after 30 days isn't too bad at all.

I shall attach the log here, for your perusal. 10.0.0.26 is my IP on my home LAN. 10.0.0.25 is the router. It is a HTML file, so I shall have to rename it to upload it here. Just download and rename it back to .html

Thanks everyone.

 

Why don't you try Eset Smart Security and "merge" NOD32 and Comodo .
You probably know that ESS is stable and generally causes less problems (nothing special to me) . You can see how is Eset's firewall working for you
http://www.eset.eu/sk/eset-smart-security-public-beta-1

 

Hello,
The solution to your problems is called Sygate.
Mrk

 

I agree with Mrk I have used Sygate for years. The only thing bad about Sygate is that it is no longer sold or supported. Sure hated to see Symantic take it over.

 

Duality, note that i don't have a clue on how to read logs
But those "Blocked by Protocol Analysis (Fake or Malformed UDP Packet)" are all related to one IP, 121.94.60.9 . Maybe the packets were coming at a rate the firewall couldn't process efficiently, for whatever reason. So it kept logging even though you were disconnected.

Either way, that version is discontinued, so the problem isn't going away. You did the right thing by going for another firewall.

Mrk: you don't miss a chance

Seer: i don't judge anyone who tries to help other users daily on his free time. I think Panic gave the answer he thought of, nothing else to say. Also, i bet Panic is waiting for a reply from the OP, to see if that solves the problem (isolating the issue).

 

@HiTech - I had tried the ESS beta a couple of times, and the interface didnt really appeal to me at the time. The only other thing that worries me is that I have heard reports the ESS has quarantined files with no record of them in the logs, and nothing in the quarantine folder... I need to have full control. However, I shall discuss that with you elsewhere. PM me if you get a chance?

@Mrkvonic and John - Downloaded Sygate now and I shall give it a whirl

@Pedro - Maybe that is the case... I guess I shall never know now that I have a new firewall to play with

Kerio/Sunbelt is working well for me so far, but as I said, I shall give Sygate a little whirl now.

Thanks a lot for your replies and opinons

 

Hello,
Tell us how it goes...
Mrk

 

Well, I definately prefer sunbelt/kerio to Sygate, no other reason than personal preference really. Although I do find it not as intuitive and user friendly as Comodo's interface. I guess I just used Comodo for too long.

 

Hello,
Testing a firewall takes more than 3 hours. Try it for a week, throw all games at it, do some heavy p2p, see the real edge then.
Mrk