Advice on port 137 please

I am just trying out the latest version of Comodo and am unable to activate it. Having eliminated my other layers of protection I discovered that it is being blocked in my firewall by a rule I created that blocks port 137.

I have always read that that range of ports should be closed off, and if that is the case why is Comodo using that port to activate itself.

 

Hi David,
Port 137 is used for netbios,..Comodo does not use this port for activation,(well I have never seen this).... are you behind a router?

This rule is in Comodo? or do you have another firewall installed/running?

 

Thanks Stem

Yes I am behind a router. Looking at the log at the time I tried to activate I see this

"Thu, 2006-06-22 21:59:18 - UDP Packet - Source:65.173.142.166,3381 Destination:xxx.175.xxx.xxx,137 - [Block_135- rule match]"

The last address being mine. Maybe I am barking up the wrong tree but this is the only reason I can see that it is being blocked.

The rule is one that I inserted that covers several ports around that region.

 

Hi David,
65.173.142.166 shows as "cable 7-166.Maysvilleky.net" is this your ISP (internet service Provider)?
Have you another firewall installed?, This would cause problems.

 

Hi Stem

No not my ISP. I am in the UK and starts in the 80 range. I did have Kerio installed but went through the registry after uninstalling in with RegSeeker and deleted all Kerio entries. Not having problems with any other program. For instance BOClean updates without problem, likewise my clock updater.

 

Hi David,
Very strange,... I have to go out for a couple of hours (work), but when I get back, I will install the latest Comodo (and run a network monitor) to see what is going on (to see if I have the same problem).

 

Hi David,
Sorry for the delay,...
I installed Comodo, and activated:-
There was a DNS query for "secure.comodo.net". The connections where (only) to 195.92.253.137:HTTPS.

 

Thanks Stem

Don't worry about the delay - life gets in the way at times <g>

It is reassuring that it is a benign connection.

I have been trying it again this morning and now feel that that log entry was a red herring, since when I tried there was no log entry made yet it still refuses to connect, and there are none in Comodo either. Will have to do some more searching around on this m/c

 

Hi David,
The only thing that comes to mind is the possibility of the HTTPS connection being blocked. Have you set any rules that may block HTTPS (outbound TCP connection to remote port 443)

 

Hi Stem

I have tried https on two other browsers and no problems.

Set up a rule in Comodo to fire if port 443 was used and nothing happened when I tried activation. Maybe I will try installing it again.

 

I have reinstalled Comodo and it makes no difference.

Tried it on my other computer and that activates without problem, so that rules out the router being a problem.

Thought then I shut down each program and sys tray icon trying after each. When those ran out I ran Process Explorer and shut down the rest until I just had Comodo and Win components left. Still no effect.

I am at a bit of a loss - even had a look in the BIOS but cannot see anything there that might affect it.

 

Have you tried, DMZ the problem PC while activating (to see if the router is, for some reason blocking the outbound)

 

Sorry - can you explain that at bit more please.

Both computers are connected to the same router so surely it will not treat them differently. I did not put in any m/c specific rules into the router.

 

DMZ (demilitarize the problem PC IP, there will be an option to do this in the router, this will disable the router firewall for that PC, so make sure to change the settings back when tested) Once you have DMZ the PC, try to activate Comodo

Each PC as its own IP, if the router bios/rules have somehow become corrupted, this can cause problems (you can also try connecting the problem PC to a different port in the router and/or change the problem PC IP (is this a fixed or DHCP?)

 

I had already changed the connection. Have now tried changing the address (use fixed addresses), and also tried the DMZ, all of which has no effect.

The only thing that I can now think of is that there is something buried in the registry that is blocking it. I do keep a basis drive image of 2k that is my fall back in case Win gets too corrupted. Saves having to go through the install hassle. Even so there is still a lot of work to get it back to where I am, but looks like I should just try it to see what happens.

 

Hi David,
There is the possibility that the installer is corrupt, have you tried to re-download/re-install the ISScript installer? (if you have had previous versions of Comodo installed, then the old installer would of been left on your system, and may of become corrupt)

 

Thanks

I Did do a fresh d/l and that made no difference.

My roll back to a Win partition of last year was of no use. Either whatever was causing it was already installed or there is a problem with my particular m/c.

I think I have now given enough time to it and have gone back to Kerio. At least that works without problems. I will wait and see how Comodo develops.

I do appreciate all the time you have given. I have learnt a bit more so all has not been in vein.

 

Hi David,
Its a pity we could not resolve this,.. I would of liked to of found out what was causing this.
Comodo has a beta version out, have you tried that? (I know they where going to (dont know if they have) change the installer which may help?)

 

I think it is the same version but with their installer. As I understand the installation with me is not a problem, it is just the communication afterwards with their server - but I could be wrong.

Edit - just read that it is a bit different

If you think it worthwhile I will try again. Is there any monitoring s/w I can use whilst it is trying to connect?

After a new install there is a delay whilst it tries to connect, ie the graphics work for a few seconds, but a retry will bring an instant denial. There is nothing interferring with the connection outside my router as has been proved by my other m/c. Incidentally my the pop ups are driving my Wife mad as she does not understand them and it does not seem to learn, so will have to take it off hers.

 

Hi David,
If you dont mind, yes, please try again to see if we can find the problem.
There are 2 monitors (there are of course others) that I use the most:-
Port Explorer
Packet Analyzer
I have full versions of these, but you can download "trial" versions that you can use to monitor.

EDIT:
What you want to look for (during activation of Comodo), is first,.. outbound:remote 443,.. to see if the connection is being attempted

 

Hi Stem

Well, I am getting way out of my depth now. Firstly Port Explorer continuously updates and I cannot see anything specific going on. With Packet Analyzer it does not show any action. This is confirmed with Active Ports (I know much simpler) but no activity is shown.

I am sure that it is not getting anywhere near connecting out, and on that basis I tried to find a program that would trace the program action. The only one I can find is called Trace Plus
http://www.programurl.com/software-traceplus-win32-downloadnow.html

This from the status view

Time Process Thread Message Delta Time Relative Time
12:37:15.113887 CPF (2276) 0x798 COM: Object created with CLSID {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (Microsoft HTML Javascript Pluggable Protocol) 1:54.649444 3:56.239261
12:37:18.165752 CPF (2276) 0x960 Thread 0x960 created. 3.051865 3:59.291126
12:37:18.189731 CPF (2276) 0x798 COM: Object created with CLSID {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (Microsoft HTML Javascript Pluggable Protocol) 0.023978 3:59.315105
12:37:18.253786 CPF (2276) 0x960 Thread 0x960 exited. 0.064054 3:59.379160
12:37:18.275002 CPF (2276) 0x798 COM: Object created with CLSID {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (Microsoft HTML Javascript Pluggable Protocol) 0.021216 3:59.400376
12:37:24.037713 CPF (2276) 0x968 Thread 0x968 created. 5.762710 4:05.163087
12:37:24.095182 CPF (2276) 0x968 COM: Object created with CLSID {F6D90F16-9C73-11D3-B32E-00C04F990BB4} (Msxml2.XMLHTTP) 0.057469 4:05.220556
12:37:24.190180 CPF (2276) 0x968 COM: Creation of CLSID {00000000-0000-0000-0000-000000000000} failed (E_INVALIDARG) 0.094997 4:05.315554
12:37:24.335726 CPF (2276) 0x87C DLL: Loaded module 0x7B30000 (E:\WINNT\system32\dcsws2.dll). Version: * 0.145545 4:05.461100
12:37:24.394608 CPF (2276) 0x968 Thread 0x968 exited. 0.058882 4:05.519982


I'll put the others in a PM to you.

 

Hi David,
A quick (very simple) test to see if your problem PC can comm via SSL (HTTPS).
Go to http://www.grc.com/port_443.htm part way down the page you will see "Click the link below to view this page via SSL:" Please try this with Comodo active. (does the HTTPS page show, or is there an error?)

 

Yes, no problem with that. As I said before, I am sure it is not even getting as far as connecting out as the report I sent showed

Edit
Misread your thread. I can get the http page ok. With Mozilla and Firefox I get grc.com etc cannot be found. With Opera Proxo and Opera come up with queries about the site certicates. If I accept them then the page loads ok

Edit 2

Opera considers the site unsafe as follows:-

Opera has detected problems with the server's certificate:
(1) The server name does not match the certificate name.
(2) The certificate is not signed by a trusted authority.
(3) The certificate has expired.
Sending sensitive information through this connection is not safe!

Edit 3

Will get this right eventually

If I connect direct with Opera it is fine and certificate is ok, so Proxo was causing the problem there
Firefox is now working even though is does not go through Proxo
Mozilla will not connect at all on a direct connection. Seems Comodo has locked its route in somehow

 

I am not seeing/have any of these problems (even going through Proxo),... This is certainly a puzzle,...


Download and re-install Windows Script see if that helps with the Comodo registration

 

You have to run a validation program from MS. Tried that but it says

"This version of the Windows Genuine Advantage validation tool is no longer supportes. Please d/l the latest version........"

Not much I can do about that since I am getting it from MS. I am running 2k so maybe it does not work on that.