comodo,antivir PE guard strange behaviour

Discussion in 'other firewalls' started by cet, Jan 29, 2007.

Thread Status:
Not open for further replies.
  1. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    I had posted here about some kind of confliction between comodo firewall and antivir PE classic.When I choose to block all in comodo, antivir guard also deactivated.I thought that it happened after I updated antivir.So I posted to the antivir forum, but I could not get any answers.
    Now after installing comodo 2.4.16.174 I thought that the problem was solved.I was wrong.I found out that the real problem was comodo.Now please try this and give me a feedback,if it happens with you:COMPONENT MONITOR LEARNING,block all,nothing happens to antivir guard.NOW CHANGE COMPONENT MONITOR TO ON,BLOCK ALL,ANTIVIR GUARD DEACTIVATES.But there is not a security notification from the security center.Why does this happen is it a bugo_Oo_O?
     
  2. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    I had also a problem with avguard.exe. I solved it by making a rule to allow it destination: IP 0.0.0.0, port TCP 18350 incoming.

    More about that in this thread:
    http://forums.comodo.com/index.php?...8de845fb424baa07&topic=5535.msg41115#msg41115
    Rather than answering your question, I hope maybe that rule helps. Now I don't get antivir guard shutting down after reboot, but it still does what you described though :p
     
    Last edited: Jan 29, 2007
  3. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    Since you are the only one who understands me(lol very romantic) I would like to ask you another thing.Surfing with firefox :doorbell rings and I block all in comodo.After a few minutes I come back, change comodo to custom and try to surf again.I can surf but very very slow,firefox CPU usage 99% ,I have to restart firefox once or twice to make it work properly again.
    I got win XP SP2.comodo,antivir PE classic,SSM free,firefox with no scripts,spywareblaster.
    ON demand AVG antispyware,spybot and adaware.I use sandboxie sometimes.
    I have not had any conflicts between sandoxie and comodo.But I use sanboxie only for windows live messenger.
    I think we nearly have the same configurations and same problems.I never think of giving off Antivir but I can change my firewall.Maybe going back to jetico 1 can be an easy solution.It was the best firewall I have ever used.What do you think.Jetico is an old firewallo_Oo_Oo_O??
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Interesting catch.
    On my system, componant monitoring learning, block all disables guad.
    Compo monitoring on-- block all disables guard as well.
    So guard is disabled in both cases.
    Can u pls post on Comodo forum.
     
  5. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    That 'Block All'. It really is no use to me. I always allow the traffic, withing the made rules. 'Allow All' could be useful to test if the firewall is blocking something undesired, especially since Comodo has such poor logging.
    I run my computer 24/7, so it is always connected with cable modem.

    I don't get that 100% CPU usage or slow connections after back to normal = custom. So no idea why yours do so.
    How about 'Allow All', still slow? I know you should not normally run without a firewall and that is what it is, but you can make your system very safe by disabling certain unnecessary windows services. Easiest way to do is with this program http://www.firewallleaktester.com/wwdc.htm

    I don't really see any serious problem you have with that guard shutting down since it turns back on when the firewall is in normal mode?

    I have never used Jetico 1. The reason being that it does not run as a service and I don't have a router. And Jetico 2 is not free. Would be interested to try to tackle with it and perhaps since my PC is pretty secure by closing those services, it would still be possible.
    At the moment I see no serious problems with Comodo, other than that nonactive and localhost connections are not shown anymore in 2.4 version. Makes me suspicious that something would be revealed, some vulnerability and they are purposely hidden. That's just a paranoid thought, propably baseless :p
     
    Last edited: Jan 29, 2007
  6. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    I posted to the comodo forums today.
     
    Last edited: Jan 30, 2007
  7. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    Here is the answer :I submitted my ticket I am waiting for the answer.
     

    Attached Files:

  8. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    Mine does it to, except it says the status of the guard is unknown. The umbrella stays open in the task bar, so I feel kind of protected.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks,
    Interestingly I found similar problem with ZAP. If I do in sequence--- Engage internet lock and then Stop all internet Activity, guard turns off. But not if I do same steps in another order or only one of these steps.
     
  10. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    They say the problem is resolvedo_Oo_Oo_Oo_Oo_Oo_Oo_Oo_Oo_Oo_Oo_O**
     

    Attached Files:

  11. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    It has allways been the case.Antivir needs internet access.
     
  12. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    Do you have any real problem with it?

    I know Comodo forum is not a good one to find answers, real one.
    I still have no idea how this firewall really works.

    When I boot up, I get prompted about svchost.exe. Do I allow it to act as server? For udp 123, that is timeserver port. Of course and i have allowed from my computer generic host, from CPF to time server UDP port.
    There was that talk with Comodo Melih and Stem, I followed all that talk, but from comodo there was no clear reply how it works. SPI existing or not.
    Sometimes I go to my clock, try to update ... it works, most time it doesn't.

    Same also to DHCP rule. I have allowed that outbound to my isp server from svchost, but I do get prompted sometimes, I usually answer no. As SPI should take care of them?

    I do get disgusted since knowledgebase in comodo forum is non existent or hidden in many user messages. That is my opinion anyways. All so easy and clear with kerio 2.1.5 but not at all with Comodo.

    EDIT
    No Antivir does not. You can apply my rule for 0.0.0.0 or perhaps localhost address with running Comodo too for avguard is enough, but main thing is what was raised up by me, some person before that and now by cet is, Comodo needs rules to apply and maybe as I found out they were not found out with that low level of alerts setting.
    But, no need of internet needed for antivir guard to work.
     
    Last edited: Jan 31, 2007
  13. danny9

    danny9 Departed Friend

    Joined:
    Feb 18, 2004
    Posts:
    678
    Location:
    Clinton Twp. Mi
    Sorry to hear about your problems.
    Normally I run KIS but have been having some problems lately with the puter going down at least once a day. So I uninstalled it to see if that was the problem. It wasn't.
    In the meantime I put in commodo and avira. I allowed all for Avira and had no problems with either in the week I had them running.
    Once all was allowed they ran great together. At least on my system.
    Both are quite impressive by the way. Very smooth running and little system resources used.
    Good luck! :cool:
     
  14. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    Unfortunately from the comodo forums I understand that their answers will never satisfy me.I am thinking that the comodo firewall seems good,passes all the leak tests BUT is it as good as it claims.Sometimes lab tests differ from the real life.The outer part of the apple is very red polished but insideo_O
    Comodo works well with antivir (to danny9) but I am trying to discuss something different here.In the comodo version 2.3.681 some programs bypassed the firewall and connected to internet before I allowed or denied them.I sent the pic to the forum and after 2 days they removed it from the forum.
    Since I am behind NAT router I may go back to the solid rock jetico1 or there are some very good comments about sensive guard which I may give a try.My PC is 6 YRS old ONLY 512 ram Sensive guard uses less memory than comodo.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    By default it allows their trusted white listed applications to connect without popups, may be it was the case. U need to change settings to control everything.
     
  16. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    Maybe Aigle, but I doubt.
    Anyone serious of security should anyways check that Comodo thing off. So thanks for reminding.
    For you, pls try to change that U to you. I know it is a minor inconvinience and you are understood, but kind of hurts my reading to take you seriously etc. Sorry for being so blunt.
     
  17. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    One thing I have noticed is avguard.exe and avgnt.exe never show up in the application traffic in Comodo with the newest version; they were always listed in the last version.
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan

    You
    must be happy now.:) It is my habit with poor typing!!. Also I like some things simple and easy.
     
  19. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,184
    It was only a joke dear aigle. Hope you don't mind that comment on "U" since reading you is always a pleasure.

    Though now, for some reason I don't know, I am back to kerio 2.1.5.

    It was really OK with Comodo for 2 weeks. But today, I could surf internet for something like 2 hours and then needed always reboot and I could not find any real rules I had made to block my internet connection.
    So Comodo started to act strange and I am not happy about it.

    I feel also apologized to all that it may have been just some of my setting and not Comodo cause I cannot pinpoint that, just happened. Really strange.
    I know I was after examining Comodo SPI etc., but nothing to do with loosing my internet connection, so no idea. Just happened. End of this thread particiment from me. Sorry guys and girls, really liked to have Comodo working for me.
     
    Last edited: Jan 31, 2007
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    No problem at all.:)
     
Loading...
Thread Status:
Not open for further replies.