Raul90

No active interfaces

Recommended Posts

 
 
 
 
A funny thing happened today! I connected to the internet and updated my AV and OA Premium. Then Malwarebytes Pro(on-demand). The I started to surf the net and when I checked the Firewall Status I have "no active interfaces". See images below. 
 
Now at the time I was downloading from Softpedia SRWare Iron ver 27 Stable both .exe and Portable version. Connected to support.emsisoft.com and tipradar.com. I am dumbfounded. This is a first!
 
Can someone explain this to me please....
 
8cd31c258093831.jpg 

 

 
2bbc27258093861.jpg 

 

Is OA still protecting me when it's like that? How can I be sure..?

 

 
This is on a Win 7 x32 with Avira IS (no firewall / backup/ Proactive). Avira is excluded in OA and vice versa. 

Share this post


Link to post
Share on other sites
So sorry about the images attached. Here it is again(I was to edit it but I got a pop-up saying "You do not have permission for this action" --- huh? what the... :(

 

mmwyu.png

 

dxnv46.png

 

Now I do not know if this is related to the issue I am having with another partition I have with EAM/OA (internet suite) but this partition is from an image created from that EAM/OA partition. I just removed EAM and installed Avira(which was to test a "bcdedit.exe error" I am having if it's EAM or OA whose the culprit).

 

Now I stopped and restarted OA but it's the same. No active interfaces. 

 

Is a re-install warranted or.....

 

Can someone explain this to me please....

 

Thanks very much :)

Share this post


Link to post
Share on other sites
Fiddling on, I have noticed that my broadband plug-it modem has two connection types. RAS(modem) and NDIS. 
 
At the time of the "no active interfaces" it was in NDIS. I changed it to RAS(modem) and here is what I got. See image below. The IP address is now seen in the top of the Firewall Status. Plus there are active intrfaces. 
 
bhhsmv.png
 
Have not really checked out the settings but both works (RAS (modem) or NDIS). This is the first time I have noticed it since using OA again. Normally I'd check Process Hacker or the firewall status of Outpost (which is not in graph form as Emsisoft's) or KillSwitch (same as Process Hacker).
 
Either one works but my question is: 
 
What is the difference between the two as far as safety is concerned...or how can OA protect me..? While it is a concern that I cannot see what's happening when it's in NDIS, the connection seems a bit better as compared to RAS(modem). I don't know about peak hours though. Usually at peak hours I use an old dial-up which is much stabler than a plug-it here in my part of the world. At peak hours you'd be blessed by server time outs -- a lot!
 
RAS setting is a dial up connection...correct? NDIS is a LAN or Broadband connection...correct? 
 
Which is better to use..?
 
Which is safer to use..?
 
If I use NDIS is there a way I can see firewall status data? As in the image all I get is like a loopback 127.0.0.1.
 
What maybe the best setting for NDIS in OA..?
 
In RAS(modem)..?
 
I am not a firewall expert but I trust the product that protects me especially tried ans tested products like OA. But I's like to learn more on how this is.
 
I have the Emsisoft Internet Security from where I have this OA installation. Now that it is paired with Avira may I ask if I attempt a "re-install" or an "install over-existing installation" can I still use the EmsisoftInternetSecuritySetup.exe (298mb) installer (latest)..?
 
Or can I use the OnlineArmorSetup.exe (version6 - 29mb)..?
 

 

 

 

Thank you :)

Share this post


Link to post
Share on other sites
I booted to the other partition with EAM/OA and it was the same. See image with connection type: NDIS below. 
 
ih87qb.png

 

Will wait for your assistance on some explanations :)

 

Thanks again!

Share this post


Link to post
Share on other sites

Lets try this:

  • Hold down the Windows key on your keyboard (the one with the little Windows logo on it, usually between the Ctrl and Alt keys) and tap the R key.
  • Type control netconnections into the field and click OK.
  • Right-click on your network connection (usually "Local Area Connection", unless it's wireless) and select Properties from the list.
  • Make sure that OA Helper Driver is in the list.
It will look like this (click on the picture to make it bigger):

 

Let me know if that's there.

Share this post


Link to post
Share on other sites

@GT500,

The connection is wireless and the OA Helper driver is there but I was shocked to see a "Comodo Internet Security Firewall Driver" is also there. This is using RAS(modem) See image.

b7nitv.png

This partition had previously CISver5.12 as it's firewall. Prior to uninstalling it and using it's cleaner. From there I installed EAM/OA --which now is Avira/OA.

I do not know about the partition with EAM/OA as both are the same. I'll check it later and post with NDIS and the other partition.

This is using NDIS

30mlit2.png

Now I mentioned it's wireless and I also checked the properties of the mobile plug-it(seems it should have been this..correct?).

In NDIS,

2ege1cj.png

In RAS(modem),

dlonkj.png

Both allows connection but using NDIS I don't have the firewall status.

@trujwin,

I change it via the interface gui of the Mobile broadband application.

15mxvuf.png

Share this post


Link to post
Share on other sites

I was to edit but was not allowed....

 

Anyway, kindly see the 4th image. The Mobile Broadband Connection shows an "X" there when using RAS(modem). When it's NDIS that connection does not show an "X". 

 

Is something further wrong here...? I am getting confused...

Share this post


Link to post
Share on other sites

What happens if you uninstall the COMODO Internet Security Firewall Driver from the connection properties dialog?

Share this post


Link to post
Share on other sites

Hello GT500,

 

Thanks for the reply. It is strange as using Comodo's own cleaner removes all traces of it even the browsers like Dragon and Ice Dragon. 

 

 

I checked the installed programs and the Comodo's driver is not listed there. Here is a snapshot of Revo Uninstallers Installed apps. 
 
2qu3fkk.png
 
Where should I check?

Share this post


Link to post
Share on other sites

Just uninstall it from the Properties of your network connection. When you click on it to highlight it in the list, you can click on the 'Uninstall' button below the list.

Share this post


Link to post
Share on other sites

You might check here as well:

 

REG DELETE "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Comodo Antivirus" /F
REG DELETE "HKEY_CLASSES_ROOT\file\shellex\ContextMenuHandlers\Comodo Antivirus" /F
REG DELETE "HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Comodo Antivirus" /F
REG DELETE "HKEY_CURRENT_USER\Software\ComodoGroup\COMODO Internet Security" /F
REG DELETE "HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFPLog" /F
REG DELETE "HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\COMODO Internet Security - Log Viewer" /F
REG DELETE "HKEY_LOCAL_MACHINE\Sofware\Microsoft\Windows\CurrentVersion\Uninstall\Comodo Internet Security" /F
REG DELETE "HKEY_CURRENT_USER\Software\CFP\COMODO Firewall\" /F
REG DELETE "HKEY_CURRENT_USER\Software\ComodoGroup" /F

and also

HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdhlp\0000\
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdguard\0000\
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdagent\0000\
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdhlp\0000\
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdguard\0000\
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdagent\0000\
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdhlp\0000\
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdguard\0000\
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdagent\0000\
HKEY_LOCAL_MACHINE\software\Wow6432Node\comodogroup\
HKEY_LOCAL_MACHINE\software\Wow6432Node\comodogroup\CSC\
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdhlp\0000\
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdguard\0000\
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdagent\0000\
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdhlp\0000\
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdguard\0000\
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdagent\0000\
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdhlp\0000\
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdguard\0000\
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdagent\0000\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\Approved\

& more :

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDAGENT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDGUARD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP

- RegVac
- RegEdit (to manually remove leftovers keys)
- CCleaner (nothing in safe mode & then broken Windows in advanced mode)
- j16 PowerTools (nothing in safe mode & then broken even more Windows in advanced mode)
- Manually uninstall of CFP 2.x (fwconfig -uninstall -> ask to reboot -> & fwconfig & clicapi.dll are deleted)
tool found here : http://forums.comodo.com/index.php?action=dlattach;topic=5326.0;attach=1799

- removing services : CmdAgent & CmdMon

- Device Manager > View > Show Hidden Devices > Non-Plug and Play Drivers
no such thing like "Non-Plug and Play Drivers" are listed so no entries for Comodo like :

     Comodo Application Engine
     Comodo Network Engine

- WMI Service

. Stop the the WMI Service (in admin > services)
. Delete the "repository" folder in C:\windows\system32\wbem
. start the WMI Service. Starting the service rebuilds the deleted folder and the database.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.