Alert on localhost connections?

[Guest]

[amews_aj]

Hi,

Comodo does not ask me about localhost/internal connections.
All options in defense+ is selected (also loopback)

I tried creating rule to log from 127.0.0.1 to 127.0.0.1
No logs were created.

How to make it ask, is it a bug? 

Using: 3.0.14.273 on vista 32bit

[MaratR]

The problem is, Defense+ is the only part of Comodo that governs loopback connections. You can either allow an application to use loopback networking (Computer Security Policy - Access Rights) or not. No control over what protocols an application is allowed to connect to localhost with, or what ports of localhost an application is allowed to connect to, or what loopback connections should be logged, is available on the Firewall level.

In fact, you can specifically block your applications's connections to 127.0.0.1 in the Network Security Policy, and it will still be able to connect to localhost if the Loopback Networking is enabled in it's Access Rights in Computer Security Policy. The Firewall part of Comodo seems to completely ignore any loopback activities.

So, you can't really call it a bug, because (unfortunately) Comodo seems to be designed to behave this way from the start. I may be wrong, though. I really hope I am.

[amews_aj]

Well, I haven't allowed any rights for that application. Where to allow/deny?
Can I make it ask?

[MaratR]

You can allow/block Loopback Networking in Defense+ - Advanced - Computer Security Policy - [Your application's executable] - Use a Custom Policy - Access Rights.

You can make it ask, so every time the application will try to connect to localhost you will be alerted. But this works like everything else in Defense+, so if it's a safe application and the Defense+ is in Train with Safe Mode / Clean PC / Training mode, it will switch from "Ask" to "Allow" automatically.

[Toggie]

You could always use Paranoid Mode 

[amews_aj]

So what you're saying is, that in standard, it will just accept all loopback (localhost)
but to make it ask, I would have to use paranoid mode?

[Toggie]

Can you give us an example of an application you wish to log loopback for, maybe with some screen shots of the D+ and firewall rules...

[amews_aj]

With basic configurations, clean install.

The application is www.fingerfox.amews.dk
It uses internal connections.

[Toggie]

Ok, it's another mozilla baby, what exactly do you want to do?

[amews_aj]

Well, its a firefox extension and a C# application combined.
The extension communicates with the application through localhost connections.
It uses sockets on 127.0.0.1, but comodo does not block them.

If you have any tech questions about the extension/application, just ask, I am the developer of it.

[Toggie]

Ok, I'm a bit confused. It's a fx extension, so that assumes it needs fx for it to be able to run? fx needs loopback, it's part of it's history...

If you block fx loopback you're going to have problems, However, you can control Loopback Networking via D+/Advanced/Computer Security Policy/

Choose the application, then choose custom policy. Edit the access rights for Loopback Networking

[amews_aj]

Yes it is firefox who communicates via sockets with an external app.
But how to make comodo ask permission for these local connections to be allowed.

A simple internal connection, just like apps connect to the internet, just internal instead. Like firefox communicating with a localhost webserver.

[Toggie]

The only thing I can suggest is, as I said before, modifying the access rights for fx in D+, maybe changing the rule IPC from Allow to ask?

[amews_aj]

But the external application is listening for incoming connections, and normally when apps do that, you are asked to allow that. Allow incoming connections to it.

[Toggie]

It's an interesting situation and I don't know the answer right now. Let me have a play and I'll get back to you

[Tags:]