BIG BUG: Firewall doens't filter ANY connection to internet!

[Guest]

[jarmomak]

I did what you asked, but debug version of cmdhlp.sys did not seem to anything. My Active connection windows was empty. Not even local cnnection were listed there. Just empty. I took backup copy of original file and restarted system. Now Active Connections shows local connection. Something wrong with debug version of cmdhlp.sys . It did not produce .sys file to c:\!! 

What to do?

[Ronny]

Wait till Rick returns, i guess that cmdhlp.sys is from a previous version....
I'll drop him a notification if he can assist here.

[jarmomak]

I noticed something about behaviour of W7: When connecting my mobile broadband, W7 opens connections, sets IP to 169.xxx.xxx.xxx for very short period time (1 sec or less), then sets IP to correct one. Is it because of delay DHCP server, i do not know. That is one option.

I mean I suspect that when connecting, W7 does not get IP from DHCP before it notifies system about new connection. If W7 notifies that new connection is available before it gets IP, then firewalls may receive wrong IP. Somehow W7 own firewall works better in this matter.

Is there any sense what I wrote here?

[Ronny]

169.254 is APIPA automatic assignment of IP in case DHCP is to slow or not available etc...

Once you have connection can you see those connections in the "View active connections" monitor on the GUI, Firewall menu?

And also if you put a global block rule on incoming traffic does it block all traffic after you are connected.
(Block IP in any any any + log) make it the top rule so it matches first

Are there other network interfaces active during this G3 connection for instance Wifi or cabled LAN?

[jarmomak]

Answer to all questions is NO. No active connection listed, Global Block rule has no effect, No other interface enabled or active.

[RickWang]

Hi all,

Comodo has released COMODO Internet Security 4.0.132838.716 RC, please install and test it, if you encounter same problem, please tell me, we will fix these bug based on this version.

[RickWang]

The latest released version, please refer to http://forums.comodo.com/beta-corner-cisv4/comodo-internet-security-40132838716-rc-released-t51706.0.html

[jarmomak]

I did install this version. Same problem.

[RickWang]

I will try to reproduce and analyse it in our lab

[RickWang]

Hi jarmomak,

Please set firewall security level to Block All Mode, and test if your connection not detected can work ok?

Thanks & Regards,
Rick Wang

[jarmomak]

If I "block all", comodo correctly blocks all outgoing connections. It is very difficult to test whatever comodo blocks incoming connections too. But if I create a rule that blocks all incoming connections but allows outgoing connections, Comodo is not able to block any incoming connection. pcflank.com firewall test still sees my open and visible ports.

Active Connections -dialog shows no outbound connections through my mobile broadband. Just localhost listening ports.

See My Network Zones capture in attached file. Comodo does not detect my IP correctly. For some reason DHCP is slow to return IP, so one second or so ip address is 169.xx.xxx.xx. That is detected, but not right IP when it finally arrives. There is one problem as far as I can see.

[Ronny]

pcflank.com firewall test still sees my open and visible ports.

Hi Jarmomak,

Please be careful with this conclusion, do you have a Modem/Router in between your PC and the Internet?
It could very well be that you are scanning your Modem/Router instead of your PC in this situation...

Try to create a rule that logs traffic and cause outgoing traffic with it so see if CIS is able to log this traffic.

[jarmomak]

There is no router or anything. Just connection to my mobile broadband connection right from my T500 laptop (ericsson mobile broadband modem). Pcflank.com shows the same IP as my computer has.

i did create rule that logs any outgoing connection. I removed all application rules.
No connections were logged. Firewall Events shows only localhost events.

[Ronny]

There is no router or anything. Just connection to my mobile broadband connection right from my T500 laptop (ericsson mobile broadband modem). Pcflank.com shows the same IP as my computer has.

Okay cool, good that have that verified, I had the same issue with my 3G adapter...

i did create rule that logs any outgoing connection. I removed all application rules.
No connections were logged. Firewall Events shows only localhost events.

Did you do that on the Global rules, or did you also try an application rule say for example Firefox?

Maybe it's asked before but do you have ANY other security software installed that could possibly interfere and is windows firewall disabled?

Can you start msinfo32.exe and post the Network, Adapter part that it shows here in a text file?

[jarmomak]

I do not have any other security software except Avast 5.0 antivirus (which I recently installed). Problem was found before I installed Avast 5.

I did logging rule on the Global Rules.

When I run your tests I have Windows Firewall disabled. Mean while I have to enable it to have some inbound protection.
I did attach output of msinfo32. It is in finnish language, sorry! But I think you can interpret information you want. And learn a new language  

[Tags:]