Can you knowledgeable folks please help us with NOD32 v3!

[Guest]

[ratchet]

Not sure why but by removing ggf31416s policies and global rules, I am able to pass the test.

[ggf31416]

I totally failed the leak test!  I download the file, open it and Comodo asks, I say block.  Then the leak test box opens, I hit test and I fail.  I delete the file, go through the whole thing one more time, only this time the file opens without even a whimper from Comodo.  I hit test and I failed.  Now what?

Thank you very much for the tests. I guess NOD32 is using a different port number in your system than in mine.

I think it's better to don't create the "all application" rule at all unless you know the port number NOD32 is using in your system. The purpose of that rule is avoid loopback prompts not related to the NOD32 proxy but it's not needed for security. I will remove that rule from my post.

"Enable Alerts for loopback connections" is enabled by default in v3.0.14.276 but users that updated or imported rules from previous versions may have it disabled and should enable it.

[hilmi]

Hi everyone,
This is what I have as settings for Nod32 v3 to solve that proxy problem:
In advanced settings, uncheck all browser and email clients (web browsers under HTTP and email clients under POP3). Then disable POP3, HTTP and Web access protection.
With this settings, all my connections connecting as normal not thru ekrn(proxy).
I tested this by loading an anti-virus test program from a site and nod32 stopped it.

Please give me feed-back on these settings

Hilmi

[ratchet]

Thank you very much for the tests. I guess NOD32 is using a different port number in your system than in mine.

I think it's better to don't create the "all application" rule at all unless you know the port number NOD32 is using in your system. The purpose of that rule is avoid loopback prompts not related to the NOD32 proxy but it's not needed for security. I will remove that rule from my post.

"Enable Alerts for loopback connections" is enabled by default in v3.0.14.276 but users that updated or imported rules from previous versions may have it disabled and should enable it.

Quite welcome and thank you!

[MCD]

OK, good news and bad news.
Good News: Configuring comodo to control the "tunnel" is a PoC (Not a Proof of Concept but a Piece of Cake )
First you have to enable Firewall -> Advanced -> Firewall Behaviour Settings -> Alert Settings -> Enable Alerts for loopback requests

I not sure if the port is the same on all computers, if you do the following please check that the communication is not allowed without prompt.

Now remove the rules for your browser (or another application that connects to Internet, e.g. an updater or leaktest) and try to access a HTTP web page with that program(HTTPS doesn't use the proxy in the default configuration), you should receive a prompt similar to the first and second screenshot. Make sure that your Firewall Security Level is set to Custom.

Please provide feedback.

Bad News: I think I found a bug in Comodo while testing NOD32, the exclude checkbox in the destination port is not working!

Thank you for this. It worked like a charm!

[ratchet]

Not sure what it means, but I passed the Comodo and GRC leak tests!  I thought there were parts two and three to the Comodo test but if there were I couldn't figure out how to do them. In NOD I have "Ports and applications marked as Internet browsers or email clients" selected and then I only have Firefox and IE selected as Browsers and only Outlook Express selected as email client. Anyway, does this suggest that despite the ekrn proxy issue that Comodo can/will block outgoing requests or don't the tests prove that much? Thank you and Happy New Year!

[Tags:]