Author Topic: CIS - Firewall blocks the "Windows Operating System" in Windows 10.  (Read 4424 times)

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 458
The firewall between blocked applications blocks the "Windows Operating System" path.
What is it? My PC is clean, it is not infected.

I can not find the details?

Can i unblock it or remove it?

Thank you ;)
Nunzio.

Nunzio

Offline PremJK

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 501
  • Live and Let Live
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #1 on: April 09, 2018, 06:05:13 AM »
Hi,

Can you please share the screenshot of your firewall event logs? and Do you use stealth ports task to block incoming connections? If yes, please unblock it.

Kind Regards,
PremJK

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 458
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #2 on: April 10, 2018, 02:17:54 AM »
No I do not use invisible ports to block incoming connections. For now I have removed the notice and since April 7th it has not blocked me. However, the PC is not infected, I scanned with other tools and is clean.

The block has returned. Here is the print screen: https://ibb.co/dzUmBc

Can it be an intrusion attempt in my PC?
« Last Edit: April 10, 2018, 04:55:48 AM by NDABBRU »
Nunzio

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4793
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #3 on: April 10, 2018, 09:01:38 AM »
No I do not use invisible ports to block incoming connections. For now I have removed the notice and since April 7th it has not blocked me. However, the PC is not infected, I scanned with other tools and is clean.

The block has returned. Here is the print screen: https://ibb.co/dzUmBc

Can it be an intrusion attempt in my PC?
Normal blocking of fragmented UDP packets due to block fragmented IP traffic enabled in firewall settings.

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 458
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #4 on: April 10, 2018, 10:14:31 AM »
What do i have to do? Should i leave this setting enabled or do I have to disable it?

These are the settings I put: https://ibb.co/m5Wa4x

Which ones should I leave and which ones to take off if they are useless?


Thank you!
Nunzio

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26046
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #5 on: April 10, 2018, 03:18:18 PM »
PremJK was talking about Blocca trafico frammemtato.

Even when you disable this setting you sometimes catch fragmented UDP traffic. The UPD protocol is a stateless protocol. It means both sides are not acknowledging data being received. Sometimes a site may respond later to a request from your computer then the Stateful Inspection time limit of the firewall. The firewall then thinks the traffic is not an answer to a request from your computer and will see it as a possible intrusion.

You could also consider disabling Annaliza i protocoli because it may influence network performance.

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 458
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #6 on: April 11, 2018, 03:06:31 AM »
Ok. Thank you. I disabled "analyze protocols".
Nunzio

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 458
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #7 on: April 15, 2018, 05:03:39 AM »
Hello!
I continue to receive occasional attempts to intrude the ARP protocol, which in the advanced settings of the firewall I put the flag on "enable anti ARP spoffing". But it can be removed (if there can be legally "intrusions") or is it better to keep the active flag on this setting?
Nunzio

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26046
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #8 on: April 15, 2018, 12:01:59 PM »
It's better to keep ARP filtering enabled especially when you are on wifi.

When the IP address in the ARP messages are the same then you are safe. When the IP addresses are not the ARP filtering is protecting you.

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 458
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #9 on: April 15, 2018, 01:04:24 PM »
Thank you so much! Very nice! ;)
Nunzio

Offline Viper94

  • Comodo's Hero
  • *****
  • Posts: 205
  • Comodo is my favorite!
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #10 on: May 13, 2018, 05:08:54 AM »
Hey Guys,

Im not sure if it is better to open a new topic for my issue, but I think this conversation is a good place for my problem:

I have the issue, that Comodo Firewall blocks the whole traffic in WPA-2-Enterprise network (at university), when I enable the "Enable anti-ARP spoofing" feature. After enabling this feature, the whole internet connection is blocked. See screenshot for the log.

Windows 10 1803
CIS v 10.2.0.6526

Is this a known bug or is there a comprehensible reason? Never got in touch with this problem in WPA-2-Personal networks.

Thanks
Windows 10 / 64 Bit

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26046
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #11 on: May 13, 2018, 11:01:58 AM »
Are the IP addresses in the log you attached the same for Source and Destination IP or different? Usually the Block Fragmented IP Datagrams is the culprit in University networks.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4793
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #12 on: May 13, 2018, 11:13:02 AM »
Hey Guys,

Im not sure if it is better to open a new topic for my issue, but I think this conversation is a good place for my problem:

I have the issue, that Comodo Firewall blocks the whole traffic in WPA-2-Enterprise network (at university), when I enable the "Enable anti-ARP spoofing" feature. After enabling this feature, the whole internet connection is blocked. See screenshot for the log.

Windows 10 1803
CIS v 10.2.0.6526

Is this a known bug or is there a comprehensible reason? Never got in touch with this problem in WPA-2-Personal networks.

Thanks
Your university is most likely using VRRP you can see this post for more info on the cause of your issue.

Offline Viper94

  • Comodo's Hero
  • *****
  • Posts: 205
  • Comodo is my favorite!
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #13 on: May 14, 2018, 11:53:58 AM »
Are the IP addresses in the log you attached the same for Source and Destination IP or different? Usually the Block Fragmented IP Datagrams is the culprit in University networks.

The IP addresses for Source and Destination are different. The university network called eduroam is an international (very huge in europe) network for education and research area.

Your university is most likely using VRRP you can see this post for more info on the cause of your issue.

Thanks. This helps to understand this problem. Did I understand correctly, that I cant do anything against this problem and I have to disable the ARP protection?
Windows 10 / 64 Bit

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4793
Re: CIS - Firewall blocks the "Windows Operating System" in Windows 10.
« Reply #14 on: May 14, 2018, 11:55:53 AM »
Quote
Thanks. This helps to understand this problem. Did I understand correctly, that I cant do anything against this problem and I have to disable the ARP protection?
Yes

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek