Author Topic: Comodo Internet Security v10.1.0.6474 Released  (Read 17851 times)

Offline BlueTesta

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 482
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #90 on: January 10, 2018, 03:17:07 PM »
Even then "Custom Ruleset" was supposed to block application without custom rules if i understand correctly?.

https://help.comodo.com/topic-72-1-766-9172-General-Firewall-Settings.html
Custom Ruleset:   
The firewall applies ONLY the custom security configurations and network traffic rules   specified by the user. New users may want to think of this as the 'Do Not Learn' setting because the firewall does not attempt to learn the behavior of any applications. Nor does it automatically create network traffic rules for those applications. You will receive alerts every time there is a connection attempt by an application - even for applications on the Comodo Safe list (unless, of course, you have specified rules and policies that instruct the firewall to trust the application's connection attempt).



My expersince with  "Outgoing Only",

"Outgoing Only" will block any incoming request initiated by other (e,g when a friend try to connect to your svencoop local server, a connection atempt is logged.)
"Outgoing Only" will allow incoming data if the your program have initated the connection (e,g Web browser configured with Outgoing Only rule)
« Last Edit: January 10, 2018, 03:39:28 PM by BlueTesta »
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."

Offline Huolsam

  • Newbie
  • *
  • Posts: 15
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #91 on: January 10, 2018, 03:37:21 PM »
Hi,

My Computer still run 10.0.2.6420 of comodo firewall, there is any option to update it or i have to install the new version from Comodo installer ??

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #92 on: January 10, 2018, 03:43:07 PM »
We will be issuing updates tomorrow, 11th Jan, 2018.

Hi,

My Computer still run 10.0.2.6420 of comodo firewall, there is any option to update it or i have to install the new version from Comodo installer ??
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline Huolsam

  • Newbie
  • *
  • Posts: 15
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #93 on: January 10, 2018, 03:44:56 PM »
We will be issuing updates tomorrow, 11th Jan, 2018.

Okay i will wait the new updates, thanks guys for ur hard work  ;D ;D

Offline ajaychoran

  • Comodo Loves me
  • ****
  • Posts: 104
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #94 on: January 11, 2018, 06:26:08 AM »
That's my understanding as well.
https://help.comodo.com/topic-72-1-766-9172-General-Firewall-Settings.html
Custom Ruleset:   
The firewall applies ONLY the custom security configurations and network traffic rules   specified by the user. New users may want to think of this as the 'Do Not Learn' setting because the firewall does not attempt to learn the behavior of any applications. Nor does it automatically create network traffic rules for those applications. You will receive alerts every time there is a connection attempt by an application - even for applications on the Comodo Safe list (unless, of course, you have specified rules and policies that instruct the firewall to trust the application's connection attempt).

In my case this is not working. If an application such as imo messenger(in my case) has already established a connection, changing from "Safe Mode" to "Custom Ruleset" mode in firewall does not not terminate the connection. It was not so in some previous versions i checked.

"Outgoing Only" will block any incoming request initiated by other (e,g when a friend try to connect to your svencoop local server, a connection atempt is logged.)
"Outgoing Only" will allow incoming data if the your program have initated the connection (e,g Web browser configured with Outgoing Only rule)
You mean, even blocking incoming connections with stealth port wizard is not sufficient to block those connections?
« Last Edit: January 11, 2018, 06:28:24 AM by ajaychoran »

Offline Ploget

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1396
  • 'Your best teacher, is your last mistake'
    • CIS Help
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #95 on: January 11, 2018, 06:37:00 AM »
Works on mine: Win10 Prox64 with CIS in Proactive

Outlook is connected > change Firewall to Custom > immediate block and Firewall warning as attached

In my case this is not working. If an application such as imo messenger(in my case) has already established a connection, changing from "Safe Mode" to "Custom Ruleset" mode in firewall does not not terminate the connection. It was not so in some previous versions i checked.
Ploget

All Win 10 x 64 Pro - 2004 (19041.450) / CIS 12.2.2.7036
Comodo Forum Policy
“If you think you are too small to make a difference, try sleeping with a mosquito”

Offline BlueTesta

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 482
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #96 on: January 11, 2018, 07:27:18 AM »
"Outgoing Only" will block any incoming request initiated by other (e,g when a friend try to connect to your svencoop local server, a connection atempt is logged.)
"Outgoing Only" will allow incoming data if the your program have initated the connection (e,g Web browser configured with Outgoing Only rule)

You mean, even blocking incoming connections with stealth port wizard is not sufficient to block those connections?

If you are in a lan and have trusted the local network CIS will allow incoming and outgoing connections. and Cis read the global rules from the top and down.
And the Trusted network rule is place above the Stealth port: Block incoming connections.
So CIS should block any incomming request from all other places exept the local network

Old Help page, but i think it still correct. with a nice picture, (2nd pic)
https://help.comodo.com/topic-72-1-284-3017-Global-Rules.html
« Last Edit: January 11, 2018, 07:39:05 AM by BlueTesta »
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."

Offline ajaychoran

  • Comodo Loves me
  • ****
  • Posts: 104
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #97 on: January 11, 2018, 07:33:48 AM »
Works on mine: Win10 Prox64 with CIS in Proactive

Outlook is connected > change Firewall to Custom > immediate block and Firewall warning as attached

 Thunderbird was blocked as well during testing. But imo desktop app is constantly connected with an ip address until app is closed. May be that has something to do with the observed behaviour. To check further, i used protonvpn free. After connecting to a location, i changed firewall mode to "Custom Ruleset". Proton vpn had no rule created in firewall. But i am able to browse web without interruption even after the firewall mode change.

If you are in a lan and have trusted the local network CIS will allow incoming and outgoing connections. and Cis read the global rules from the top and down.
And the Trusted network rule is place above the Stealth port: Block incoming connections.
So CIS should block any incomming request from all other places exept the local network
Comodo global rules in my system attached. I am not trusting local network as seen here.

Offline Ploget

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1396
  • 'Your best teacher, is your last mistake'
    • CIS Help
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #98 on: January 11, 2018, 07:49:03 AM »
With PureVPN, as soon as I change to Custom, it immediately blocks and gives an svchost.exe warning with the particular IP, plus one for the DNS Server I use. I have a trusted LAN and haven't changed the Global Rules at all. I do have Stealth Ports set

After connecting to a location, i changed firewall mode to "Custom Ruleset". Proton vpn had no rule created in firewall. But i am able to browse web without interruption even after the firewall mode change.
Ploget

All Win 10 x 64 Pro - 2004 (19041.450) / CIS 12.2.2.7036
Comodo Forum Policy
“If you think you are too small to make a difference, try sleeping with a mosquito”

Offline ajaychoran

  • Comodo Loves me
  • ****
  • Posts: 104
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #99 on: January 11, 2018, 08:39:02 AM »
With PureVPN, as soon as I change to Custom, it immediately blocks and gives an svchost.exe warning with the particular IP, plus one for the DNS Server I use. I have a trusted LAN and haven't changed the Global Rules at all. I do have Stealth Ports set

I rechecked after resetting global rules with stealth port wizard, unticked firewall setting to suppress alerts, connected vpn and some time after changed to "Custom Ruleset".After few seconds, connection request for imo desktop app came. I blocked the connection request. But imo status is still online and already established tcp connection is not closed. Vpn not blocked as well. When new version comes, i can check the issue with default proactive security config as well as you told. Hope it was just a setting corruption or installation issue then.

Also in the meantime if any additional info needed please ask.
« Last Edit: January 11, 2018, 09:05:30 AM by ajaychoran »

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4793
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #100 on: January 11, 2018, 10:22:06 AM »
For usability reasons, the firewall will not terminate previously allowed existing connections when you switch firewall modes, unless you use block all mode. When you switch to custom ruleset, you will only get an alert for new attempted connection requests when there is not rule defined for the connection request.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26046
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #101 on: January 11, 2018, 11:41:12 AM »
You mean, even blocking incoming connections with stealth port wizard is not sufficient to block those connections?
Blue Testa describes that incoming traffic that comes in reply to a connection request from your computer will be allowed. That is how a Stateful Inspection Firewall like CIS works and is supposed to work. When there is incoming traffic that is not in answer to request from your computer it should be blocked or you should be asked.

Unsolicited incoming traffic first goes through Global Rules (you will be asked or it will be blocked depending on how you set the Global Rules with the Stealth Ports Wizard) and then through Application Rules. In my case I have a port open for eMule in Global Rules to allow for incoming traffic. The problem I am seeing is with the handling of the Application Rule for eMule. It does not mean Global Rules as set by Stealth Ports Wizard is not working.

Offline ajaychoran

  • Comodo Loves me
  • ****
  • Posts: 104
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #102 on: January 11, 2018, 12:54:08 PM »
Blue Testa describes that incoming traffic that comes in reply to a connection request from your computer will be allowed. That is how a Stateful Inspection Firewall like CIS works and is supposed to work. When there is incoming traffic that is not in answer to request from your computer it should be blocked or you should be asked.

Unsolicited incoming traffic first goes through Global Rules (you will be asked or it will be blocked depending on how you set the Global Rules with the Stealth Ports Wizard) and then through Application Rules. In my case I have a port open for eMule in Global Rules to allow for incoming traffic. The problem I am seeing is with the handling of the Application Rule for eMule. It does not mean Global Rules as set by Stealth Ports Wizard is not working.

 Thanks for the info. So if unknown applications are allowed as outgoing only, they are allowed to establish incoming connections as well?. I mean, is it a risk allowing unknown apps treated as outgoing only? (except of course autosandbox can reduce further damages).
« Last Edit: January 12, 2018, 09:55:47 AM by ajaychoran »

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4793
Re: Comodo Internet Security v10.1.0.6474 Released
« Reply #103 on: January 11, 2018, 01:26:42 PM »
Thanks for the info. So if unknown applications are allowed to establish outbound connections, they are allowed to establish incoming connections as well?. I mean, is it a risk allowing unknown apps to make outbound connections as well? (except of course autosandbox can reduce further damages).
No, if an unknown application is able to receive incoming connections by listening on a given port number, you first need to have a global rule that will allow the connection attempt through, then you would be asked if the application is allowed to receive the connection unless a rule for the application is set to deal with the request.

Return traffic from an outgoing connection does not mean an incoming connection. The connection direction is based on which direction it originates from, your system to a remote host = outgoing connection, a remote host wants to start a connection to your host is a incoming connection request.

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5717
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek