14.276 Loopback Requests

If loopback requests is enable firewall alert only loopback connection but does not alert internet connection and applications connect autom. to internet if loopback connection is allowed.

Is this a bug?

In my opinion firewall has to alerts both.

mephisto

I get alerts to both with Opera and Avast!. What program and proxy are you talking about? But if I have already allowed Ashwebsv, it doesn’t ask about ashwebsv again when I run Firefox, only firefox loopback.

The right to access the Loopback connection is controlled in the Defense+ module on a per-application basis. If you Allow a loopback connection for a program, Defense+ learns that it is OK for that program to access it and it is allowed thereafter. If you want to control connections to the Loopback, then you would have to change the entry under Access Rights for that program to Ask (Loopback Networking). To view the entry, click Defense+>Advanced>Computer Security Policy>(locate and select the program you want to modify)>Edit>(ensure that “Use a Custom Policy” is selected)>Access Rights. On the Access Rights dialog, look for Loopback Networking.

14.276 seems to ignore the “Loopback Networking” setting. It does in my case:

https://forums.comodo.com/bug_reports/loopback_networking_in_3014276-t17108.0.html

Hi sded!

Thanks for your quick reply.

My computer is connected direct to the internet not through a proxy.
When I call up comodo website with MS internet explorer 7 I have to get two firewall alerts:

  • first alert for connection to 127.0.0.1 (loopback zone)
  • second alert for connection to 85.91.228.xxx (Comodo)
    independed wheater loopback zone allowed or blocked. But I get the first alert only and if I allow application connect to comodo wthout the second alert.
    The same is happen with every applications who try to connect to the internet.

mephisto

Are you running a virus scanner or other security software? Do both of the alers say they are from ie, or different applications? does the first one say it is from 0.0.0.0 or from your LAN IP?

McAfee VirusScan Enterprise 8.5.0i patch 4
Windows Defender
PGP Desktop 9.6.3 (works as proxy for Email Client, listen on 127.0.0.1 port 33333)

Different applications but I get one alerts for remoute ip 127.0.0.1 only (Zone Alarm alert both one for remote ip 127.0.0.1 and one for remote ip 85.91228.xxx).

source ip: 0.0.0.0
source port: different
destination ip: 127.0.0.1
destination port: 33333

I guess cfp 3.0.14.276 is incompatiable with PGP Desktop.

mephisto

Try this: click Firewall>Advanced>Network Security Policy>(Locate and select the entry for PGP Desktop)>click Remove. Start a connection that uses PGP and when you get a pop-up for it, choose "Treat this application as… " and choose Trusted Application from the drop-down. You could write tighter rules, allowing only the ports and protocols that PGP uses, but that would take a bit of work. The broad rule should be safe enough given the PGP’s limited application.

Taken, but without any effect.

Now I believe to known the reason:
Zone Alarm differ between safe zone (eg. loopback zone) and internet zone (eg. 85.91.228 or others) and therefore I get two alerts (one for safe zone and one for internet zone).
CFP does not differ.

Solution:
In place of My Network Zones Internet Zone for modem/router ip.
In place of My Blocked Zones Safe Zone for loopback zone and networkcard ip given by dhcp.
Pop-up allow/block for each zone.

I like cfp (Defense+) but Zone Alarm firewall unit is much safer than cfp firewall unit and that is why I think about to go back to Zone Alarm.

mephisto