A Firewall Rule Stopped Working (for Steam)

I was recently editing a firewall rule for steamwebhelper.exe when the rule stopped working and began acting like a blocked application. I first double checked all the rules, including global, but didn’t see any reason for steamwebhelper being blocked and logged. I next edited those same rules to Ask and Log instead of Allow, but yet, it’s still being blocked. This is on a system using CIS 12.0.0.6882.

I next exported the rules and then imported them onto an older computer using CIS 10.0.1.6294. It too exhibited the same behavior, steamwebhelper being blocked when it shouldn’t.

Prior to editing the rule I noticed quirks with Steam not working. For instance, images not loading up on pages and yet nothing in the logs about steam being blocked. This is what led me to look at the ruleset for steamwebhelper and the subsequent issues.

After catching Steam randomly connecting to ip addresses in China, I’ve been implementing a more stringent ruleset for it.

your settings is configure for ask ip in/out;
you can configure this manual, allow only outgoing… here: Firewall Rule Sets, Firewall Protection, Network Connection | Comodo Internet Security

or here: Firewall Rule Sets, Firewall Protection, Network Connection | Comodo Internet Security

sorry my english!

Did you recently make any changes to your system? Think anything that installs a driver.

Can you check if steamwebhelper.exe is a trusted application? May be it got updated and is no longer trusted. Do HIPS and Containment logs shine a light?

I’m fairly certain there wasn’t any major Hips prompts and it’s been about a month since I’ve updated drivers. I mostly run Steam in offline mode, but because it still communicates to the internet I routinely drag my block ip in/out rule to the top, and back down again when I want to go online.

The only thing I noticed was images not loading up on Steam and I figured I needed to make a rule for another cdn. That’s when I saw the Firewall log blocking an IP that was in one of my allowed ranges. After I clicked “Ok” from the advanced settings the application began to act as if it was being blocked, and has been since.

I’m uploading a trimmed down version of my configuration wack.cfgx file. It only has what is needed to go online, and of course the problematic steamwebhelper.exe rule that is not behaving like it should.

@liosant
I set every rule that had previously been Allowed, to Ask to see if there was something in one of the IP ranges that I might’ve messed up and was actually causing the program to be blocked. It wasn’t. I was never prompted about steamwebhelper connecting at all, the log says it’s being blocked when I should’ve been getting spammed with rule prompts.
Can I treat it as outgoing only? Yes, but like I said, I discovered Steam contacting some ips in China. If I want to tediously make firewall rules for everything I will, that’s within the scope of CIS and what it’s designed for.

There are several ways to tackle this.

Here is one way:

  1. Add a FW rule “Allow IP In/Out” for “All Applications” and move it to the top of the FW Application Rules list and click OK to close all CIS windows.
  2. Check if steamwebhelper.exe works again, if not then double or triple check your FW Global Rules.
  3. If steamwebhelper.exe does work then move the added rule of step 1 one row down in the FW Application Rules list (again click OK to close all windows).
  4. Check if steamwebhelper.exe still works, if it does then keep moving the added rule of step 1 one row down until steamwebhelper.exe stops working.
  5. When steamwebhelper.exe stops working then check the rule(s) listed directly above the added rule of step 1, those rule(s) are the culprit which block steamwebhelper.exe.

It is just an idea…

  1. your firewall be with the setting custom, try use setting only outgoing in files to steam! (is safe)… Firewall Rule Sets, Firewall Protection, Network Connection | Comodo Internet Security

  2. active containment, prevent infection in your as trojancrypt ou ransomware…

  3. comodo internet security protect the keyboad to your Pc againt spywares…

sorry my english!

@ CISfan & liosant

I can get steamwebhelper to work properly by having a firewall rule that treats it as “Outgoing” only. If fact, that’s the active rule for it at the moment. I renamed my broken rule, adding broken to the end of it, for example \cef.win7x64\steamwebhelper.exeBROKEN. When I want to work on the broken rule again I delete BROKEN and add OUTGOING to the end of the Outgoing rule.

Sorry, I didn’t make it clear before. There’s nothing wrong with steamwebhelper working within CIS, there’s something wrong with my firewall rule where I have detailed IP range rules for Akamai, Cloudflare, and Google. They are primarily what steamwebhelper.exe communicates to.

Now if you go back to my images you can see I have a rule for an IP range that should be allowed, Akamai 104.64.0.0-104.127.255.255 Port 443 TCP. Yet in my firewall log in the upper left, Comodo is blocking it and I can’t figure out why. I next edited every rule to “ASK” to see if I can get CIS to prompt me about those connections, it didn’t, it is still mysteriously being blocked as shown in the log in the Cmdo6.png image.

I uploaded a barebones CIS configuration containing that rule for others to test as well.

I get it.

When you work on the broken rule, what happens if you add a FW rule “Allow IP In/OUT for Source/Dest Address Any, Source/Dest Port Any” at the top of the existing FW rules for the broken \cef.win7x64\steamwebhelper.exe application rule?
Does the broken rule work now (not to be considered as a fix)?

If the broken rule works then you could move the added rule one row at a time down in the list and see when it stops working.

If you have steam set to start at windows startup and it loads before the UI of the firewall, then the firewall will automatically block all connection requests until the UI is fully loaded.

Actually if there are many alerts being generated and they sit in the queue, they may not get answered in time which causes the default action of block, even if you later choose allow.

Sorry my intromission…
When configure applications with ips restrict, you can not play your game favorite…
try use rulesets “outgoing only” : https://help.comodo.com/topic-72-1-766-9175-Firewall-Rule-Sets.html#predef_fw_ruleset
is safe…
try settings: Comodo Internet Security 12 - YouTube

sorry my english.