I was going to give up on Comodo and go back to ZASS. But, I thought that this was defeatist, so I decided to uninstall Comodo and reinstall as one last attempt.
After installation I was going through the various settings changes and I noticed that the WOS alerts appeared after I removed the tick from “This computer is an internet connection gateway (ie an ICS Server)” under Firewall → Advanced → Firewall Behaviour Settings → Alert Settings. If I put the tick back in (and restarted my PC – I had to restart the PC for the change to be effective) then I no longer got the WOS alerts and I could access the internet with no problems. I have checked this several times and it is definitely the cause of the WOS alerts.
The conundrum is that my PC is definitely not an ICS Server. My PC (PC1) is connected (via a wired connection) to the internet through a Linsys router to the Virgin modem. The second PC (PC2) on my home network is connected (via a wireless connection) to the Linksys router. There is also a printer on the home network; the printer is connected (via a wired connection) to the Linksys router. The printer is also directly connected to my PC (PC1) via a USB connection.
In the Comodo settings for my second PC (PC2) I removed the tick from “This computer is an internet connection gateway (ie an ICS Server)” under Firewall → Advanced → Firewall Behaviour Settings → Alert Settings. PC2 accesses the internet without any problems. I have never had the WOS alert on PC2.
When the PC was restarted with the tick removed a new network was detected: 169.254.160.75/255.255.0.0?? I think that this is another symptom of the same problem.
I have uploaded the contents of the Firewall Events that occurred when I was getting the WOS alerts (after I removed the tick as above). There are 4 images so you can see all the alerts – but there is a lot of repetition (I thought that links would be easier than images as images might make the post more difficult to read).
Hence my queries are:
- Why is this happening – it clearly isn’t the intended behaviour of Comodo??
- Are there any downsides/risks in leaving the tick in “This computer is an internet connection gateway (ie an ICS Server)” even though my PC is not an ICS Server??
Could I add one other query:
When PC was first restarted after Comodo install, Comodo detected private network 192.168.1.100/255.255.255.0 – I named the network and left NO ticks in both “I would like to be fully accessible to other PC’s in this network” and “Do not automatically detect new networks” (ie both boxes were unticked).
For PC1 I went to Firewall → Common Tasks → Stealth Ports Wizard and selected “Block all incoming connections and make my ports stealth for everyone. I got the message “Your firewall has been configured accordingly”. The Global Rules under Network Security Policy are as below.
However from PC2 I can see PC1 and access shared files on PC1. I cannot understand how this is possible. Surely the Global Rule “Block IP In from IP Any to IP Any Where Protocol is Any” on PC1 should block the incoming connection from PC2.
With the selection under Stealth Ports Wizard PC2 should clearly not be able to access files on PC1 and I thought that stealth meant that PC2 would not even be able to see PC1 (ie PC1 would not show on the Network as viewed from PC2)??
Under view Firewall Events there is no event to show the connection of PC2 to PC1 – would you expect to see one??
Can you explain to me why this is happening?? And explain how to resolve this issue.
Is it possible that PC2 is connecting in to PC1 via one of the two Global Rules (i) Allow ICMP in when ICMP message is FRAGMENTATION NEEDED; or (ii) Allow ICMP in when ICMP message is TIME EXCEEDED?? Sounds very unlikely to me. But if not why is Comodo not blocking the incoming communication from PC2 due to the application of Global Rule = “Block IP In From IP Any To IP Any When IP Protocol Is Any”??
Overall Comodo looks good but it is very disconcerting when Comodo does not behave as it clearly should!!
Many thanks for all your help.