Active connections not showing all listening ports

Hi, I did search for this and found some references to it, but they were years old so perhaps don’t apply now.

Question: Can someone tell me if it is intended behaviour in CIS firewall 5.15 for the Active connections window to not show all applications that have opened listening ports.

Example: VNC opens a listening port on say 50000. It does not show in Active connections until someone tries to connect from the outside.

I’m new to CIS so excuse me if I’m missing something really obvious.

This may be of interest…

Thanks Radaghast, there’ a LOT that’s of interest there. Have only skimmed it so far. Made a few notes and saved a lot of links. The stuff on specific ports to block and methods will be very handy and so will the comments on rule order.

It does seem I’m not the only one having problems with the active connections screen, but it must work for most people or there’d be scores of posts here now.

I’ll read the rest of the links before I do anything else, but one thing I have noticed which is a clue I expect.

If I deliberately open a listening port on say port 50000 then it will definitely not show in active connections and nor will several others which do show in TCPview.

But if I change the CIS skin it causes CIS to restart and suddenly there are all the missing ports in active connections. I expect logging off/on will do it too as someone suggested on one of those links. CIS is not updating it’s active connections screen for some reason.

Comodo is not a bad firewall despite the bugs so I’ve since installed it on a second PC.

Active connections has the same bug in that it can’t show all connections. It works briefly if you restart Comodo itself. It seems to be completely broken unless it’s simply incompatible with XP or something basic like that.

Of course it’s possible to use any number of third party tools to do the same job, but Comodo should probably disable it so it doesn’t mislead people.

I used to think Active Connections just showed information about the connections the firewall knew about, which is bad enough, but I’m really not sure where it draws it’s information from any more. Looking at the image below, you’ll see my RSS reader in the process of updating it’s feeds (Active Connections), in Process hacker, but it’s nowhere to be seen in CIS…

[attachment deleted by admin]