Hi,
I installed cpf recently and am having problems connecting to applications on our windows server on our network. Right now I click “allow all” connect the network program, then once it’s running, I go back to “Custom” security level.
In order to try to solve this I’m trying to create an application control rule. The problem is that the only connection listed in the activity connection monitor is an application called “System”… Comodo doesn’t specify the exact name of the executable or the path to it so I’m having a hard time finding it to create a rule to allow this connection in the future without resorting to “Allow All”.
What/where is this “System” application (full path please)?
Thanks.
If you’re trying to access applications stored on a networked server, you will need Network Monitor rules to allow traffic. Assuming that the LAN IP address of your workstation is 10.0.0.2 and LAN Server is 10.0.0.1 (ie, sequential) You will do this as follows:
Go to SecurityTasks/Add a Zone. Use the two IP addresses as the start/finish ranges for the Zone.
Then go to Security/Tasks/Define a New Trusted Network. Use the Zone you just created. This will add two rules at the top of the Network Monitor to allow traffic between the two. The first rule will Allow IP Out from Any to Zone; the second will Allow IP In from Zone to Any.
This scenario will only work for sequential IPs. If we assume that your server is 10.0.01 and your workstation is 10.0.0.14, you can hand-make those rules as follows:
- Open Network Monitor. Go to Rule ID 0. Right-click and select Add/Add Before. Build the rule like this:
Action: Allow
Protocol: IP
Direction: In
Source IP: 10.0.0.1
Destination IP: 10.0.0.14 (or leave it as Any)
Details: Any
- Repeat Step 1 as above, but create the new rule as follows:
Action: Allow
Protocol: IP
Direction: Out
Source IP: Any (or 10.0.0.14)
Dest IP: 10.0.0.1
Details: Any
In either scenario, these Network Rules will allow unimpeded communication/traffic between the two computers.
These rules assume that you already have Windows File and Print Sharing set up, and that it works without Comodo Firewall being installed (which sounds like is the case with you).
Hope this helps,
LM
Thanks Mac.
That did the trick, and definitely better than having to allow all. But I’m still left with 2 questions.
1- If I were really inclined to have a very tight firewall setup… To allow all traffic between the server and the workstation seems to leave too many doors open. I was thinking more along the lines of just allowing the specific activity generated by the programs running off the network from the server to the workstation… problem is that this traffic is shown only as “System” which doesn’t seem to be a specific application you can setup in your “application monitor”. Isn’t it possible to filter this traffic more tightly than to allow all traffic between server+workstation as a “network monitor” control rule (like you recommended previously)? My worry is that any malicious program on the server will be able to communicate with my own machine.
2- I have read in the forums that creating a single filter for IN/OUT traffic usually doesn’t do what you expect it will do and therefore you recommend create separate rules for IN & OUT. Will it make a difference in this specific case or why do you recommend that I create two separate rules? If there is a difference could you please explain what the difference is (ideally, in relation to this specific example).
Thanks again for your help.
mrgv,
I’m glad that worked. As far as tightening up, yes, I understand. By creating Allow IP In (or Out) rules in Network Monitor, that does allow all traffic back and forth, and it is possible that something bad could come that way. I think it’s not a complete threat, but it’s good to be safe where possible.
Here’s something you should be able to do…
When you’re connected to the server (actively using files/applications located there), open (in CFP’s GUI) Activity/Connections. Check that “system” entry for a few things: Protocol (TCP, UDP, etc), Source and Destination Ports. By using the IPs as reference, you can see your local Port and the server Port. Make sure they dont’ change over time (you may need to watch a while). When you have solid info on that, you can adjust those two network rules. Let’s just say that the port on your workstation was 3139 and on the server it was 1080, and the protocol was TCP.
Go to your Trusted Zone IP Out rule, and double-click to Edit. You will Modify it to be as follows:
Action: Allow
Protocol: TCP
Direction: Out
Source IP: Your computer IP, or Any
Destination IP: Server IP
Source Port: 3139
Destination Port: 1080
Now open your Trusted Zone IP In rule to Edit. Modify it:
Action: Allow
Protcol: TCP
Direction: In
Source IP: Server IP
Destin IP: Your computer IP, or Any
Source Port: 1080
Dest IP: 3139
If you found that the ports change between a few select ones, you can choose (instead of a Single Port) a Set of Ports, and separate the numbers by a “,” without spaces.
That’s about as tight as you can get it, as far as I can see, and still have file and print sharing work. At that, you may still run into problems, due to Windows actually needing more traffic to occur than just this, to establish and maintain the connection. We can, however, attempt to address that by seeing what’s blocked in the logs and adding rules just for that info.
LM