i set up the firewall on the mainPC and everything works fine while i have the checkbox Enable alert for TCP request checked.
As soon as i remove the check from that checkbox everything behind mainPC dies.
No connection from explorer using \192.168.0.x\ UNC name, no nslookup of any site from command prompt (it timeout trying to connect to DNS server 156.154.etc.etc), nothing.
As soon as i check again the TCP and UDP boxes everything comes back to life.
During all this the MainPC continues to work perfectly either if behavior boxes are checked or unchecked.
I just read the howto for bugreports
System is Windows Vista Ultimate SP1 32bit
I’m administrator
UAC is disabled
I’m running NOD32 antivirus
The firewall is set to Custom Policy Mode and Very Low alert frequency level
You could run into trouble with disabling the TCP alerts if there would be alerts. Can you take a look at the Firewall logs after disabling TCP alerts and post a screenshot of them?
i know that i will not have notification for any new application or appication requesting a different rule. But that is exactly what i want. Except what i enabled as in and out nothing else should come in and nothing else should go out from an application point of view.
I tryed just now. The log is not showing anything apart the usual internet IP coming from outside that it blocks. No 192.168.0.x IPs (whose range is in the global rules as a trusted network when the firewall automatically detected the LAN) are shown in the Event Log.
Right now from the lan pc and laptop nothing is working. I added a global rule allowing any source ip to go to any destination ip from any source port to destination port 53 (DNS) and still my internal network cannot resolve any domain name (it says server timeout if you try nslookup command from prompt). As soon as i re-enable the notifications everything works as it is supposed to.
Try adding the that rule you made for port 53 to svchost.exe and when that is not working also to System.
Another solution to not getting an alert for programs without policy is let Parental Control suppress all alerts. That will also block in silence for you.
I think parental control is a feasible solution then for what i need. Anyway i think comodo software team should be made aware of the problem.
Enabling svchost and system is not my solution because i’m not resolving names on the MainPC but i used the “use the following dns servers” option in the IPv4 configurations setting comodo secure dns IPs for all pcs on the network.
Just to be sure i did a test by resolving ip on MainPC then trying from one of the pc behind the network to open http://ipaddres instead of name and still nothing.
I am not familiar with using ICS. For a better understanding can you post a screenshot of the Firewall logs of the situation where you disabled the TCP alert and try to connect to the web with one of the other computers.?
How did set up your security on the other computers? What Global Rules are you using? What rules for system and svchost?