Hi, i just installed Comodo a week ago, i have version 3.13.126709.581 and i’m using just the firewall.
My network is made of a main PC connected to a cable modem with ICS turned on. The connection is shared through a wi-fi card and a wi-fi router
modem—mainPC—wi-fi card - - - - wi-fi router - - - - laptopPC
i set up the firewall on the mainPC and everything works fine while i have the checkbox Enable alert for TCP request checked.
As soon as i remove the check from that checkbox everything behind mainPC dies.
No connection from explorer using \192.168.0.x\ UNC name, no nslookup of any site from command prompt (it timeout trying to connect to DNS server 156.154.etc.etc), nothing.
As soon as i check again the TCP and UDP boxes everything comes back to life.
During all this the MainPC continues to work perfectly either if behavior boxes are checked or unchecked.
I just read the howto for bugreports
System is Windows Vista Ultimate SP1 32bit
UAC is disabled
I’m running NOD32 antivirus
The firewall is set to Custom Policy Mode and Very Low alert frequency level
why did you move this thread from bugreport to here?
The firewall is not behaving accordingly to what is reported on the help file. That’s a bug.
no help here?
I still say this is a bug and not a misconfiguration but…
You could run into trouble with disabling the TCP alerts if there would be alerts. Can you take a look at the Firewall logs after disabling TCP alerts and post a screenshot of them?
i know that i will not have notification for any new application or appication requesting a different rule. But that is exactly what i want. Except what i enabled as in and out nothing else should come in and nothing else should go out from an application point of view.
I tryed just now. The log is not showing anything apart the usual internet IP coming from outside that it blocks. No 192.168.0.x IPs (whose range is in the global rules as a trusted network when the firewall automatically detected the LAN) are shown in the Event Log.
Right now from the lan pc and laptop nothing is working. I added a global rule allowing any source ip to go to any destination ip from any source port to destination port 53 (DNS) and still my internal network cannot resolve any domain name (it says server timeout if you try nslookup command from prompt). As soon as i re-enable the notifications everything works as it is supposed to.
Thats a nonsense.
Try adding the that rule you made for port 53 to svchost.exe and when that is not working also to System.
Another solution to not getting an alert for programs without policy is let Parental Control suppress all alerts. That will also block in silence for you.
I think parental control is a feasible solution then for what i need. Anyway i think comodo software team should be made aware of the problem.
Enabling svchost and system is not my solution because i’m not resolving names on the MainPC but i used the “use the following dns servers” option in the IPv4 configurations setting comodo secure dns IPs for all pcs on the network.
Just to be sure i did a test by resolving ip on MainPC then trying from one of the pc behind the network to open http://ipaddres instead of name and still nothing.
I am not familiar with using ICS. For a better understanding can you post a screenshot of the Firewall logs of the situation where you disabled the TCP alert and try to connect to the web with one of the other computers.?
How did set up your security on the other computers? What Global Rules are you using? What rules for system and svchost?