When an ASK rule set to log is fired, the logging is inconsistent and does not reflect the answered Alerts. The logging does not always show the correct action taken or port used and often has more entries in the log than the number of Alerts asked. It may be correct that multiple connections are logged for a single alert, but the action column needs to show the correct actions taken (i.e. Block or Allow) and the destination port needs to show the correct port. Repeated update tests show different results. In one case only 2 DNS connections with the action “Asked” are shown with nothing for port 80. One cannot rely on the validity of the log which complicates problem resolution.
To recreate the symptoms:
-
Change the Comodo Firewall Pro network application rules to a single rule to
Ask and Log All Unmatching Requests -
Set F+ Alert frequency to High
-
Run Check for Updates via Miscellaneous section
-
Run repeated tests and take note of logging details and inconsistencies.
Al
IBM T41 Laptop
Intel(R) Pentium(R) M processor 1700MHz
1GB Memory
Windows XP + SP2 + WUS security Fixes
Symantec Antivirus Corporate Edition 9.0.3.1000
[attachment deleted by admin]