Application blocking doesn't work correctly

There is a problem with Application->Destination IP->Host Name Blocking. Here is an example:

  1. I have created a rule to allow Windows Media Player to access the internet.

  2. In order to stop Media Player from ‘phoning home’ every time it plays a file I have created a rule to block TCP/UDP In/Out Any Port to the Host Name ‘go.microsoft.com’. The rule is created and it shows that it will be blocking NAME: [go.microsoft.com] - 207.46.250.101 - 207.46.250.101.

So far everything is normal. The block rule shows up in front of the allow rule and it works. Except when it doesn’t. The reason for it failing is that the domain ‘go.microsoft.com’ has multiple IP addresses assigned.

If my DNS provides one of the other IP addresses when Media Player asks for it then the block rule is useless. I know I can create multiple block rules with separate IP addresses, but shouldn’t it just block the domain no matter what the IP address?

Also it’s annoying that you can’t set the rule preferences with Applications like you can with Network rules. I end up playing with the rules until it just happens to get in the right order. Unless there is some other way?

If I’m doing something wrong then I would appreciate if any body could show me the error of my ways. Otherwise it would be great if CPF could be fixed in this regards because this is one of the main reasons I use a firewall.

JustAnotherUser: welcome to the forum.

You have an interesting thread here. I also block WMP, but apply the block TCP/UDP & In/Out rule (so basically block everything) rule in Application Monitor. I haven’t tried the hostname blocking method, but also would like to know why it’s only set for the one IP address (mine shows 64.4.52.189-64.4.52.189) instead of the domain that encompass all its IP’s.

BTW, are you sure that go.microsoft.com is the only one that WMP connects out at startup?

Thanks for the reply Soya. I just tried blocking all Internet access for WMP and it doesn’t seem to affect it being able to play embedded windows media files so I guess I’ll just leave it like that for now.

If you have all the options off in WMP which allow it to go to the internet to access licences and media information etc then yeah it would seem ‘go.microsoft.com’ is the only site to worry about. I have run a few packet traces and you can see that it goes to DNS to resolve the IP address for ‘go.microsoft.com’ where it grabs some HTTP info and then goes to other sites like ‘onlinestores.metaservices.microsoft.com’.

If it turns out that the host name blocking option is broken by round robin style DNS entries should I raise a support ticket to see if Comodo can fix it?

I agree that you should open a ticket. Hopefully v3 beta has it fixed.