ASK still not working correctly with Alert Settings set High (v x32)

I now get ASK alerts with an overlapping block rule when cfpupdate runs, but the log does not reflect my responses. All my answers were allow without remember being ticked. The log shows the allowed requests as being blocked.


[attachment deleted by admin]

I still have the same problem. I put ask in the middle of a set of rules (changed allow passive ftp to ask) and CFP just ignored it and allowed the rule. Just ahead of the “block all” it asked, but nothing ever appeared in firewall events. May be the best we’ll get. As long as I uncheck the “remember” Maybe I can use it for that case. OOOPS: WRONG. When I put the ask pasv ftp just ahead of the block all, I do get an ask, and when I select “allow” a directory listing. But then a message that the transfer channel can no longer be opened when I try to access a subdirectory to get to the files. Nothing in the log; setting it back to “allow” makes ftp work again. OK Comodo; I give up on ASK and think removing it as a feature would be a good idea. :-TD :-TD :-TD

Hi sled, I did the same for both ftp rules in browser.
Sorry if I didn’t understood you correctly, but if I did, (I don’t know about Vista, but in) my XP32, alg.exe is launched by the browser to perform the FTP. Have you checked alg.exe permissions?
I’ve tested “ask” only with the e-mail client, and ask works and logs even if the last rule is “block”.

Have to admit that adric logs are a little strange.

Regards, Gabi

I was using Filezilla, an FTP client, with FTP client permissions. When I tried it in the middle of the Web Browser rules, with Opera, I just got an allow with no popup. When told to remember the answer, it made a bunch of new rules that I had to get rid of, since they were too specific to the current ftp address. More trouble than it’s worth. Alg.exe is an internet gateway process, and should just send you to the Windows process ftp.exe unless your browser contains an ftp add-on like Firefox. Did any of that show up? Ask provides more problems and uncertainties than solutions for me in Vista. I can continue to do without it and not recommend it. Glad it works for some-just not Adric and me and a few others who posted on the last go-around. :wink:

Don’t know about Filezilla and ftp process, sorry; anyway – you’re right - I was trying it with Firefox;
Now I’ve removed alg from my “Windows system apps” that are blocked by me to perform any DNS or loopback, and I accessed an ftp site with Opera.
“Ask” works both ways: blocks and logs, or allows and creates very nice rules for alg (alert setting is “very high”)
Sorry I couldn’t be of more help.

EDIT: CPF - custom; D+ train safe

I have a P4 HT, My system internet browser is Firefox, OS: XP sp2 32bit
AV: None
Security Apps: Comodo Firewall Pro 3.0.17, Comodo Memory Guardian

I downloaded Filezilla 3.0.7 from
I installed it and set it to use only Passive FTP connections (pic attached).
I left CFP alert setting to the defaults (pic attached).
I assigned a ftp client policy to filezilla and changed Allow Outgoing FTP-PASV Requests to Ask and Log Outgoing FTP-PASV Requests (pic attached)

If I mark an alert to be remembered the rule is generated with a detail level as per CFP alert settings.
Alert dialogs are logged too as “asked” sometimes I get two entries in the log but only one alert is shown (I guess the other one is in an internal CFP queue)
The user choice to that alert is logged too with all the details filled in the alert dialogs. Anyway the result of that action is bound to CFP alert setting (which isn’t logged)

If I disable logging for Ask Outgoing FTP-PASV Requests (pic not attached) only blocked choices are logged.
Allow and ASK actions will be not regardless if they were marked for remember or not.

All generated rules are placed on top of existing rules in Filezilla policy.

Using this as baseline information please tell me what point you consider a bug or not.


[attachment deleted by admin]

I am still using filezilla 2.2.31, because filezilla 3 doesn’t accept command line inputs yet; but sure looks like a bug to me. Try going to a subdirectory with files in it. I answered allow to both popups that occurred, and they were both blocked. filezr are the rules I used for filezilla. filez is what happened when I tried to go to the subdirectory to actually download files. Note that there was one popup allowed to get the directory listing, which worked, then 2 more to try to get to the subdirectory, which failed. All were definitely “allow”’ -checked again for human error. :wink: fzlog is the log of the activity, showing that the asks had turned into blocks in spite of selecting allow for the popup. That was why I was intially encouraged, that I could get to the directory listing. But then going to the subdirectory got asks that were blocked, in spite of the “allow” inputs. There is no problem getting to the subdirectories with an allow instead of ask, BTW. :frowning:

Things were even stranger with the same rules using Opera. I went to Pegasus Mail downloads, Eastern USA since they have a fine selection of ftp downloads. I downloaded one of the files, allowed a popup, and everything downloaded fine. Tried to download another, and this time the allows were turned into blocks again. Log confirms it, although I tried several files. Went to another site to make sure it wasn’t a PMail site problem, same behavior. So I was able to download one file via ftp, then no more. No changes shown to Opera policy, log shows asks and a block, instead of asks and an allow, independent of my input.

[attachment deleted by admin]

Ok… to keep this thread short I’m going to ask what cfp alert level each poster did set.

I guess that single omitted info is relevant to address this topic properly.

Maybe the title should be altered to better reflect this issue.

I am custom policy/high alert level.

[attachment deleted by admin]

Same here. Firewall’s alert frequency level set to high. I also observed that the ASK rule doesn’t work for ICMP protocol. Currently it doesn’t work for IP protocol either because all TCP connection requests are blocked.

[attachment deleted by admin]

Does this happens regardless cfp alert level settings?

I believe the problem is not wrong with the ASK… thats something related with the Except check box on the Destination Port… So, Plz Edit the Ask rule like this

  1. Ask and Log TCP Out from ip any to Ip Any Where Source Port is any And Destination Port is In Non-Privileged Ports(1024-65535)

Then create a port set under
Firewall->Common tasks->My Port Sets->Add->new Port sets->Non-privileged port
->Add->new Port->Port range->1024-65535

OK. Looks like the finer one gets with the Alert Settings, the worst it gets for ASK.
ASK has problems with High and Medium, but works ok with Low

I am guessing since Low allows either protocol, there is less for ASK to check and that does not become problematic.

I also noticed that the log will show multiple entries for ASK even though there was only one Alert. I.e. For the low setting I get one alert for DNS and the log will show multiple ASK entries. I would expect one entry for ASK and one or more entries for the answer depending on how fine the alert settings are.


[attachment deleted by admin]

Windows XP professional XP SP2
Comodo Firewall Pro

I had problems with the Ask rule in utorrent. It didn’t Ask.

Now, with the last update (by the way, its says Ask rule bug is fixed… NOT), Ask rule does ask, BUT if you say ALLOW without remembering, the next match (Ask rule) wont ask anymore, it will just Allow WITHOUT asking.

When the program (utorrent) is closed and opened again it will Ask but always ONLY ONCE.

I hope I was clear.


After further investigating this issue I came to conclude that it affects only higher alert levels( Medium, High and Very high). It doesn’t appear if one chose Low or Very Low alert level in which a user is asked only once per application’s session. At higher alert levels user is asked for each protocol, each port and each IP so there is much more popups to answer. And here seem to be the problem. If you answer for the first popup, no matter what protocol it will be, the next ones will be ignored and automatically blocked.

I have to take back my statement from yesterday, concerning ftp from the web browser; I had some other work to do so I haven’t tested properly.
If you choose allow, but you don’t check “remember my answer”, “ask” rule doesn’t work properly.

Yes I got that too but I guess that alert get queued so V3 simply log the alerts in the queue.
The current behaiour is to log alerts as they are not the ones the user answered to.

I guess this behaviour should be addressed in a new topic.

BTW how many can confirm that only one ask rule can be used in a ruleset? What effects alert level setting has on this behaviour?

I went ahead and did an experiment using the forum website. I went to the default web browser rules and changed both the loopback and the http rules from “allow” to “ask and log”. Then I went back to Opera and refreshed the “show unread messages” and got the results logged in the figure. I answered all the prompts with “allow and don’t remember” in high alert. I am using avast!, so there are some accesses also to ashwebsv.exe for the non https requests-it is also treated as a Web Browser, Note that in spite of all of the blocks, I did eventually get the refresh, even with no allow ever being logged after the first pair. So the first two asks were never logged, but were allowed, and the rest were logged and turned into blocks. And the final allow was never logged. Indicative of what besides a badly broken “ask” I’m not sure. :slight_smile:
That was so much fun that I reset the alert level to low and got the second figure. Here I got asks for ashwebsv, and AFTERWARD allows for Opera-which can’t access the internet via port 80 except through avast!. So again, both ask and logging seem to be a bug in this case. Same result if you close your eyes and don’t look at the log-I got the refresh. But I certainly don’t recommend using “ask” for anything until more repairs are made. And it is about time to define what the functionality of “ask” SHOULD BE. :frowning:

[attachment deleted by admin]

I guess the Log part of ask should be addressed in another topic.
If anyone is willing to open such topic please define a test case, few steps to take in order to reproduce the behaviour. A description of the behaviour and finally a description of the desired behaviour. This will make such a topic easy to undertand and the behaviours easy to reproduce.

I got a ruleset with two ask rules to work correctly with low alert level.

Test case:

Web browser policy with DNS and HTTP connections set to ask.
Windows DNS client service stopped.

Ask work as intended. I get alerts for connections on DNS and http.

EDIT: Too bad. I messed up I took this test again and Found out that only one alert is shown.