Hi! When I installed Comodo, I ran stealth port wizard and selected “block all incoming connections”. Everything has been went fine about a week, but this morning Comodo started to behave strangely: Comodo asked me for a incoming connection for icmp port or something, although “block all incoming connections” from stealth port wizard is selected. What is going on?? Why Comodo is asking for incoming connections? Has stealth port wizard selection changed by itself? Where can I check, that “block all incoming connections” is selected from stealth port wizard?
This may relate to local Loopback connections which don’t require the internet. If an application is acting to connect to the internet or is asking to “Listen To A Port” then CPF will fire an alert.
Your Global rules are first priority as far as the Firewall bit is concerned. If you put Block and Log at the top of the list the first priority for CPF is to Block and Log All.
I don’t have CPF on my machine here at work so I’ll have to look it up later to find out what the original default rules are.
The original global rule when you install Comodo is “echo ping block”. The same rule you get when you run the stealth port wizard with the P2P option. That is the only global rule I have and need.
What exact message do you get? Rules are checked from top to bottom. You have allowed your computer to send out ICMP packets with your first rule, and responses should be allowed in by SPI but you may still get asked by an application rule.
svchost is part of Windows. That message is normal. Allow it Outgoing only.
But I’m still wondering, why Comodo asks me what to do for incoming connection, although I’m selected “block all incoming connections”, not “alert me when incoming connections” from stealth port wizard.
Block all incoming to me means block any attempts of unknown incoming connections like a hacker. Anything that is on your pc should be considered safe. svchost is a known process on your pc and was most likely trying to go out then in. Hence the pop up. When you select the option to block all incmoning connection\stealth my ports it is my understanding that blocks any attempt to get in such as a hacker or ping probe. I am behind a hardware firewall so that takes care of all my incomings. I actually don’t need a software firewall but I like Comodo cause of the program control and HIPS feature. Comodo can prevent infections also before they get out. I dont have a uTorrent global rule either. I have only 1 global rule for P2P and thats echo ping block.
When you install Comodo thats the default setting. If you run the stealth port wizard and slect the P2P option you will get the global rule I have.
OK. But I have ran stealth port wizard and selected “block all incoming connections”. Is these right global rules for “block all incoming connections” and are they safe?
Depends on what you have allowed utorrent to do. The exceptions in green will pass the inbound to the appropriate application rules, if any. The rest should be blocked.