- What you did: Added FW Application Rule for all executables. Block Outgoing IP, Source Address Any, Destination Address vkontakte.ru, IP Any
- What actually happened or you actually saw:Lost connections to some sites, other than vkontakte.ru
- What you expected to happen or see:I Expected block ONLY vkontakte.ru
- How you tried to fix it & what happened:—
- If its an application compatibility problem have you tried the application fixes here?:—
- Details & exact version of any application (execpt CIS) involved with download link:—
- Whether you can make the problem happen again, and if so exact steps to make it happen:[b] Yes, problem can be repeated.
- Create FW Rule. Block&log Outgoing IP, Source ANY, Destination vkontakte.ru, IP Any.
- Open any browser and try to go to https://forum.comodo.com
- as result - refused connection and record in FW Log
- Any other information (eg your guess regarding the cause, with reasons):[b] This behaviour is still from 3.x version of Firewall. When we record “hostname”, actual Rule in Registry become Rule with IP, discovered at creation of Rule time.
vkontakte.ru has several IP
“Lowest” IP become AddrStart REG_SZ in Rule in Registry. (188.8.131.52)
“Highest” IP become AddrEnd REG_SZ in Rule in Registry (184.108.40.206)
So we will block ANY IP from 220.127.116.11 to 18.104.22.168
forum.comodo.com has IP 22.214.171.124 , so it will be also blocked. No matter that it has no relations with vkontakte.ru
Files appended. (Please zip unless screenshots).
- Screenshots illustrating the bug:
- Screenshots of related CIS event logs and the Defense+ Active Processes List:
- A CIS config report or file.
- Crash or freeze dump file:
- CIS version, AV database version & configuration used: CIS version 3.0.x-5.3.181415.1237, Any configuration
- a) Have you updated (without uninstall) from CIS 3 or 4: No
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
- a) Have you imported a config from a previous version of CIS: No
b) if so, have U tried a standard config (without losing settings - if not please do)?:
- Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):—
- Defense+, Sandbox, Firewall & AV security levels: D+=Any , Sandbox=Any , Firewall =Any, except Disabled , AV = Any
- OS version, service pack, number of bits, UAC setting, & account type:
[b] Seen on:
- Windows 7, with and w/o SP1, x32 & x64, UAC enabled, Administrator
- Windows Prof, SP2 and SP3, x32 & x64, Administrator
- Other security and utility software installed:No
- Virtual machine used (Please do NOT use Virtual box):No