Bypassing Comodo Firewall

gjf · December 17, 2012, 9:16pm

It is extremely interesting why it doesn’t work in my case as well as in case of number of other users…

kaznovac · December 17, 2012, 11:11pm

this is not acrobat specific issue [use sumatra pdf]

problem is easy to identify:

block all traffic, windows update or ping should fail
firewall → view active connections shows no open connections [try netstat]

Citizen_K · December 17, 2012, 11:22pm

Does the same thing happen with other programs as well? Try updaters of well known programs as a test case.

As always make sure that no left overs of previously installed security programs are around by running clean up tools for those products.

Next step would be see what programs that interfere/handle networking are installed. They could be possible causes of leaking.

I am not sure what you mean here. Does it also happen with other programs?

Dumper1 · December 17, 2012, 11:32pm

Super Antispyware still updates its definitions after being blocked.

Citizen_K · December 17, 2012, 11:39pm

Did you block by blocking the individual application or by giving a generic block by using the “Stop all traffic” link in the main screen?

If you blocked the individual application did you block it by adding it to Blocked Files or by giving the Blockec Application policy in Application Rules. In case of the latter make sure that the rule for SAS is above the “All Applications” rule in case the “All Applications” rule is present.

Dumper1 · December 17, 2012, 11:50pm

I just selected ‘block this request’ on the pop up that appears.

Citizen_K · December 18, 2012, 12:02am

That may be a different scenario than what is discussed here. The scenario discussed is where CIS was set to Stop all traffic.

Edit. I checked my Windows SP SP3 in VM Ware with CIS v5.12 and it blocked traffic when I set it to “Stop all traffic”. I tried by running various updaters of programs including the CIS AV updater. They all failed.

At gjf I have one question that I want immediately answered. Is the Adobe program the only program where this happens?

gjf · December 18, 2012, 12:29am

Yes, Adobe was the only. ■■■■, I just checked - NO! Firefox works well, TheBat! mail client fails, Windows updater works well, ping/tracert fails - looks like the problem is not only Adobe-specific!

Dumper1 · December 18, 2012, 12:31am

With ‘stop all traffic’ selected it did block the update. I would like to know why it still updated before though, I’m concerned other programs might not be blocked that I don’t know about.

gjf · December 18, 2012, 12:32am

Actually my previous post was performed with “stop all traffic”.

Citizen_K · December 18, 2012, 1:16am

That is a scattered imagery right there.

Please start your own topic about this problem. That way this topic stays on track and your problem will get the attention it needs.

At both: I have some homework.

Make sure that left overs of previously installed security programs are no longer around by removing possible left overs with cleanup tools of those programs. Leftovers can cause all sort of strange results A list of such tools can be found here: ESET Knowledgebase . See it that make a difference or not.

Next step is to see if the installation of CIS is not corrupted:

Run Diagnostics and see if that finds problem and if so they can be fixed
Import a default configuration and activate it then see if that changes the behaviour. The default configurations can be found in the CIS installation folder as .cfgx files. When importing give it an appropriate name like CIS My Proactive Security New
Do a clean installation of CIS. You can export your old configuration before uninstalling but don’t import it yet. Does the clean installation make the problem go away or not?

After having done all of the above when needed please report back.

Dumper1 · December 19, 2012, 12:48am

I ran a diagnostic and it reported no problems. The only security software on this computer when I bought it (Feb 2011) was Mcafee which I immediately uninstalled and then used the cleanup tool. I freshly installed this version of Comodo a few weeks ago so it should be running fine.

One thing I just tried was disabling Avast’s web shield and Comodo correctly fails to updated SAS after blocking it like I did before. So it would seem there is still a problem with Avast’s web shield.

gjf · December 19, 2012, 6:16am

Diagnostic reports no problem. The only security tool installed is Microsoft Security Essentials (and I believe it is not a source of problem).

radek178 · December 19, 2012, 11:04am

I have the same problem on Windows 7 64b, KAV 2013 and Comodo firewall 5.12…2599. Older version Comodo (probably 5.10.xx) worked correctly.

Citizen_K · December 19, 2012, 4:13pm

Is your Windows installation a complete or reduced installation (did you use vLite or similar tools to make Windows smaller)?

Can you run system file checker to see if your Windows installation intact? Run the following command from the command prompt:
sfc /scannow