Can WOS handle any routed traffic without any Global Rules? [RESOLVED]

WOS=Windows Operating System (just in case)

Link to post

I don’t know whether these examples are related to applicationless traffic, but i guess so:
replies to traceroute (icmp time exceeded in), icmp “fragmentation needed” from router to network card, icmp “net unreachable” or “port unreachable” from/to router/network card, icmp echo request in (ping) etc.

All above mentioned traffic (applicationless?) can be allowed/blocked by WOS’ ruleset (personally checked everything mentioned except echo request in, but i guess it can be blocked by WOS, too… maybe someone else has already checked if WOS can block it?)

So the question is:
Can appropriate ruleset for WOS handle any routed traffic without the need of any global rules?

Thanks.

WOS rules work for me. Haven’t found any exceptions, don’t have any global rules.

[attachment deleted by admin]

Thanks for sharing observations. WOS rules work for me, too and i have no global rules, too.

[attachment deleted by admin]

And I think that “applicationless” still means things go to WOS for rules-at least that was the explanation from development for using “System Idle Process” in earlier versions before the term was switched to WOS ( which doesn’t agree with Microsoft and adds more confusion, since there are other components to the real WOS called out too, like “system”). When things get blocked or allowed and say it is WOS, time to make a rule. :wink:

Thanks! I didn’t know about this explanation from development.

More confusion: I only use the default Global Rule when I picked the per-basis Stealth Ports Wizard option (for p2p) of Blocking Echo Requests, yet I have nothing in Application Rules for WOS and everything works ??? I also notice there are no more blocked ICMP traffic in the log like destination unreachables.

It looks like you can use the WOS and Global rules interchangeably for most purposes, although the rules might not be identical. And sometimes it may be convenient to use one vs the other, but I haven’t found a use for the Global rules yet in my setup. I put a block and log at the end of my application rules instead of at the end of my (nonexistant) global rules. Users just shouldn’t assume they need Global rules at all.

Unlike the first couple of times I installed CFP 3 (the first 2 releases), the 3.0.14.276 I’m using now is strange without the need for any rules on WOS.

[attachment deleted by admin]

Firewall can work without rules for WOS, but in your example only incoming ping will be blocked, but other inbound/outbound traffic related to WOS (applicationless) will pass through without prompting alerts even in custom policy mode.
At least how it works on my system.
I guess if you dont have rules on WOS, you need appropriate global rules to block applicationless traffic.

Thanks. That’s what I suspected, but haven’t found any info on this. There are so many different possibilities with CF rules now that can lead to the same security level (or at least it looks like it). I can’t wait until Comodo updates their documentation, wiki, templates, etc.

Hi guys,

Indeed, yes. It can replace global rules effectively. there are several similar possibilities while creating the rules. even for D+. I hope the wiki project for CFP will be able to expose all these in the future

Egemen

Hi egemen,

Thank you very much for confirmation.
Since we received it from you, the issue is resolved. (:HUG)

No problems. just use your imagination. For example, using an application entry as “*” as the last application rule would do the same. It is worth a try :slight_smile:

Egemen