Can't UnBlock Firewall Event

Ok…newb to Comodo.

After installing on my PC I answered many of the Comodo popups about accesses/etc…all has gone fine.

I’m running AVG for anti-virus and all its updates I’m allowed as Trusted Apps. However, I have one Firewall Event each day that gets blocked and I’ve isolated it down to almost exactly when AVG says it went to the to web. If I run AVG updater manually no issues, and the updater even seems to work on its own (I get the downloads)…just gets this below blocked event in Comodo. Anyway, I’ve seen in other posts to go back to Network Security Policy and unblock and allow a blocked event. However, I don’t see this event blocked there. AVG is fine in the Security Policy section and under C:WINDOWS\explorer.exe there are alot of green events and one red blocked which says to “block and log all unmatched requests”…not sure what that means.

So, how/where can I unblock ? I would think I could right click in the Firewall Events and unblock but no such luck.

Blocked Event
Desitnation IP

That is explorer.exe sending to a broadcast address. You can set explorer.exe to outgoing only. Does that help?

Can you explain more…I’m not sure I understand. I mean I’m pretty PC literate but not sure what you mean explorer is broadcasting ?..why would this be happening ?

Also, where/how to set as you say and is this OK to do ? In Security Policy I have it set as Browser and not sure in editing this how/where to do what you said ?

Thanks !!!

Hi thekochs,

When looking at firewall, don’t confuse windows explorer with iexplorer.

Internet explorer set to Web Browser.
Windows explorer set to Outgoing Only.

The windows explorer connecting has to do with windows search, help and support center etc.
If I correctly recall.

Oh, OK…I changed it to Trusted Application…I’ll see if that makes a difference…the word “Explorer” just makes me think IE.

“the word “Explorer” just makes me think IE”
LOL, you me and more than half the planet when we first run into it. :slight_smile:

I think Outgoing Only would be preferable to Trusted.
But it doesn’t mean it necessarily poses a threat, just personal preference at this point.

I changed to OutGoing…will check over next few days to see if this Event recurs. Thx.

No Problem, Let us know how it goes.


OK…the outgoing attempt to Desitnation IP was not blocked today but on boot up of the PC my (port 49153) to my (port 1044) was blocked. The is my static IP of my DirecTV DVR Settop and the is the DHCP address of the PC. I have Media sharing enable from my PC to DVR Settop so this is valid access.

I have/should I change in Security Policy to “Trusted App” for explorer.exe ?

You can make your local network a trusted zone.

First create a zone in My Network Zones (Firewall → Common Tasks). Choose Add → A New Network Zone → fill in a name like My local network → Apply. Now select My Local Network Zone → Add → A new address → choose An IP Address Mask → fill in and → Apply. Now check and see the new network defined. Exit using Apply.

Now we are going to use the Stealth Ports Wizard to make your local network a trusted network (Firewall → Common Tasks):
Choose “Define a new trusted network and stealth my ports to EVERYONE else” → Next → choose “I would like to trust an existing My Network Zone” → choose your local network zone from the drop down box at the bottom → Finish.

Now check your Global Rules and see your network added

My CIS already had my network in it called “HOME”…this was IDed at CIS install/re-boot…I recall the CIS popup.

I did as you said above for Stealth Port Wizard and in Global Rules:
Global Rules
Allow all Outgoing Requests if Target is in [HOME]
Allow all InComing Requests if Target is in [HOME]
Block ICMP in from IP…blah…blah.

Some Questions…

  1. Guess the first two lines in the Global Rules was the result of the Stealth Wizard ? I still have explorer.exe assigned as Trusted App which allows it both Incoming and Outgoing requests…is that really bad for both ? other words not just Outgoing ?

  2. Since the IP address for my PC is a DHCP address from my Linksys Router, what happens if the changes ? I think unless I change/swap/alter a RJ45 cable on my Linksys Router it would stay the same but not sure.

  3. The local IP address for the Router/Gateway is with subnet mask of I have my DHCP enabled on the router with start address as…I use 103 for a static IP on Network Printer and 102 for my DirecTV DVR settop static IP. So should I not be using/establishing the as my zone ? I guess I’m not clear on what a “Zone” is since I’m just IDing in CIS the single DHCP PC ?..seems like I would define more of a local IP range or something ? I did see in the Stealth Wizard for defining a new network zone that it asked for start and ending IP address (or subnet mask)…so perhaps the fact my subnet was already defined in the above DHCP IP was the key ? Sorry for the dumb questions…just not clear.

A couple of answers.

Making the app trusted in the context of the Firewall. Gives it full permission In/Out.
So it could accept incoming traffic ie. act as a server.
But without a corresponding Global rule allowing incoming requests from IP outside your LAN It’s a mute point, none the less it’s just good policy to keep unnecessary permissions to a minimum.
So again Outgoing only is the better option unless an app needs more permissions to function.

  1. & 3. Really tie together.

The rule set you created, thanks Eric. Allows all traffic In/Out for all the IP’s from to so even if your IP changes due to DHCP you will be still in your Zone.

The Zone really is defined by the mask part In very basic terms it means the first three parts of the address have to match exactly, to be considered in the same Zone. And the last part could be any of 1 - 254.
There is where the difference is observed if you wanted to narrow down your Zone you could say a range of IP’s Like - This shouldn’t be an issue unless you were mayby separating a LAN into smaller isolated chunks with different permissions or perhaps narrowing the scope for wireless hardening.

Gotta run.

Need more … Fire away.


Thanks…let me ask another question to help clarify for me. When I installed CIS on reboot it saw my PC of and I allowed as [Home] which it created I guess in My Network Zones. I then used the Stealth Port Wizard to allow this [Home] to be a Trusted Network. My question may not be CIS but how a combo of it and the router. The Router’s local IP is I have my DHCP set for for max 8 DHCP IDs. I have two static IPs for DTV Settop and Printer at and, resprectively. So, my real “range” I think is to So, finally my question…how does CIS know about the full to range you reference ?..I just don’t quite get how it knows this from the only info I see in CIS My Network Zones of for [Home].

Thanks for your patience !!!

The subnet masks tells that is all part of the local network.

So by defining one local IP address and adding the mask CIS knows all that it needs to know.

Thanks…out of curiosity…when CIS saw the after install/reboot how does the submask inform the starting IP on the Router/Network is ? I can understand how the range is 1-255 but how does it know the…since it only saw .104 ?

CIS doesn’t know where in the IP range the router is. But by using the Stealth Ports Wizard to define your trusted local zone all incoming traffic from the local network, including your router, gets accepted.