Can't unblock port 7

I’m trying to allow an app running on my Android phone to send a packet over to my PC but it’s getting blocked, and I can’t for the life of me find out which rule is blocking it.

Here’s a typical firewall event when it gets blocked:


Application: Windows Operating System
Action: Blocked
Protocol: TCP
Source IP: 192.168.1.69 (my Android)
Source Port: 53949 (random)
Destination IP: 192.168.1.64 (my PC)
Destination Port: 7

  1. I have checked the Application Rules and Global Rules and there does not seem to be any rule which is blocking this.
  2. I have created an Application Rule for Windows Operating System and a Global Rule to allow the above connection and moved these rules to the top of their respective windows, still blocked.
  3. I have tried disabling the firewall (by changing the Firewall Security Level from Custom Policy to Disabled), and the above connection gets through, so it’s certainly the Comodo Firewall blocking it.

Would appreciate help :slight_smile:

Edit: Added protocol

Can you show your Global Rules and write down rule you made in Global Rules to allow the incoming traffic for your phone?

Hi Eric,

I managed to figure it out myself but don’t quite understand why it works. The setting which works was an Application Rule:
Application: Windows Operating System
Action: Allow
Protocol: IP (if this is set to TCP as indicated in the Firewall event log, it will not work. I accidentally left this field out in my first post above)
Direction: In/Out (if this is set to In only as suggested by the Firewall event log, it will not work)
Source Address: Network Zone - (my Home network in which both my Android phone and PC are in)
Destination Address: Same Network Zone as above

No Global Rules required.

We usually don’t make a rule for WOS; we only do that in exceptional situations. WOS is a pseudo process indicating CIS is not seeing an application listening (in case of incoming traffic) or in case of outgoing traffic when it cannot see the process generating it (another driver is blocking view metaphorically speaking).

With the rule you made you made the local network a trusted network and all traffic to and from other computers gets trusted. Normally we make the local network trusted by using the Stealth Ports Wizard using the first option Define a New Trusted Network and Make my Ports Stealth for Everyone Else. This will make the necessary changes in Global Rules and for System.

For a tailor made solution you can make the necessary rule for the incoming traffic at port 7 coming from your Android (identify the Android by its MAC address) with Source Port Any.

Read the following tutorial I made. I filled the port numbers etc for your situation.

Firewall → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port Android

Source address: MAC address of your Android (or the local network zone)
Destination Address: Choose MAC address of your Network Adapter
Source Port: Any
Destination Port: 7

Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.

Now there is a rule needed for the listening application. For testing it is easiest to give the listening application the Trusted Application policy. Once you established a working connection you can make a custom rule for the program for the incoming traffic at port 7 from your Android. Let me know if you want some help with that.

Hi Eric,

WOS is a pseudo process indicating CIS is not seeing an application listening
Yes, I think that is the case because (I believe) the Android app is performing an Echo test over port 7 just to check whether it can connect to my PC. It then uses another port (3333) for its actual communication.

I tried your steps below, but this event came back:


Application: Windows Operating System
Action: Blocked
Protocol: TCP
Source IP: 192.168.1.69 (my Android)
Source Port: 53949 (random)
Destination IP: 192.168.1.64 (my PC)
Destination Port: 7

Just for testing, I made your Global Rule more lenient to


Action: Allow
Protocol: IP
Source IP: (local network zone)
Source Port: Any
Destination IP: (local network zone)
Destination Port: Any

and I still received the Blocked events above.

The only approach I’ve found so far is to specify the Application Rule for WOS. However, I’ve taken your advice and modified the source to use my Android’s MAC address, and destination to use my PC’s fixed subnet IP. That should be reasonably secure?

By default, Windows doesn’t support an echo server, but you can easily add this functionality by installing the ‘Simple TCP/IP services’, which can be found under - Windows 7 - ‘Control Panel/Software/Turn Windows features on or off’ or on XP - Add and Remove Programs/Add/Remove Windows Components/Network Services.

Once you’ve installed and rebooted, you’ll have a new service called TCPSVCS.exe listening on a number or ports, including TCP/UDP port 7. You can then use this process as the end point for your firewall Application rule.

For port 3333 you’ll have to use the application on your PC that the phone is trying to communicate with as the endpoint.

Hi Radaghast, thanks for the tip, will try that!

Yup I have no problems setting up the rules for the app using port 3333, only the port 7 comms.