Can't use RDP with Firewall V4 (worked fine in V3).

I upgraded from CIS V3 to V4 and it has many great features, however I cannot get RDP (incoming connection) to work with V4.

Tried the forum (advice there didn’t work) and 2 different Comodo Chat agents who frankly claimed they were unclear how to fix (likely due to a new version)…

I tried Firewall Global Rules (alllow port 3389 which worked fine in V3) and Stealth Port Wizard (option 2 - Alert incoming connections…) and still will not allow incoming RDP unless I dis-able the firewall altogether.

Is there a fix for this or a workaround (besides dis-abling the firewall)?


Does this happen for your RDP-program only, or other programs that require incoming connection(s)? Else, remember to make sure that the program that you use is allowed to make incoming connections on port 3389. Remember that you need such a rule both for the application and as a global rule, in order for the firewall to allow it to accept incoming connections. Also worth remembering that CIS reads the rules from top to bottom.

If it doesn’t work, it might be worth a try to downgrade to the previous version of CIS 4, and see if that solves the problem (I assume that you’re running the latest version, 4.0.138377.779).

You can find previous versions of CIS here:

Yes I only have the problem with CIS Firewall V4 (V3 worked fine after I set Firewall Global Rule).

I added Global Rule (Network Security Policy) for RDP using port 3389 (just as I did with V3), and it doesn’t work with V4 for some reason. My RDP rule is top of the rules stack.

When you say a rule for the Application - what do you mean? I did try adding mstsc.exe to the Defense+ => Advanced => Computer Security Policy (as a trusted application) with same outcome (blocked).

I prefer not to downgrade (back to V3) and it looks like there are other posts from V4 users with the same problem. Any chance of a remedy here from Comodo?


You’ll need to add a rule in FirewallNetwork Security Policy for mstsc.exe, that allows it to accept incoming connections. The global rule says that any program can accept incoming connections on port 3389, but only if its application rule in Network Security Policy also allows it to accept incoming connections on port 3389.

Thanks Ragwing,

I added trusted app mstsc.exe and svchost.exe and still will not connect unless I dis-able Firewall (learning mode doesn’t work either).

Log shows Blocked svchost.exe …

Is there some setting I am missing?

OK I got this to work (after combing through many forum posts on other problems)…

Key is to enable both the port, and the RDP application, detailed below:

Firewall → Advanced → Network Security Policy…

  1. Application Rules - need to add mstsc.exe (RDP app) to “ALL APPLICATIONS” rule set AND add it before (on top of) the “BLOCK AND LOG ALL UNMATCHED REQUESTS”.

  2. Global Rules - add an RDP control rule (in/out) with Destination Port 3389 (or whatever you use for RDP port).

  3. My Port Sets - add 3389 to the port sets.

It works fine now.

finally. Solved in here!


Can you plesae print screen shots of exactly what you did. I tried as per your instructions and have had no success so far!