Just like in the title only…
‘The Firewall has blocked 0 intrusion attempt(s) so far.’
It always stays at 0 no matter what.
BTW where are the comodo firewall log files kept/stored anyway?
Thanks
Check your global rules. Do you have a “block all inbound without logging rule?” To log, logging needs to be turned on in the application rules also, so you can selectively log.
Where exactly is this located? I was looking in the Firewall Tab>Advanced>Network Security Policy and didn’t find anything under Global Rules like what you described other than ‘Block ICMP In From IP Any To IP Any Where ICMP Message Is Echo Request’
If someone could post a simple step-by-step process, just so I can get it logging the way it did before I updated to 3.0.14.276, I would appreciate this.
Sounds like you chose the “Alert me to incoming connections” option during install (for easy use of P2P software). An easy way to improve your security and get CFP3 logging is to use the “Stealth Ports Wizard” (Firewall > Common Tasks), choose “Block all incoming connections - stealth my ports to everyone”. Now go to your “Global Rules” under Firewall > advanced > network security policy - and add a rule to allow incoming connections on your Torrent port (if you have one) eg. Allow incoming TCP/UDP - from IP any - to [your IP] - source port any - Destination port [torrent port].
Your global rules should end up looking something like this (and CFP should log any traffic not specifically allowed)…
[attachment deleted by admin]
Wow sorry to say that’s really a pain (for me anyway) to setup just for it to log firewall events. The fact of the matter is I never changed my install options. They have been the same for all beta versions of CFP 3.x, which means comodo changed something between the previous version and this one.
I am also using a router on a wireless/hardwire network of about 3 or 4 computers at a time. If I stealth my ports to everyone, won’t that make it so the other computers on my network won’t have access? (i.e. file and printer sharing won’t work)
I just want it to work like it did before with no big hassle in having to change things to make it work, it shouldn’t have to be that way anyway.
It’s not really all that important for me I was just wondering if something was wrong or broken. If it’s doing what it’s suppose to be doing then fine. The ‘0’ attempt display should be replaced with something else or not even be displayed for that matter, as to not make it so confusing.
Thank you for the help though, I really appreciate it! ;D
they changed alot of things. but anyway onething you can turn on logging for is for global logging
in Firewall/Advanced/Network Security Policy/Global Rules
and for that log entry in it click edit and tick the box for Log as a firewall Event if this Rule is fired.
that one will atleast give you intrusion alerts in Defense Network/Firewall Events Vewer Logs for such things as intrusions from someone port scanning you to etc, just goto shieldsup or any other site like it after you enable that log for that event and you can see what happens. it will log the ip for any intrusions like that. as for any other alerts, they are all not set on 3.0.14.276 for any app only comodo firewalls own app, if you turn on the main one i mentioned then the rest you can figure out in time and do too
thats the default i chose too, but i know what ZoneMaster60 is referring to about something is different. 3.0.14.273 logged event entries when setuped the same way defaults and for easy use of P2P software. him and me must have chose the same setup for 3.0.14.276 as we did for the previous version but this time you get no alerts for anything. I guess they changed it to make it easier on some people. but anyway he can atleast enable logging for the global rules. he should have just one like me since we both chose the easy setup for P2P software like you said
I didn’t have a rule set for logging in Global Rules. However I did manage to get it to start logging events by adding only one more rule, as you will see below.
I had 3 entries to begin with which were…
Allow All Outgoing Requests If The Target Is In [My Network Adapter]
Allow All Incoming Requests If The Sender Is In [My Network Adapter]
Block ICMP In From IP Any To IP Any Where ICMP Message Is Echo Request
(I assume they allow for other computers on my network to communicate with me and so on. None of these were set to allow for logging).
I added this one…
Block And Log IP In From IP Any To IP Any Where Protocol Is Any
By adding this one it started to log instrusion attempts other than just reading ‘0’ all the time. I guess the ‘0’ was really bugging me. ;D Whether this is logging what it’s suppose to log I have no idea but at least it is logging something.
lmao! i love your sense of humour dude :BNC
you know what might be more better though? and that is if we just looked at View Active Connections in Firewall/common task. any other firewall thats what we would be doing lol. I’ve only just started to pay attention to that one and I look at it to see whats going on ;D
and only Global rule i had was this one → Block ICMP In From IP Any To IP Any Where ICMP Message Is Echo Request lol but it wasn’t logging anything so I ticked the Log as a firewall Event if this Rule is fired box for it.
you should goto some scan sites first though to see what gets logged, you might get more stuff logged since you got a few more entires for global than me lol. but best place to start is on them sheildsup test sties quick and easy way to see what kinda stuff gets logged mate 
Actually now it’s blocking my utorrent incoming connections so now I have to think of something else. 
I’ll try what you suggested Ron and see what happens.
Actually I think I’ll put it back the way it was originally and get use to the fact that it’s not going to log any intrusion attempts.
It probably has something to do with me being on a ‘trusted network’ and i’m not going to mess with any of those settings since it’s working.
I think it was this last one you added that caused that problem
→ Block And Log IP In From IP Any To IP Any Where Protocol Is Any
what makes me think so, is because it says Block and log any IP to any where and was in your global rules.
Block ICMP In From IP Any To IP Any Where ICMP Message Is Echo Request
← if you had that 1 to begin with then you can tick Log as a firewall Event if this Rule is fired in the box for it, it won’t effect your connection or change anything, it will only show any logs for that event when and if they happen
I think lobster had mentioned these instructions above. It really did seem a little overkill just to get it to start logging correctly, but it does work according to what lobster had said.
Basically before I did anything I went into ‘Stealth Ports Wizard’ and selected the option ‘Block all incoming connections - stealth my ports to everyone’
Removed the 2 rules that applied to my network card, and now i have these Global Rules. Seems like I should have listened to lobster in the first place. I appologize for being old and senile. 88)
Allow IP Out From IP Any To IP Any Where Protocol Is Any
Allow ICMP In From IP Any To IP Any Where ICMP Message Is FRAGMENTATION NEEDED
Allow ICMP In From IP Any To IP Any Where ICMP Message Is TIME EXCEEDED
Allow TCP In From IP Any To [My IP] Where Source Port Is Any And Destination Port Is [utorrent port] ← for utorrent incoming
Allow TCP In From IP Any To [My IP] Where Source Port Is Any And Destination Port Is [limewire port] ← for Limewire incoming
Block and Log IP In From IP Any To IP Any Where Protocol Is Any
Although to me it seems a bit much, everything works including file and printer sharing and it logs events properly.
If you have any problems with your local network you can just keep the rules as I posted above and add an allow rule for your local network at the top, create a trusted network zone in “Firewall > My Network Zones” for the IP range of your local network. Then in global rules add “Allow IP[zone] in/out to IP[zone] IP Details Any”. You probably wont need to do that though as CFP automatically detects new networks (on default settings) and gives you the option to allow communication between computers on that network and adds those rules automatically to your global rules - that’s the way I did it on my works network anyway (I have installed CFP3.0 on all my work computers as well as my home one and all are working perfectly - I found the wizards made setting up on a small network a breeze).
If all that sounds a bit confusing just put your old…
Allow All Outgoing Requests If The Target Is In [My Network Adapter]
Allow All Incoming Requests If The Sender Is In [My Network Adapter]
…rules back at the top of the others - I think you will probably need these on networked computers, the rules I posted at the a few days ago are really only for a single PC setup - sorry didn’t realize at the time you had a small network).