no idea what’s going on since I’ve installed this version: blocked traffic if any, not reported whatsoever in the log viewer. Wanted to make sure that the logging function worked so I set Firefox to log allowed traffic, and it indeed works.
So 2 issues:
1 no traffic whatsoever is blocked as it use to (hundreds of entries, especially UDP traffic from the router)in previous versions of 3.0 as well as in 2.4
2 second issue, as you can see on the screenshot the allowed traffic from Firefox showed there gives weird IPs! 0.0.0.0 (who’s that??? :SMLR) to 127.0.0.1 (the system address, not even my internal IP)
update: I just refreshed it and the forum IP now appears with my internal IP. But I’ve tried another website and again it’s not logged.
running XPsp2 + CFP 3.0.14.276 + Avast AV + Windows defender
I’ve got the firewall set to train with safe mode and Def+ to clean pc mode, and I didn’t change anything to the firewall default global rules.
[Topic Closed: If issue returns PM an online mod to open]
I also get those once in a while; they are loopback connections within your computer. Mine are blocked, though, since I allow loopback connections only to specific proxy ports, not to any. Don’t know what information is being passed by Thunderbird, but doesn’t seem to object to it being blocked. Maybe it’s unique to Mozilla products?
Hello,
I can confirm that If the firewall is on P2P mode(prompting for incoming connections) is not logging blocked packets… This is wrong for a strong firewall like this
(:AGY) (just a bit worried, not really angry, I appreciate the work done by the Comodo team). That said:
OK that confirms the first issue: some traffic that should be blocked is either not blocked anymore in this version, or not logged. That’s not good folks. Also I reconfirm that allowed traffic that’s manually set (by be) to be logged from my web browser (Firefox), is not logged at all.
thanks for your answer, but issues remain, as mentioned in my previous post. You’ll find it hard to believe but the only allowed traffic being properly listed in the log viewer concerns the Comodo forum, all other visited web sites are translated into traffic between 0.0.0.0 and 127.0.0.1., and again, blocked traffic is not logged at all (MikeG related the same sort of issue about blocked traffic in the announcement thread for this release).
ps. may be the only site listed properly (Comodo) is listed because it’s on the port 443, unlike others that should show up on port 80.
update: I just tried another website that uses port 443 (https) and it shows up too properly in the log viewer.
I see you are using Avast!. Port 12080 is the proxy port for ashwebsv. ashwebsv is a transparent proxy. It captures http traffic for port 80 internally, and routes it to port 12080 of localhost to do virus checking, then back to port 80 to go to the web or to your application, depending on inbound or outbound. Since port 443 is encrypted, it doesn’t go through ashwebsv. Go to the on access protection control for Avast! and turn off webshield and see what happens.
OK you’re absolutely right. I read very quickly something about that webshield proxy function a few days ago but didn’t pay too much attention, big mistake lol. I’ve only been on Avast for a few days. So I deactivated the webshield and the allowed traffic is being logged normally again, without the proxy. Thank you very much.
Remains the fact that like some other users, no blocked traffic is logged at all, and this can’t be related to the Avast webshield.
I get normal logging of expected blocked traffic, since I am playing around with the rulesets. But I think the developers did something to get rid of a lot of the strange stuff that was going to System Idle Process and such in the past. My rules for WOS and system should block/log all inbound connections; I don’t have a global “block all”, so maybe something in the default “hidden” rules has gotten rid of much of the irrelevant traffic. I can’t believe that all of these “TCP in” guys that SIP used to see are on vacation for the holidays.
Hopefully your version could be the right one, as all that blocked traffic being logged (since version 2.3) represented no threat and was just some normal traffic between the router and the network card. UPNP traffic use to be blocked as well. That doesn’t seem to be the case anymore. This could well be an improvement, as I was among the ones to report often about that hardly understandable blocked traffic during the beta testing of older versions of this firewall. I think I’m gonna mark that topic as solved. thanks for your help! :■■■■
