CFP3 3.0.13.268 x32
My firewall rules test config:
Global Rules:
Allow Outgoing DNS Requests (Allow UDP out, any address->DNS IP address, any Port->Port 53 )
Block Any Incoming and Outgoing Requests w/log
Application Rules:
COMODO Firewall Pro
Allow Outgoing DNS Requests (Allow UDP out, any address->DNS IP address, any Port->Port 53 )
Loopback w/Log (Allow TCP/UDP In/out, any address->127.0.0.1, any Port->any Port)
Ask All the Remaining Requests
%windir%\system32\svchost.exe [Custom Policy]
Allow Outgoing DNS Requests (Allow UDP out, any address->DNS IP address, any Port->Port 53 )
Block Loopback w/Log (Block TCP/UDP In/out, any address->127.0.0.1, any Port->any Port)
Block and Log All Unmatching Requests
System [Custom Policy]
Block Loopback w/Log (Block TCP/UDP In/out, any address->127.0.0.1, any Port->any Port)
Block and Log All Unmatching Requests
Test 1 result
doesn’t exist any Listen Request or Local Loopback TCP/UDP In/out Request…
Conclusion
CFP3 has the Pre-define firewall Rules, priority high than User firewall Rules.
This flow is not a correct. (for advanced or beginner users)
Any Requests->Pre-define Rules->User Rules
Correct is…
Any Requests->User Rules->Pre-define Rules
Test 2 (“Web drives” I’m not use eng os, unknow what is this correct name)
I’m use “Web drives”(Client for Ms Networks is true) connect to “\IP address\share folder” (destination PC is offline)
Correct flow:
"Port:445 TCP outgoing request->User Rules " block request on the local firewall, not any message goto remote PC.
but…
CFP3 doesn’t log any Port:445 TCP outgoing request on the "system"process.
Test 3
remote share PC is online. (share service is true.)
Result
CFP3 Block and log Port:445 TCP outgoing request on the "system"process.
Conclusion
CFP3 Pre-define firewall Rules hide action(Ping?) before than user rule configuration settings.
This is not good idea. (for advanced firewall users)
Please CFP Teams correct this issue.
sorry for my bad english.