CIS 5.9 does not block or issue any alert to port 135

Firewall does not block port 135 as shown in pictures:


Comodo does not emit any popup.
bug?

Not directly, can you please post a screenshot of your global rules and one of the application rules?
I don’t have this issue here.

ok!

  1. Im having issues reading that… can you switch the GUI to English? not sure that works as the rules might still be in your local language.

done

Can you change the global rule for port 135 from “In/Out” to “In” and activate logging.
Then run the port scan again see if it get’s logged?

If not please add the same rule to the “Windows System Applications” and move it to top to see if that works.

did not work, the CIS does not have any log or alert.

Is the box in the image below checked? If it is, CIS doesn’t always alert or, depending on your settings, log for inbound/outbound connections

[attachment deleted by admin]

I have this option unchecked, and still the problem persists.
can only hope the next update :-\

Can you post a screenshot of the Network Adapter which shows what services are attached to it?

Can you try to run the stealth port wizard and set to ‘block all incoming’ see if that does work?

screenshot of the Network Adapter which shows what services are attached to it?
is it?

when trying to access the modem ip

http://i.imgur.com/qf9vV.jpg

run the stealth port wizard and set to 'block all incoming' see if that does work?
does not work :-\

No it’s on Network, Adapter, Properties where it shows ‘TCP/IP v4 protocol’ and 'File & Printer Sharing" etc

[b]when trying to access the modem ip[/b] does not work :-\
Wait this is an outbound scan from the CIS PC to your Modem? It thought you where trying to prevent a connection from the network TO your CIS PC?
Wait this is an outbound scan from the CIS PC to your Modem?
in the example of Nmap.
It thought you where trying to prevent a connection from the network TO your CIS PC?
I did not understand ... but with other firewall (outpost firewall, online armor and pc tools ) blocked port 135 on the test NetworkActivPortScannerV4.0.

sorry my english

Interestingly, scanning PCs on my LAN, from other PCs on the LAN, regardless of Windows Operating System resident on the scanned PC, I get the same results (image) three filtered service ports. This is with a default install of 5.9 but with ports ‘stealthed’ via SPW (image) Time to see what some other firewalls report.

Edit: Having run a scan against several firewalls, including Outpost, OA, and the Windows 7 firewall, when configured to block unsolicited inbound connections (equivalent to SPW in CIS) the results are the same, three filtered ports. Obviously, scanning one PC on a LAN from another on the same LAN is not a great ‘real world’ test. Out of interest, what are the results when run against something like Nmap Online (If you have a router, place the PC to be scanned in the DMZ or directly connect it to the Internet)

A few things to point out:

  1. Just because a port is in a ‘Listening’ state, does not mean is accessible form the outside world. If the port is blocked in the firewall, it cannot be accessed.
  2. In certain cases the only way to prevent a service from being in a ‘Listening’ state, is to disable the service.
  3. The ports in your scan appear as ‘Closed’ as opposed to open, filtered or unfiltered. Whilst this is not ideal, it’s also less of a risk than being ‘open’
  4. Additional security products currently or previously installed alongside CIS may influence the results.

[attachment deleted by admin]

on these three ports already managed invisibility to least test Nmap.
see the image:

[attachment deleted by admin]

I was editing my previous post when you posted, so please read my comments there. May I suggest, as a test, you delete all of the existing Global rules, run Stealth Ports Wizard with the third option and run the test again. Please also run the test against Nmap Online

it is?

Starting Nmap 4.75 ( http://nmap.org ) at 2011-12-22 05:46 Central Europe Standard Time All 5000 scanned ports on 201-88-xx-xxx.bsace702.provider (201-88-xx-xxx) are filtered

Nmap done: 1 IP address (1 host up) scanned in 1254.27 seconds

thanks for the help and as stated earlier post, I managed the “invisibility” desired.
once again thank the two (Ronny and Radaghast) who was willing to waste their time taking my doubts. :-TU

sorry my english!

No need to say sorry, this is an international forum and English is not everybody’s mother tongue.
Glad you got it fixed :-TU