CIS and HOSTS file

CIS Premium 6.2.282872.2847 on Win7 Pro SP1 x64. UAC disabled.

If there’s and entry in HOSTS file like
127.0.0.1 vip-file.com

And if I set under Global Rules
Block IP In/Out From MAC Any To vip-file.com Where Protocol Is Any

Then vip-file.com gets first denied access by HOSTS file and if to remove that entry from HOSTS file, then it gets denied by Global Rules.

But, there’s more. If both entries are present, then some applications fail to connect to the internet at all.
Internet Explorer (10) and Jitsi (2.2) are unable to connect to the internet, because Global Rules are blocking them.
If to replace Global Rule entry with vip-file.com’s IPv4 Single Address, then access to vip-files.com is successfully denied by HOSTS file. No connectivity issues with above programs. And if to remove that entry from HOSTS file… oookay… I think my Comodo’s Firewall is broken as it is not blocking that IP anymore at all nor the secondary IP nor the Address Range and not even if two separate entries. Diagnostics did not find any issues so that means… either issue with my Windows or Comodo v6 really is an absolute failure.

I wonder if 5.x has this issue too… I will try it out. Maybe people really should stay on v5.12, until higher power reaches Comodo’s devs.

CIS is not playing well with blocking on hostnames. It may block a whole bunch of other sites. This has been reported if I recall correctly.

In short CIS firewall is not well suited for being used with a block list. It is better to use other tools like HOSTS file or Peer Guardian.

So, I did some more testing…

CIS v5.12 nor v6 don’t seem to fully uninstall themselves. Some leftovers are still present. Why don’t they have full uninstallers if it’s such a critical piece of soft?

CIS v5.12 doesn’t catch any internet requests when using Mobile Partner to connect to the internet through 3G modem.
What the hell?

So I tried with vip-file.com first. No HOSTS file entry.
In CIS v5.12 access to Host vip-file.com got denied by Global Rules.
In v5.12 issues with internet connectivity are already noticed and they are even worse than in v6.2. Issues are now noticeable even in Firefox.
I couldn’t even start any tests with HOSTS file.

Changed to vip-file.com’s IPv4 Address Range 78.140.178.34 - 78.140.183.30 - connectivity issues are the same.

I tried separate IPv4 Single Addresses of vip-file.com - everything is the same.

Oh wait, scratch the above, I think I broke my firewall again. Don’t know at which point tho.
I tried disabling the firewall, but I still had connectivity issues.
I then restarted my machine and the issue was gone. Why was the issue gone after I restarted my machine? Why did the issue happen at the first place anyway? Bug? Security hole?

Okay, starting from all over. Added Host vip-file.com under Global Rules. Added 127.0.0.1 www.vip-file.com vip-file.com line to HOSTS file and…
Internet Explorer can not connect to the internet. Firefox can.

Changed the Global Rule to IPv4 Address Range and Internet Explorer has no issues connecting to the internet.

Then I tried v6.2.
Still no alert about Mobile Partner’s internet connection establishment. May be a bug or a security hole?

Added Host vip-file.com under Global Rules. Line 127.0.0.1 www.vip-file.com vip-file.com is still in HOSTS file. Nothing at first, then rebooted and…
Internet Explorer fails to connect to the internet. Firefox works.
Why does CIS react to the same entry in HOSTS file like that? Bug? Security hole?

Switched that rule to IPv4 Address Range. Left the HOSTS entry intact.
The v6.2’s new address pasting ability is idiotic, either manually input the address or add 0 in front where needed and then paste and eventually it will still show the rule without any excess 0 in the address. What a piece of mockery.
And Internet Explorer is able to connect to the internet again.
Rebooted and still no problems.

Okay, so Global Rules’s Host causes problems, when same entry exists in HOSTS file. Why keep it, if it doesn’t work well? I remember seeing this issue 2 years ago too.
And I still wonder, why Mobile Partner’s internet connection establishment is not picked up by firewall. Although if to activate Mobile Partner’s updater, then that is picked up, so, it’s using something else to connect to the internet.

I just read about known issues, yep, host issue is there, no fix. But, I don’t even know about what that issue is, since Comodo’s forum is kicking me out if I try to view those topics.

What exact entries are left behind?

CIS v5.12 doesn't catch any internet requests when using Mobile Partner to connect to the internet through 3G modem. What the hell?
Is this a pppoe connection?
So I tried with vip-file.com first. No HOSTS file entry. In CIS v5.12 access to Host vip-file.com got denied by Global Rules. In v5.12 issues with internet connectivity are already noticed and they are even worse than in v6.2. Issues are now noticeable even in Firefox. I couldn't even start any tests with HOSTS file.

Changed to vip-file.com’s IPv4 Address Range 78.140.178.34 - 78.140.183.30 - connectivity issues are the same.

I tried separate IPv4 Single Addresses of vip-file.com - everything is the same.

Oh wait, scratch the above, I think I broke my firewall again. Don’t know at which point tho.
I tried disabling the firewall, but I still had connectivity issues.
I then restarted my machine and the issue was gone. Why was the issue gone after I restarted my machine? Why did the issue happen at the first place anyway? Bug? Security hole?

Okay, starting from all over. Added Host vip-file.com under Global Rules. Added 127.0.0.1 www.vip-file.com vip-file.com line to HOSTS file and…
Internet Explorer can not connect to the internet. Firefox can.

Changed the Global Rule to IPv4 Address Range and Internet Explorer has no issues connecting to the internet.

Then I tried v6.2.
Still no alert about Mobile Partner’s internet connection establishment. May be a bug or a security hole?

Added Host vip-file.com under Global Rules. Line 127.0.0.1 www.vip-file.com vip-file.com is still in HOSTS file. Nothing at first, then rebooted and…
Internet Explorer fails to connect to the internet. Firefox works.
Why does CIS react to the same entry in HOSTS file like that? Bug? Security hole?

Switched that rule to IPv4 Address Range. Left the HOSTS entry intact.
The v6.2’s new address pasting ability is idiotic, either manually input the address or add 0 in front where needed and then paste and eventually it will still show the rule without any excess 0 in the address. What a piece of mockery.
And Internet Explorer is able to connect to the internet again.
Rebooted and still no problems.

Okay, so Global Rules’s Host causes problems, when same entry exists in HOSTS file. Why keep it, if it doesn’t work well? I remember seeing this issue 2 years ago too.
And I still wonder, why Mobile Partner’s internet connection establishment is not picked up by firewall. Although if to activate Mobile Partner’s updater, then that is picked up, so, it’s using something else to connect to the internet.

I just read about known issues, yep, host issue is there, no fix. But, I don’t even know about what that issue is, since Comodo’s forum is kicking me out if I try to view those topics.

When testing with HOSTS file please make sure to flush Windows DNS cache first and to restart your browsers to makes sure local DNS caches are not interfering.

FWIW: I make extensive use of HOST file to block parasites from downloading. I implement the latest HOST file from MVPS.org on a monthly to bi-monthly basis.

As an adjunct, I employ Spy-Bot’s Immunize feature which add’s its own entries into the HOST file. Furhtermore, it adds URL’s into the browser’s restricted zone. I only utilize Spy Bot for that purpose and its inherent resident SDHelper BHO that silently blocks bad downloads.

The HOST file and CIS are mutually exclusive. An app that needs internet connectivity first must have DNS client service resource access rights (confers RPC service functionality for DNS service). Prior to issuing UDP on port 53 to DNS servers, it does a lookup in HOST file. IF it finds the URL there, then DNS lookup isn’t performed.

The first entries in my HOST file are:

127.0.0.1 localhost

::1 localhost #[IPv6]

[Start of entries generated by MVPS HOSTS]

[Misc A - Z]

127.0.0.1 fr.a2dfp.net

If my system was directed to go to fr.a2dfp.net to access some resource, it will not be found, as the DNS lookup is re-directed to 127.0.0.1 (localhost). Any web-page trying to display content from that URL will display:

Can’t display web-page…bla-bla-bla.

I’ve never had a problem with this in almost three years of use. Make sure the first two un-remarked lines in HOST are the same as mine above. Any line having a ‘#’ prefix is a remarked and not executed.