CIS and Outlook 2007

I’ve just installed CIS 3.10… - the latest version. The only problem I found is with Outlook 2007 (SP2).
I’ve assigned “E-Mail Client” policy to Outlook (the path is C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE). But every time I try to check e-mail CIS shows this alert for Outlook:

Application: OUTLOOK.EXE
Remote: - TCP
Port: pop3-ssl(995)

This is Gmail account. If I check “Remember my answer” CIS creates new rule for Outlook with this path: C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE :

Action: Allow
Protocol: IP
Direction: Out
Source Address: Any
Destination Address: Any
IP Protocol: Any

But it is only a half of problem. CIS shows the alert every time even the rule already exists. And every time I check “Remember my answer” it creates the same additional rule for C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE

I was trying to reproduce the issue by changing the firewall apllication policy rule for outlook. Let me exlpain what i did. At first my outlook 2007 had a custom rule with firewall which has been automatically added when the firewall is on safe mode. So, after reading your post i changed it to email client and i tried to open outlook 2007 and i don’t find any popup’s as you mentioned. I’ve attached the screenshot of my rule for outlook.

Operatating System : Vistal Ultimate x64
CIS Product Version : 3.10.102363.531
CIS Installation Type: Updated From 3.9

Lets see whether someone else post’s about the same issue.

[attachment deleted by admin]

I have the same number of rules for C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
But in addition to this CIS creates rules for C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE and it seems CIS doesn’t remember what he did a minute ago. See screenshots attached.

P.S. I have WinXP Pro SP3 x32

Lets see whether someone else post's about the same issue


[attachment deleted by admin]

I would like to know what happens if you try to change any of the custom rule added for outlook to email client ?

Scary rules!

Delete your rules for Outlook. Restart the application and accept the prompts. Stop outlook.

go to firewall/common tasks/ my port sets

make sure ssl ports are in there.

if needs be edit the application rule to allow the ssl ports

Check the ssl ports in this image:

[attachment deleted by admin]

Ok. I deleted all rules for Outlook (both C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE and C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE). After Windows restart I run Outlook and CIS shows the same alert:

Application: OUTLOOK.EXE
Remote: - TCP
Port: pop3-ssl(995)

I select Treat this application as Email Client and check Remember my answer. In a few seconds CIS shows the alert again. I select Allow this request and check Remember my answer… Outlook starts downloading mail. I go to the Network Security Policy and see five rules for C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE: 4 rules - predefined for Email Client and 5th:

Action: Allow
Protocol: IP
Direction: Out
Source Address: Any
Destination Address: Any
IP Protocol: Any

And then every time Outlook checks email CIS show this alert and ads new identical rules.

I checked port sets. My port sets are the same as EricJH’s screenshot has.

By the way, I tried to use Thunderbird with the same Gmail account and Email Client predefined policy. No more alerts! What’s wrong with Outlook?

Let’s take another point of view. May be something got corrupted for unknown reason that is messing here.

My idea is to import and activate a back up configuration and see if the same thing happens. Go to Manage My Configurations → Import --< navigate to the CIS installation folder → import one of the four .cfg files (Internet Security < Proactive Security etc) → give it an appropriate name (Internet Security New etc…) → activate the profile.

Does the same thing happen?

Today I reinstalled CIS and Outlook. Everything seems to be fine now. At the first alert for Outlook I chose Email Client predefined policy. CIS created 4 standard rules for C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE and doesn’t show more alerts. Thanks for all!

Quite strange… ??? that it still add four standard rules

I’ve got exactly the same problem with Outlook 2003 SP3/Windows XP SP3 32Bit, Comodo Firewall 3.14.13.

I have erased all outlook rules and started outlook. As soon as Outlook tries to access DNS, Comodo asks for permission. After ‘remember my answer’ is ticked and 'treat this application as ‘trusted’ is selected, I am getting again:

'Outlook.exe is trying to connect to the internet." and everything repeats.

It is interesting, that every time I ask Comodo to memorise the treatment of the application, it duly creates a record:

‘Allow IP Out From IP Any to IP Any Where Protocol is Any
Allow All incoming and outgoing requests’

Sometimes it adds up another line like:
‘Allow IP Out From IP Any to IP Any Where Protocol is Any’

So it looks like the rules are being correctly created however not being interpreted in real time.

I had this problem with earlier version of Comodo; sometimes reinstallation helped but I guess it is an annoying bug that is crying to be fixed.

It is interesting that the problem, while common in my household, did not appear on my machine until about a month ago. I saw it before on kids machines though.

I will try to rewrite configuration files as suggested in the thread but I hope Comode QA is monitoring the thread and would take some notes.

I am using the E Mail client policy. It will ask for permission when you download images from a server; set it to remember and be good to go.

Can you see if that works for you as well?

I have tried it; same result. The software just ignores the direction.

How are your Alert Settings? They can be found under Firewall → Advanced → Firewall Behaviour Settings.

I am struggling with the same problem since I re-installed COMODO today. The basic problem is that COMODO will simply not observe the application rules that you add to the Network Security Policy (for certain processes - I haven’t found a pattern yet). And the reason for that is that somehow COMODO does not recognize the running process as being subject to that ruleset. I encountered this problem first with our music server but also have it now with Outlook. The music server is now running because I started it in a very unusual way. Somehow that way seemed to please COMODO. With Outlook, I have not found a way yet of making it observe the rules. (*)

Funny thing is that when you reply to the pop-ups (to prompt COMODO to create a rule for you), it then does add the rule to right ruleset - the very ruleset it ignores when analyzing the traffic. I kind of like COMODO but these problems have now taken up so much of my time that I might have to find another firewall…

(*) If I insert an application rule at the top of my NSP to block ALL traffic for Outlook, then by right I should not get any email. But Outlook doesn’t care. It happily works because I have a rule at the bottom of my NSP that allows all outbound traffic for All Applications. And so it goes…

Ollie. Can you show me screenshots of your Global Rules, Firewall Behaviour Settings and Firewall logs (Firewall → Common Tasks → View Firewall Events)?

Sure. See attached my Application Rules (notice OUTLOOK Block All) and the Firewall Log (notice the Allowed against OUTLOOK which comes from the All Application rule which I have asked to log every trap). My global rules are unchanged over default (attached anyway; they are second in line on the way out) and my Behaviour is in Safe Mode. Thanks.

[attachment deleted by admin]

I MAY be on to a pattern to this problem. On Windows, and I never asked how this works, we are sometimes given a full pathnames for a file, as in eg “C:\Program Files\Microsoft Office\Office 10\OUTLOOK.exe”, while at other times the same pathname is reported as “C:\PROGRA~1\Microsoft Office\Office 10\OUTLOOK.exe”. It seems to me that I get problems with those executables that are reported with the latter convention in the Firewall Events viewer. Perhaps, an expansion of the “C:\PROGRA~1” to “C:\Program Files” is performed when the ruleset is applied and is afterwards found not to match the “C:\PROGRA~1” reported back from the executable?

You are not allowing Outgoing traffic in the Outlook rule. As a consequence it cannot ask for new mails.

I am using the predefined E mail client rule for Outlook. What’s keeping you from it?

IF ONLY THAT WERE TRUE. I’d be dancing with delight. Outlook doesn’t have the slightest problem sending or receiving email. Despite my sweeping “f*** off” rule. That’s the whole problem. You can see that there’s no issue with Outlook when you take a closer look at the Events log I provided. You can clearly see in there the periodic POP requests to port #110, each of which is “Allowed” thru.


PS: Just to be very clear about this: Like yourself, I simply wanted Outlook to use the “Email client” predefined policy. But I noticed that it was ignoring it. To prove the point to (not least) myself, I instated the Block-All rule.