Comodo Firewall Doesn't filter WireGuard VPN tunneling


This new technology is faster and suppose to more simple the OpenVPN, but it is not filtered by Comodo Firewall,

A new adapter will be added by WireGuard and controlled byt the VPN app exactly as OpenVPN used to add a TAP adapter,

Comodo Firewall’s filter could be installed in the TAP OpenVPN adapter and filter the traffic.

But in the case of WireGuard tunneling, Comodo filter can’t be install nor filter the connection,

I will attach the driver as a zip file so you add an adapter and you can test yourself,


Maybe I should be more specific,

The Comodo filter service is not added automatically and it can’t be added manually to the WireGuard adapter,

The WireGuard adapter driver is Digitally Signed by Microsoft and it is safe to install,

And when you try to add the Comodo service filter manually it will tell you access denied

Yes known issue that won’t ever be fixed, the firewall driver is not compatible with certain network adapters. Network adapters must have one of bluetooth, ethernet, wan, ppip for ‘HKR, Ndi\Interfaces, LowerRange’ value within the drivers .inf setup information file.

Do you think that the developer at WireGuard can change their adapter, or it is a difficult thing to do?

They could but would they is up to them.

thanks for the reply, I contacted them and let’s hope for the best

All VPN that use Wintun driver (example-Wireguard,OpenVPN) make Comodo firewall useless. it make all apps bypass Comodo firewall.
This is Comodo problem or Wintun problem.!? but first Comodo should contact to him directly to help them or make them help to fix this problem.
PS. Comodo should alert user “Wintun make all apps bypass firewall” Why alert? Because your app is security software and this is a hole.!

Of course Comodo Internet Security users should be notified about this issue. Most of them relies on CIS and they thought they are covered while they are exposed!! (I was one of them until I knew the truth) .

Any progress in this situation?

Just wondering, doesn’t installing CIS first and then VPN secondly solve the issue? Or at least as a workaround?


Now a day “Npcap” from Wireshark working well with Wintun driver but “COMODO Filter Driver” still not work with Wintun driver.
Hmmmm. What the Dev are you doing?

Applications that use “Npcap” for making a low-level connection to the network adapter can establish internet connections which aren’t monitored by CIS FW “COMODO Filter Driver” either… so be ware.

Hi zedopaz,

We will check with the team and update you.


I just installed the WireGuard client for Windows to use with a VPN provider. Does anyone know how to firewall the adapter that is created? Would another vendor’s firewall work? Perhaps, this is why WireGuard achieves a higher throughput than the other solutions?

Hi rmcohen,

Thank you for reporting, Comodo Firewall Doesn’t filter WireGuard VPN is an known issue.
Could you please tell us specific on what you needed ? or what you did and what happen ?


Hi C.O.M.O.D.O RT,

Thank you for your attention. I was aware from this thread that it was a known issue. I was posting asking if anyone had a workaround. I want a software firewall filtering all the traffic traversing the WireGuard adapter. In my case, I decided to re-enable the Windows Defender Firewall. Unlike CFW, WDF does function across this adapter. It is not my first choice, but until the Comodo developers address this issue, I see my workaround as the easiest way to prevent my computer from being exposed when connected to a 3rd-party VPN service.

I recently observed what is a very disturbing behavior to me and I came to see if perhaps there was an update since the update within the program itself says “The server responded with an invalid response” but we are still on the same version.

On one of our machines, we have KeepSolid’s VPN Unlimited installed and it completely bypasses Comodo firewall, and it is reproducible and repeatable each and every time, but it cannot bypass Windows Firewall. Add to that, even with Comodo installed, Windows firewall still prompts to allow or disallow applications, which makes no sense right?

So does anyone know what has changed or not working correctly? With the default block everything claim even if it is not running, this makes no sense to me.

Check that the VPN adapter has the Comodo Firewall driver filter installed and enabled.

That’s a bit vague, care to elaborate please? We have never had to do this for any adapter? Why now?


Decided to do a little checking based on what you said and if you see the Windscribe adapter has the COMODO driver but the VPN Unlimited one does not and no matter how many times you click install and add the adapter, it won’t show up on the list and doesn’t give an error either. Thoughts?

I think that the problem is that CIS FW driver hooks itself to known and supported VPN adapters only.
For non-supported VPN adapters one can try to add CIS FW driver to VPN adapter manually and see if it works.
Also installing VPN first and then CIS secondly may be a possible workaround.