VPN applications that use wintun type adapters are not supported by the firewall driver and thus will not filter traffic that pass through the adapter.
I appear to have two active networks in network center. 1) Local Area Connection, and 2) My Wifi Network. The local area connection uses my VPN’s tunnel driver. There is no Comodo FW driver with it. The Wifi network on the other hand has the Comodo Internet Security Firewall Driver. I have been getting occasional blocked applications all along so I thought Comodo FW was indeed filtering traffic. Now the water appears to be muddied.
Well that seems like the case but I don’t recall it being disclosed anywhere that there is this limitation? Is there?
For non-supported VPN adapters one can try to add CIS FW driver to VPN adapter manually and see if it works. Also installing VPN first and then CIS secondly may be a possible workaround.
As I said, I tried and it won’t stick, so clearly this is one of the ones not supported, that’s too bad as it is a problematic situation. But I wonder why and how Windows Firewall is able to control it?
That’s a shame, as this now makes this problematic for us. I have to concur, this certainly muddies the waters.
Hi Maximón,
Could you please check your inbox for pm and respond.
Thanks
C.O.M.O.D.O RT
What else is there? I am aware of TAP and TUN type adapters. Is CFW compatible with TAP? And what is the reason CFW is not compatible with TUN? Is this something we can put on the Comodo wish list?
When I tried to add the FW driver to the TUN adapter, I got an error message. See below.
Hi CommodoUser2019,
Sorry for the inconvenience, could you please provide us your VPN software name in which the comodo firewall driver is failed to install.
Thanks
C.O.M.O.D.O RT
Yes, I have not seen any issues with TAP, they work fine as Windscribe uses that and several other VPN adapters. Usually related to OpenVPN implementation.
I got RT’s PM and responded already with the details they asked for, so hopefully they will be able to come up with something.
If it helps any, the CFW also won’t install on the Surfshark (wintun) adapter or with the Mullvad adapter - Open VPN or Wireguard
In addition, CFW also doesn’t install on WinPcap or npcap and thus all applications that use WinPcap or npcap bypass CFW.
That’s a lot, good to know. Thanks.
Hi CISfan,
May i know your win version ?
Thanks
C.O.M.O.D.O RT
Hi Ploget,
Thank you for reporting, we will take this to the team notice.
Thanks
C.O.M.O.D.O RT
Hello C.O.M.O.D.O RT,
My Windows version is: Windows 7 Ultimate 64-bit (clean install with all MS-updates).
But I think Windows version doesn’t matter, both WinPcap and npcap aren’t supported by CFW on all OS.
Hello C.O.M.O.D.O RT, Please check for PM that I sent you. Thanks.
Hi CommodoUser2019,
Thank you for providing the requested information, we are checking on this.
Thanks
C.O.M.O.D.O RT
Hello, all, I’m having the same problem. I’m a long-time Comodo CIS user. Two weeks ago I upgraded ProtonVPN to the latest version on my Windows 7 laptop. Well it seems the latest version has WireGuard, and so with Proton VPN enabled everything bypasses the firewall. I just figured out this problem today after hours of frantic searching.
Proton VPN in its wisdom did not tell its users that Wire Guard bypasses firewalls. My firewall is more important to me than my VPN so I have a choice of downgrading Proton VPN to the previous non-WireGuard version & deal with the nag screens, or find another VPN provider.
Hi Benedict,
Sorry for the inconvenience, we are aware of this issue and team is working on it.
May i know your:
- CIS/CFW version ?
- Win version along with system bit type ?
- Any other security software installed on your machine other than CIS/CFW ?
- Proton VPN version ?
Thanks
C.O.M.O.D.O RT
You could also use the Open VPN Protocol instead of Wireguard.
Sorry for the delay, here is more detail.
In 2018 I installed Comodo Firewall v10.2.0.6514 on my Windows 7 Pro x64 laptop. It was a fresh install of Windows and Comodo Firewall was one of the first programs installed.
In Jan 2021 I installed Proton VPN v1.17.5. Comodo Firewall continued to operate normally.
In August 2021 I upgraded Proton VPN to v1.22.2. Comodo Firewall continued to operate normally.
In early Feb 2022 I upgraded Comodo Firewall to v12.2.2.8012. I noticed shortly after this upgrade that Comodo Firewall was not blocking anything, even programs set to Block All. In a panic I downgraded back to Comodo v10 but Comodo Firewall still was not working. At this point I did not test to see if the VPN had anything to do with the firewall not working. Basically Proton VPN was on all the time and tragically I did not think it had anything to do with my Comodo Firewall problems (my bad).
In late Feb 2022 I upgraded Proton VPN to v1.25. The Comodo Firewall started working again, then stopped working. Shortly after that Proton VPN kept disconnecting & refused to connect. I switched from Smart protocol protocol to OpenVPN and Comodo Firewall sometimes worked.
(The Proton VPN Smart protocol changes between WireGuard and OpenVPN depending on network conditions.)
Comodo Firewall started working reliably this past weekend when I switched the Proton OpenVPN Network Driver from the TUN Adapter to the TAP Adapter.
CONCLUSIONS???
- A firewall must be installed first, before installing a VPN
- If you install or upgrade a firewall AFTER a VPN is already installed, the firewall stops working.
- TUN adapter can’t access firewall services, but TAP can.
(don’t know if any of this applies to Windows Firewall)
I solved my problem, but it’s not a solution for the TUN adapter or WireGuard.