Comodo Firewall doesnt remember rules


I have installed CFP v3.0 and later v3.5 but I keep the same error.
I run the firewall at security level ‘Custom Policy Mode’ under Windows XP SP3.
I expect that every attempt to the internet will be asked by the firewall and then remembered afterwards.

But for several programs I have to answer the same question over and over again.
One of the programs is Windows desktop search, which tries to connect to the internet 100+ times a day. I dont want WDS to connect to the internet so I choose ‘dont allow’ + ‘remember’. But the program keeps asking it so nothing is remembered.

When I look into ‘Network Security Policy’ I do see a big list with probably all my allow’s and 'deny’s.

Anybody knows whats wrong and what can I do about it?

what can I do about it?
You may create such Rule: 1) Define Network Zone "LAN" (wich is NOT Internet =) ) 2) Delete all Rules from WDS on App.rules tab 3) Add Rule "Block source address any destination address EXCLUDE LAN s.port any dest.port any"

This will block ANY connect of WDS to anyone network exept LAN =)

I dont want WDS to connect to the internet so I choose 'dont allow' + 'remember'. But the program keeps asking it so nothing is remembered.
It is possible, that WDS tries connect to different IPs and/or different Ports. By "Remembering" answer in Custom Mode all depends on "Firewall Behavior Settings - tab Alert Settings". That settings defines how Rules will be remembered - for current IP and port, or for any IP, or somehow else.

So you are alerted by Firewall about WDS because of Firewall doesn’t have Rule for current destination IP and/or destination Port.

Thanks for the quick help.

But I took this program only as an example. Many other programs are also keeping asking for access.
And I tried to set it to ‘Blocked Application’ also. So even if it tries to connect to different ports or adresses it shouldnt make any difference I guess?

And I see many of exact the same rules in Network Security Policy, which is strange too. 1 should be enough.

I use several applications virtualized with SVS and many of them aren’t remembered by Comodo.
But not all affected applicatons are virtualized.

Hmmm… “Blocked Application” has only one rule - Block all, so no asking should be…
And of course 1 rule is enough.

So at this moment i have no idea how to solve your issue.

And of course it would be great if you post screenshot here.
The best view is two windows together on one screenshot: Rules for application (WDS for example) and Alert window for the same application.

Sorry but I can’t find the Alert window. There are so (too) many settings I can’t find the window you described . . .

But I took 2 screenshots of the NetwSecPol screen as attachment. Maybe some can be learned from them.

[attachment deleted by admin]

By “Alert Window” I asked you to make screenshot of window, which asks you what to do (Allow/Block/Threat As)

I attached what a alert window looks like. I do agree that there is a lot of settings, but advanced users may like that so they can configure the firewall to their needs.

Just a note: Remember to check “Remember my answer” when an alert comes up.

[attachment deleted by admin]

Sorry, ofcoarse the Alert window is the one which annoys me so much :-). How could I forget it . .
But I have attached 2 screenshots of the Alert window and the choices I made over and over again.

The more I look at the logs the more I begin to believe that Comodo doesn’t handle “virtual” driveletters too well.
The DivX i.e. convertor is installed with a virtualized enviroment, SVS. The OS sees it as if it is installed in c:\program files\DivX\etc. but Comodo sees it in c:\fslrdr\etc. But that is the virtual container which only SVS should know.
Comodo should see it in c:\program files.
But still if Comodo remembered the rule there shouldn’t be a problem . . .

But it is not only with SVS installed programs, the problem also occures when running programs using virtulal drive letters.

[attachment deleted by admin]

Is there a way to inform Comodo about this issue, or do they read this forum?
I would be happy if this bug would be solved.

One way is to post it in the Bug Report forum.

Hi bert0123.

Have you tried uninstalling CIS then reinstalling the latest version? If not, Try that. The latest version is here: Free Firewall - Download the Best Firewall Protection and Anti-Virus Scan Software from Comodo


It seems like the Comodo firewall is not able to remember/apply rules for “dialog based” Windows applications. You can see this bug even with the latest 3.5 version.

I’ve made a small test application (dialog based, of course), which is simply trying to do a TCP connect to a selectable IP address, using a selectable port. You will notice that the Comodo firewall is having a hard time with this small app, asking what to do over and over again.

You can download the EXE along with the complete C++ source code from

I hopy that will help the Comodo devs to solve the issue.

  • Pete

EDIT: further testing prooved that my issue is only showing up if the EXE is located on a mapped network drive ?!? If I copy the EXE to a local drive, Comodo remembers the rules for it…

Thanks for the test application, we really appreciate your help
But it does not reproduce the issue on any our environment even when launching from a mapped drive.

The issue could be result of some software conflict that does not allow firewall drivers to read already saved rules.
So could you please tell what other softwares are installed on your computer.

Also tell please - does Defense+ alerts behave in the same way or they are alright?

In bert’s case Windows desktop search is launched using Altiris Software Virtualization Solution but there is also an unvirtualized app with multiple alert so there could be other softwares involved.

Software: it’s a fresh install of XP + SP3… very few additional background tasks (handlers for the notebook’s touchpad and the wlan), no antivirus software. And keep in mind that the firewall can read the rules for locally stored applications…

Defense+ : I don’t have this enabled, I am just using the firewall module.

But to show you the issue I made two screenshots.

The first is showing the alert window of the firewall. Of course I am selecting “Allow request”. On local applications that’s all. The same application on a mapped network drive pops up the alert window again and again and again…

The second screenshot is showing how the firewall is detecting and storing this rules (C: is the local drive → no problems, Y: is the mapped drive → same rule again and again and again…).

[attachment deleted by admin]

As suggested I tried to uninstall and install the latest version.

That didnt help either.

Maybe the problem is due to virtualized CFP not writing its rules into the virtualized rule set for some reason? There may be some issue with the virtualization software writing to CFP’s files due to CFP’s protection of its own files.

Well, Comodo Firewall itself is not virtualized, only the programs that keep asking for access.

The problems are with SVS virtualized applications but also with other virtualize applications.
Also when a program runs from a Truecrypt mounted volume CFP keeps asking permission.

So it is probably not caused by 1 software.

Just to confirm the same here. Comodo won’t remember the rules when starting applications from Altiris SVS. When searching the forum found that this problem doesn’t exist in Comodo v2, so this could provide some insight.