Comodo Firewall Not Following Email Client Rules

I have Comodo Firewall version 5.0.163652.1142, which I upgraded on Tuesday. It is on a Win7 x64 machine.

Prior to the upgrade, whenever I did a send link from within Firefox (to Thunderbird), Comodo would issue an alert, that the application (Thunderbird) was unknown and did I want to allow internet access. I wanted this behavior – if a piece of malware ever gets into my system, I want to know that it is trying to email itself to everyone in my addressbook. Now, there is no alert. I recalled, that the last time there was a Comodo update, I had the same problem. Then, I was able to restore the behavior I wanted.

This time, no matter what I do, Comodo allows outgoing emails without any alert. I have gone into Firewall > Network Security > Pre-Defined Policies > Email Client. I have changed the settings to Ask for Outgoing DNS requests, to Ask for Outgoing POP3/SMTP Requests, to Ask All the Remaining Request. I have moved Ask all Remaining requests to immediately after allow access to Loopback Zone. All to no Avail. Nor do I find Thunderbird listed under Application Rules or Trusted Applications.

I find it extraordinarily annoying that Comodo has gone in and changed my Rules. I would appreciate it greatly if someone could let me know how to restore my former firewall behavior.

Many thanks,

Start with enabling Create rules for safe applications and then give the Email policy once again.

With this setting disabled CIS will use default Outgoing Only profile for all safe applications. That is done as a measure of keeping the firewall rules in the registry small. Big amount of rules makes saving of new rules slow.

That is done as a measure of keeping the firewall rules in the registry small. Big amount of rules makes saving of new rules slow.

A very discutable argument.

I actually want customized rules for everything, including outbound.

But i of course don’t want my registry to be a mess.

We should not confuse the causes and their consequences: for the said reason, but also for safe backup practices, Comodo should definitely not write these rules in the registry, but in a dedicated database file like every other software does.

In regard of customized rules, CIS has always walked on its own feet between global rules and network rules, as well as between predefined rules and network rules.
My idea is that, if one wants to use mail predefined rules (altough they are quite useless), the dns range should be, whether asked or trusted, limited to the only DNS of your ISP, but that it is safer to only use a network rule for the customized mail executable: it is then easy to limit its connexions to the IP, ports and DNS of your ISP.
I also believe that, specially if not in a proprietary format like the one used by some alternative mail clients but using the standard Windows item, the adress book is the unsafest thing on earth, and that as a security measure aiming to avoid propagation of malware and spam on the whole Web, no one should use this tool and should always prefer to keep mail adresses in whatever other format from which it can be pasted in the mailto request.

Dear EricJH

Many thanks for the reply; sorry it has taken me a while to get back. I have selected Create rules for safe applications. I then went into the Network Security > Predefined Policies >Email Client > changed/resaved the rules to ask me. When I go to File > Send link, I get a popup in the lower right hand side of the browser which says Firewall is Learning. BUT IT IS STILL ALLOWING OUTGOING CONNECTIONS without an explicit allow from me.

Would appreciate any further suggestions

What is your setting for Firewall Behaviour Settings → General?

Safe Mode.

(All best wishes for a Merry Christmas and a Happy New Year!)

Can you take a look in Application Rules and see if there is a rule called “All Applications”?

When it is there see if T-bird is somewhere underneath that rule. If that is the case move the T-bird rule to a place somewhere above the “All Applications” rule. The reasom for this is that when a rule is under the “All Applications” rule it will follow the rule set by the "All Applications’ rule; which is Outgoing only.

Dear EricJH,

My apologies for the long delay in replying.

When I finally got back to troubleshooting the issue, in looking for the ‘All Applications’ rule, I found one for Thunderbird (allow). I apologize – I went over that list at least 3 times and somehow missed it (I know, I know – problem located somewhere between chair and keyboard ;)). Comodo now, as I prefer it, queries before allowing outgoing email messages.

Again, my apologies and thanks (but please tell your developers they should not be overwriting custom rules every time there is an update).

Thanks again for your patience and best wishes for the new year.

Glad I could be of help. :slight_smile: