Comodo Firewall - problems with VMware


I really love the Comodo Firewall!

But i have a problem with VMware:

I use Win 7 as host system and i virtualize Win 7 with vmware. As internet connection, i use the host’s nat.

On the guest system, i use VPN with OpenVPN, which works great!

The firewall all the time alerts when vmnat.exe (the exe of vmware which wants to connect to the internet) wants to connect with the DNS Servers i adjusted and the IP of the VPN server. I allow it and everything is fine, but the problem is, that i get the same three questions asked over and over, most of the time i get them asked 2-3 times, and sometimes an hour later.

Comodo is not remembering the saved entries, altough they are listed when i look them up in the settings.
The vmnat.exe is always the same, even the PID number. It seems that they are deleted when i start the virtual machine.

Is it a Comodo bug or is there any explanation and workaround for that?

Thanks for advice!


Can you provide some specific details about theses requests please.


  1. (IP first DNS server i selected in Windows Network Adapter) → Internet, Port 53
  2. (IP second DNS server) → Internet, Port 53
  3. UDP Port 1149 → Internet, thats the OVPN request for tunneling the traffic, works fine

Theres also a 4th request for a DNS Server of VMware, but that doesnt matter.

There would be more requests to the internet of course if i wouldnt use VPN, because then the whole traffic wouldnt be tunneled through it.

So, for being able to get the IP for the VPN Server hostname, Windows tries to connect to the DNS Server. If thats done, it tries to connect to the Server via OVPN (ober Port 1149) and thats it, no more requests.

It’s all okay, but Comodo doesnt remember the saved settings i have to make every time.


If I understand, the problem is, openvpn is using different DNS servers and not remembering? Perhaps you could post a screenshot of your firewall behaviour settings and your firewall application rules.

If I understand it correct he get’s repeated alerts for his 1,2,3 requests (2 public DNS and 1 Ovpn server IP+port).
So vmnat.exe should have the following rules and should not ‘forget’ them

Allow TCP or UDP out destination X port 53
Allow TCP or UDP out destination Y port 53
Allow UDP out destination OpenVPN server port 1149

It seems it keeps asking these repeatedly.

Can you please post a screenshot of your vmnat.exe rules on the firewall policy.
And a screenshot of the firewall alert logging (Open Firewall log press ‘More’ and then select ‘Alerts displayed’ , next click ‘View’ → Advanced Filter, select ‘Type’ and click add
Select ‘Type’ Equal to Firewall alert and post a screenshot of that, if there is more you can add an extra filter description for ‘vmnat.exe’

No ;D

The only problem is, that Comodo remembers the rules for the vmnat.exe(when i look them up in the settings), but it always asks again! (2-3 times directly, and after a restart of the virtual machine it begins again)

I have alle settings on high, so each connection will be asked. And again: the problem ist not the rules, the problem is that Comodo asks again and again, if i want to allow for example of vmnat.exe, i click on “save and remember” and allow it, but after a restart of the virtual machine Comodo will ask me again, although the rules exist.

So the problem is not OpenVPN, the problem is only that the vmnat.exe tries to connect to the Internet, i allow it, but it asks me 2-3 times again the same things, and then it works and Comodo remembers it, but after a restart the vmnat.exe asks me again 2-3 times the connections i have to permit.

I hope it is understood now ;D

EDIT: ok Ronny, in a minute.

In the protocol i saw, that the source port for all servers change. And the connections connections before, vmnat was using diffrent source ports for them than now.

But in my rules i have “source port: any” so there cant be the problem.

And the 217. … IP DNS is not from me, it is one vmware uses, i could block it, it makes no diffrence.

I think the problem has to do sth with the changing source ports. Is it a bug?

[attachment deleted by admin]

The source address is constant,, the destination port is the port to define with the IP addresses of the DNS servers. is not a port??? And the source ports are not constant, they change each time i get asked to allow a connection.

I am german so i use the german version:

“Quelle” = source
“Ziel” = destination
“Ein” = in
“Aus” = out
“Gefragt” = asked
“beliebig” = any

I don’t have this behavior here, did it start after upgrade of CIS 5.9 → 5.10?
Did you update any other software in the mean time?

Grüße aus Holland :wink:

Sorry, that was a typo on my part, I should have said address. I’ll change it.

And the source ports are not constant, they change each time i get asked to allow a connection.

I am german so i use the german version:

“Quelle” = source
“Ziel” = destination
“Ein” = in
“Aus” = out
“Gefragt” = asked
“beliebig” = any

As Ronny, I also don’t see this behaviour. If the DNS server addresses don’t change and your settings are correct, you should only receive the alert the first time the connection is made.

Hmmm and what can I do now?

I think it was from the beginning and i first used the Win 7 machine a month ago.

The Backtrack machine didnt make any trouble, but ill try that out again tomorrow.

So you have a Win7 64bit VM and a Win 7 64bit host system with comodo firewall installed and when you use the host system’s internet u dont get the problem?

Good night @ all.

I have a variety of VM’s using both Virtualbox and VMWare, some are NAT, some are bridged. They include a 7 x64 and an 8 x64 . The VMs using NAT have pretty simple rules, including being able to resolve DNS queries and the rule for that process hasn’t changed since creating the VM. I also use Custom Policy mode with Alerts on very high. Does this problem affect any of your other rules or is it just those for the VPN?

Hmmmm i am now using a workaround: when i delete the old rules for vmnat.exe completely and creating them again by myself, it works.

It’s funny because when i only delete the rules for vmnat.exe but not the entry itself and then i rewrite the rules, it doesn’t work. So i have to recreate the whole entry.

That is definitely a bug, i dont know what it causes but it would be nice if someone from the support could try that out.

It is also strange because another VM, Linux Backtrack, works fine and i only have to set rules there one time.

So perhaps it has to do something with Win 7 Professional x64 in combination with vmware…

Beside this problem, i have another one: i dont know exactly when it started, but i could be after i updated comodo and shut down the system and started it again the next day.
The comodo symbol in the taskbar does not autostart, neither does the cfp.exe, altough the service and the autostart entry exist.
So i reinstalled comodo but that didnt help. In the moment i workaround that problem by creating a rule in the windows taskplan (i dont know if it is the right word in english? in german it is “aufgabenplanung”) by that the cfp.exe gets started after loggin in to the windows account.

I know that it isnt so important to have the cfp.exe running because the firewall will work also without it.

But also sometimes when the cfp.exe was started and the system was running, it disappears from time to time.

I do not have any virus on my system … as far as I and the AV softwares knows ;D

Is there any solution? I googled but there were no solutions… only a handful of guys with the same problem.

Thanks !

The problem is still existing and I reinstalled my Win7 and vmware.

When I start the vm it shows me that I dont have internet access, when I try to connect to a VPN Server openvpn cant resolve the hostname although i allowed it in the rules…

When i go in the comodo settings and change the rule, the old game begins and comodo asks me again to allow vmnat.exe and so on… but now, when i reenter in the comodo settings, the old rules are gone.

It HAS to be a bug. Can somebody help me please?

Unfortunately, unless it’s related to the vpn connection in some way - I don’t have one to test - as Ronny and I mentioned earlier, this is not behaviour we’re seeing. The image below shows the rules I have for vmnat.exe. Although the image was taken from CIS v6, the rules are the same under v5 and they haven’t changed since being created.

This from the firewall on a an x64 host running a x64 guest.

[attachment deleted by admin]