Comodo instantly deletes my firewall rules

Hello,

I’ve been trying to configure specific firewall rules for specific applications. However, every time I create a rule, apply it and close the Network Security Policy window the rule is instantly deleted so if I reopen the window immediately the rule I created is gone.

It also happens the opposite way round, as in if I remove a rule, apply and close the window the rule is immediately reinstated.

Any ideas?

You need to set the Firewall Security Level to Custom Policy Mode (Systray icon - Firewall Security Level). It is probably currently in either Safe Mode or Training Mode. Either of these modes create rules automatically.

Doh, silly me. Thanks Kail.

Now the firewall’s on Custom Policy Mode will Comodo cease to make up new rules for new applications as and when necessary? Does it mean I’ll have to define rules for every single application I use in the future? Is there no way to have it automatically create rules as usual but allow me to add permanent rules it can’t change?

Thanks for the help.

Hi Barns.

Basically, with Custom policy Mode, you will receive a prompt from each new application that requires Network access. If you allow the prompt a rule will be created. The amount of specificity the rule has is dependent upon the slider in the Alert settings tab.

Thanks Quill, that sounds OK.

I’ve created the rule you said to create in the global rules (and it’s staying there now) but I’m still getting the blocked intrusion attempts and Vuze won’t upload at all now.

Any ideas?

Ok, a couple of things, remind me what your application rules are for Vuze, also can you show me a screen shot of your global rules. One other thing, did you set Vuze to use a static port for all communication, if so which?

Yes, I’ve set it to only use port 59832 and set up the global rule allowing TCP and UDP in through that port. See attachments.

Noob question: Does opening up a port completely like that not open it up to anyone to pour stuff through? Could a port scanner find such open ports and then upload nything through it to your PC? Or have I misunderstood the process completely?

[attachment deleted by admin]

Hi. I’m not sure why you would have connection problems after creating that rule. Earlier today, I downloaded Vuze and created the rules you can see in the attachments. With these I was able to upload and download.

With regard to the post being open, it only appears open when it’s in use. If you run a stealth check at somewhere like shields-up or pc-flank, with Vuze open it will say failed. With Vuze closed it will say stealth. Essentially, there has to be an application actively listening for the port to appear anything but stealth. Like wise, for a connection to be made, there needs to be an end point.

[attachment deleted by admin]

Did you get constant blocked intrusion attempts every 2-3 seconds as well? Or do you usually get blocked intrusion attempts all the time anyway?

As to my question about the basics of ports etc, if I leave Vuze running and using a particular port then it will appear open to port scanners etc? Would that not mean they could upload anything they want to my PC or do they already have to have something on my PC to receive it as in the “end point” you mention?

Did you get constant blocked intrusion attempts every 2-3 seconds as well? Or do you usually get blocked intrusion attempts all the time anyway?

Typically, the only time I see blocked events related to my p2p client is when I have closed the client and there are still people downloading from me. It’s the nature of of p2p I’m afraid.

As to my question about the basics of ports etc, if I leave Vuze running and using a particular port then it will appear open to port scanners etc? Would that not mean they could upload anything they want to my PC or do they already have to have something on my PC to receive it as in the "end point" you mention?

It’s not really as simple as that, basically, for an exploit to work there has to be something exploitable on the machine being attacked. More often than not an exploit works by targeting a specific port or service with a known vulnerability. For example NetBIOS or RPC, pprts and something like IIS or sendmail.

When you open a port for p2p, as the majority of people do, you not really creating any additional vulnerabilities. Also, the instant the application is stopped, any packets destined for that port are dropped.