these are my settings in custom policy mode, but cpf3 doesn’t alert me for loopback alerts…
any suggestion?
[attachment deleted by admin]
CPF3 default is to treat Loopback as a Trusted Zone. Click on Firewall and My Network Zones and remove the Loopback Zone. You may have to reboot but you should see alerts for loopback thereafter.
Eric
but if i set the block all (with logging) for an application i can’t see any in the logfile
Are you using the Predefined Block All Rule for the application?
You should be seeing the logs if the application attempts to connect.
Sometimes you have to exit CPF3 and restart it before it will show the rules you changed and remember to click “apply” at the bottom window once you’ve changed the rule.
Eric
Addition: put your firewall level to Custom mode.
perhaps a bug?
There seems to be a number of issues with regards to the logs. See this topic here which might be of some more help.
https://forums.comodo.com/empty-t20432.0.html
Eric
The thread https://forums.comodo.com/feedbackcommentsannouncementsnews/alert_on_localhost_connections-t16888.0.html actually goes through a couple of generations of the loopback alert issue. AFAIK things have not changed. We did some experiments there you might find useful
Or bad install same settings as you I have approx 10 loopback rules deleted one to cause alert screenshot below.
Dennis
[attachment deleted by admin]
I think the suspect aplication (in my case update.exe) doesn’t reach the loopback as destination.
I’ve checked it with tcp view. But what does : mean? → see attach
thanks
[attachment deleted by admin]
As far as I know the . just means that the Remote Address is a fixed IP Address and the * being a wildcard for “Any”
What application is running update.exe?
sorry for late reply.
agava antispamservant runs update.exe
I think : means an unconnected endpoint… but i don’t know