defining rules

Is it advisable and if so how do I define a rule so that an internal program trying to reach my modem/router’s lan address or the computer’s dead letter box will not generate a popup warning? I believe that these addresses do not allow sending of information to the internet and I shouldn’t need a popup for them. Please correct if I am wrong.


With the latest BETA, we have provided a better popup structure where an option to skip loopback packets are presented. But loopback connections are not harmless at all. If you skip TCP loopback connections, then an application can use another proxy application which listens on loopback to connect to the internet. This is not something uncommon. So if a firewall blindly allows all loopback connections, then there is a reasonable security risk.

Think of the following scenario:

1 - You have installed a transparent proxy server(proxy.exe) for security purposes so that it listens on Lets assume all your outbound connections are redirected to this proxy and this proxy is the actual application that connects to the Internet.
2- Virus.exe tries to connect to
4- Virus.exe will try to connect, which in turn use proxy.exe to connect to
5- Firewall detects virus.exe for and since it is a loopback connection, it allows.
6- Firewall detects proxy.exe connecting to and since proxy.exe is trusted, it allows.
7- Virus accessed the internet without being detected.

Hope this helps,


If I had happened to check that box (for no other reason than… curiosity)… where would I go to undo that?

We havent put some options to BETA GUI yet. The release version will have the option in advanced page.

I haven’t installed such a proxy, at least not knowingly. Does that remove the danger?

If you dont have a local proxy installed, loopback traffic can be ignored.

In internet options, connections, lan setup, no proxy is specified so this should confirm that I have no proxy installed. Can I now define a rule to prevent popups pertaining to my lan ip address ( or the loopback address (

Secondly, we can now connect this issue with my first question in Comodo Forum in which I asked about an app which generated a popup pertaining to comunication with my lan ip address ( as shown in the screen shot. I would like to prevent this kind of popup and correspondingly popups for communication with the loopback ip address (
I see that matters are beginning to come together and I await your response.
Many thanks.

P.S. I still cannot figure out whether to consider this plethora of popups an advantage or disadvantage and whether it indicates superior or inferior functioning of CPF in comparison with others say ZA. Do you have any comment?

Please bear in mind that some applications use the 127 loopback for their own purposes. F5 Networks SSL based clientless VPN installs an ActiveX or Java dynamic host proxy when you log in on a F5 VPN web page. No user intervention required, and its removed at the end of the session.

There are others, but that’s the first one that comes to mind.

Ewen :slight_smile:

I don’t have any such application installed

I was just pointing out that some programs setup their own internal proxy or otherwise use the 127 subnet for their own purposes. It was only offered so that people didn’t think “I’ve never explicilty installed a proxy, so the 127.0.0.X thingy cant be an issue.”

Ewen :slight_smile:


At there is a test called PCFlankLeakTest.exe. Download it and test ZoneAlarm to see why CPF is superrior(Btw, this is just one example. As I recall you were seeing lots of OLE Automation popups so this is an example test)With CPF, you will have the control over all harmful activities.

But again, if you want to install and forget, just select “Automatically approve safe applications”(Over 10000 applications are recognized in the database) option.

Or, you can go to Security->Advanced section and disable “Monitor COM/OLE requests” option, which ZoneAlarm does not have at all. Also after making sure you have “Security->Advanced->Basic popup logic” is enabled, CPF should not ask you anything except suspicious activities.

We have already demonstrated with many examples that even the loopback( is not something you can trust easily. Many AV email scanner modules come with transparent proxies which make loopback traffic completely untrustable.

Unlike ZA, CPF is a full parent based firewall. This means your application checking is 2 times more than ZA. Just this feature alone causes more popups than ZA. So why do we check parent applications? Because without it, there can be no true application based outbound filtering that can not be bypassed.

In a couple of days, we will be releasing another proof of concept leak test called CPIL3, that ZA(6.5 Pro with highest settings) could not detect(None of the firewalls we tested could detect) while CPF 2.2 is already capturing it proactively(Note that when we found this technique, CPF 2.2 was already released and we did not know if it cathed or not, honestly. Thats why our betas sometimes fail this test).

This test will prove that without a proper parent check, all firewalls are bypassable or not proactive enough.

Hope this helps,

Welcome to PCFlank Leaktest results page
I failed the pcflank leaktest with comodo:
Here are the results of PCFlank’s Leaktest for your firewall.

If you see the text you typed in the table your firewall flunked the test.

If your text is not shown, you either didn’t take the test, your previous IP address was different from your current one or your firewall successfully prevented the leak of data (i.e. passed this leak test).

IP Date Text Jul 31, 2006 08:24:13 GMT My name is yokohama

If CPF showed a popup, asking you about pcflankleaktest.exe, then you passed the test. While using that test try to use different texts because it stores previous texts and confuses users.

If you did not see a popup at all, then let us know your CPF version and Application behavior analysis configuration.


The popup was for mcaffee siteadvisor, not pcflank leaktest.

I also failed the browser privacy test (referrer): While visiting web sites your browser reveals private information (called ‘referrer’) about previous sites you have visited.

I passed stealth test, trojans test, and exploits test

If you saw this popup, and allowed, then this means you allow leak test to connect to the internet. IF you read the security considerations carefully, it warns you about the parent application for McAfee siteadvisor which is iexplore.exe.


[attachment deleted by admin]

Now I don’t recall whether the popup mentioned leaktest in the lower panel. What can I do to make the popup show again? Maybe I am beginning to understand how this works.

You can simply retest. Just start internet explorer and then rerun the test to see what sort of popups it will produce.

This time there was no popup at all