DIY CIS firewall rule migration to 5.3

People who have “updated” to version 5.3 by means of save rules - uninstall - install 5.3 - import rules may notice issues with apps that normally have been set to allow all traffic popping up additional prompts to allow ipv6 traffic, most commonly ::1 calls. These are most often triggered by server software, or accessing one’s own server via localhost. Counterintuitively, people will feel tempted to select “trusted application”, only to be prompted again to allow the ipv6 traffic. Furthermore, newly detected apps that are set as trusted app will also trigger ipv6 prompts despite “trusted application” being considered an “allow all traffic” kind of rule.

This issue is caused by people who instead of waiting out for an online update for their existing install, chose to save their rules and put them on a freshly installed 5.3 version. A product update normally upgrades the rules aswell but in a manual process, the rules remain as they were made back when CIS only supported IPv4. More confusingly, the UI will not point out any issues as the predefined policies seem to be defined “okay” when in reality they’re only being applied on ipv4.

To fix this issue, several steps can be taken. This is to be done AFTER installing 5.3 and importing your old settings:

NOTE: In order to fix existing rules, which do not fall under existing predefined policies, the process is often difficult and if you have a large number of fine-tuned apps, you should expect popups from them; however, only a handful of programs are ipv6-capable and the number should not be high.

-export your settings to a custom .cfgx file, let us call this file old.cfgx
-open a predefined rules file from Comodo’s folder, one that matches your type of security. for example “Comodo - Firewall security” in notepad
-open your old.cfgx in notepad aswell
-for old.cfgx, find and replace all Type=“0” strings with Type=“4”. IPs now fall under categories, and this will make some of the IP rules you’ve already implemented fall under the appropriate category
-in Comodo’s premade cfgx file, search for and stop at the 2nd occurrence. immediately after the last “>”, begin selecting everything up until the word but NOT including it, also note the “/” in the second Predefined. copy all selected lines in the clipboard
-in your own config file, search for the 2nd aswell, and select everything until you reach . delete everything you’ve selected from that interval. you should now see “” in the file. go exactly in between the “>” and “<” where the two words separate, and paste the clipboard
-save old.cfgx and import it back into your rules. don’t forget to activate it! this will fix the predefined policies so that they once again work as expected, and rid of any surprise ipv6 popups

NOTE: If you have any CUSTOM predefined policies under rules, you MUST recreate them. There is no way around this. This will only update the default predefined policies! This will also NOT update the rest of the policies(D+, protected reg keys, files etc) that have been changed with version 5.3.