I have Comodo Firewall 3.8. The firewall is blocking an application I have marked as trusted (iomega network storage application). I am at my wits end as to why it should be blocking a trusted application. There are no errors that I can see in the log files, intrusion attempts are 0. The application uses an IP that is already defined as part of a trusted IP range.
Zonealarm is quite happy with the application on my other PC, but Comodo isn’t. How can I find out why Comodo is blocking this app?
Also how can I see a list of my trusted applications and blocked applications?
After a bit more investigation on these forums I enabled very verbose error reporting and this is what I get now:
Date/Time Application Action Source IP Source Port Destination IP Destination Port Protocol
09/04/2009 20:37:24 Windows Operating System Blocked 184.108.40.206 4134 192.168.2.2 3724 TCP
(This was classed as an intrusion atempt by Comodo)
It seems that Comodo is seeing this process as a windows process and not as an iomega process. The process tree seems to confirm this, where the iomega process is showing as a sub-process of the windows process. The IP address 220.127.116.11 doesn’t seem to be a valid url so I am not sure what is going on here. Maybe this is some sort of of loopback error.
Check the Defense+ rules for this program.
You are looking at the Firewall, but maybe it isn’t seeing anything because the program itself has been blocked.
Also try removing the program from Defense+ and re-running the program. you should see an alert to allow it to run.
I don’t think it has anything to do with Defense+ because it it is active the whole time, yet the application only runs if I disable the firewall and is not dependant on whether Defense + is enabled or disabled.
Nevertheless I did do what you suggested and try deleting it from Defense+. It didn’t actually ask to add the application but popped up with a message that it is “learning” the behaviour of the app.
I would have thought that the 2 rules I have active in firewall should be enough to allow the app to do anything, but I must be missing a rule to get it to work. It seems a bit weird to me that Comodo is obviously stopping the application from running correctly but not generating any errors while doing it!
Still stuck I am afraid - anything else you can suggest?
You may have allready tried this and dont no if it will help,but its worth trying as upnp may be used by the device so windows may need some info.
Anyway go to Stealth ports wizard,click on next/Check “I would like to define and trust a new network”
Put in the IP range of your network(you could try starting off with the full network i.e. -->192.168.0.1—192.168.0.255
If this helps we could trim it down later.
Now click on “Finish”
You should receive the message “your firewall has been configured accordingly”
Now have a look in Firewall/Advanced/Network Security Policy/Application rules
You should see 2 rules for system–> 1.Allow System to send requests if the target is IP in (your network)
2.Allow System to receive requests if the sender is IP in (your network)
In Global rules you shouldhave 1. Allow all outgoing requests if the target is IP in (your network)
2. Allow all incoming requests if the sender is IP in (your network)
Thanks again. I did try this with IP range 192.168.0.1—192.168.2.255 Note that this wider than the range you suggested. I checked in application rules and saw the new rules in System and in Global - just like you said, they were there.
Still not working.
Something is still bothering me and this gives me an idea. It has always bothered me that CF is not generating any error messages even with all alerts enables and maximum verbosity, yet the application is still being blocked. Perhaps then the application is NOT being blocked by CF directly but by some process that is enabled when CF is enabled and disabled when CF is disabled.
Thanks for all the help Matt and everyone else, I was beginning to despair that we could solve the problem!
I still have a question or two.
Since I had to deactivate “Block Fragmented IP datagrams”, how safe is my computer now and why would this block without logging - it caused no end of trouble by not logging?
When a connection is opened between two computers, they must agree on a Mass Transmission Unit (MTU). IP Datagram fragmentation occurs when data passes through a router with an MTU less than the MTU you are using i.e when a datagram is larger than the MTU of the network over which it must be sent, it is divided into smaller ‘fragments’ which are each sent separately. Fragmented IP packets can create threats similar to a DOS attack. Moreover, these fragmentations can double the amount of time it takes to send a single packet and slow down your download time.
Comodo Firewall is set by default to block fragmented IP datagrams i.e the option Block Fragmented IP datagrams is checked by default.
Thing is you should be fine anyway as your behind a router and have DOS(denial of service) protection configured in “Attack Detection Settings”–>Intrusion Detection.
No idea why it doesn`t log anything,it never has,would be helpful too 88)
Another satisfied customer! Had no problem accessing the Iomega NAS from a wired desktop running Win7 and Windows firewall, but was tearing my hair out trying to access via wireless laptop running Comodo firewall. Ascertained it was the firewall blocking access and finally found this thread. As others have said, unchecking ‘block fragmented IP datagrams’ solved it. However whilst I’m happy running like this at home - or on known router-firewalled networks - I’m still a little concerned about accessing on unknown networks, Blimey I sound like Donald Rumsfeld talking about known unknowns, unknown knowns and unknown unknowns!