A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
Can U reproduce the problem & if so how reliably?: yes, happens every time
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
running firewall in Custom Ruleset Mode.
running Outlook 2010
set a rule for Outlook as Allowed Application
according to KillSwitsch, all connections from Outlook dont pass the SYN_sent state
if i switch to Safe Mode or Training Mode, connections from Outlook reach the ESTABLISHED state.
in Safe Mode with “Create rules for save applications” enabled and Training Mode, CIS set a correct rule to accept the connections (connections on port 80 and 443). if i switch back to Custom Ruleset Mode, this rules stay, but all connections from Outlook dont pass the SYN_sent state again.
If not obvious, what U expected to happen:
i expect that connections reach the ESTABLISHED state if a rule allows this.
If a software compatibility problem have U tried the conflict FAQ?: no
Any software except CIS/OS involved? If so - name, & exact version: Outlook 2010
Any other information, eg your guess at the cause, how U tried to fix it etc:
i try to set up other rules (like “Mail Program”, “Webbrowser”, “Allow IP In/Out From MAC Any To MAC Any Where Source Port is Any”), without access
Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware):
Watch Activity Process Lists and Watch Activity Network Lists are attached in both States:
a) when activity is blocked (in Custom Ruleset Mode) an
b) when activity is not blocked (in Safe Mode)
also the CIS diagnostics report is attached (generated when CIS FW was in Custom Ruleset Mode)
[/ol]
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration:
6.1.276867.2813, Internet Security
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
All, HIPS=safe or off (no difference), BBlocker=Partially limited, Firewall=Custom Ruleset, AV=on
Have U made any other changes to the default config? (egs here.): no
Have U updated (without uninstall) from a CIS 5?: yes
[li]if so, have U tried a a clean reinstall - if not please do?: yes
[/li]- Have U imported a config from a previous version of CIS: yes
[li]if so, have U tried a standard config - if not please do: yes
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 7, SP1, 64bit, UAC=on, default, admin, VM not used
Other security/s’box software a) currently installed b) installed since OS:
a=none, b=none
[/ol]
Thank you very much for your bug report in standard format. We very much appreciate the effort you have made to document this bug.
We are sorry to trouble you further but there are some items of information missing or unclear in your post:
A.8 Please append your Watch Activity Process List and your CIS diagnostics report
The reasons we need these items of information, though they may not seem directly relevant to the issue are explained here.
We would be very grateful if you would add these items of information so we can forward this post to the format verified board, where it is more likely to get fixed. You can find assistance using red links in the Format and here. If you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.
In the current process we will normally leave it up to you whether you want to make a report which includes all necessary information or not. We may remind you if we think a bug of particular importance.
hello, my ethernet network adapter is a Realtek PCIe GBE Family Controller and i do not use any connection virtualisation.
to to simplify matters, i changed to the preset “COMODO- Firewall Security” (wich i dont use before, so it schould have all default settings) and change the firewall stettings to custom ruleset mode and delete all global rules (which deny different IMCP traffic in this preset).
so i have NO global rules and the default application rules for COMODO, Windows Update and Windows System (see screenshot).
i start outlook an set a rule as “Allowed Application” (see screenshot). “Allowed Application” in this preset allows IN and OUT traffic FROM ANY IP, TO ANY IP with ANY PROTOCOL.
but connections form outlook still dont reach an established state.
in a second step, i set a global rule, allowing all IP traffic (see second global rules screenshot). as well as with this setting, outlook still dont reach an established state.
when i change to safe mode an no other changes at all, it works instantly.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
hello, with global allow rule set there is no change after a reboot.
the problem appears strange to me too. i’ve no idea in matters of a adapter driver problem because in safe mode everything works fine. normally i think, a global rule allowing everything in custom ruleset mode would allow more than safe mode. i wonder if safe mode allows something else then stated in the rules, contrary to custom ruleset mode. if safe mode only “automatically creates rules that allow all traffic for the components of applications certified as ‘Safe’ by Comodo”, as stated in help, there schould be no difference in safe mode and custom ruleset mode with a global rule allowing everything.
to to exclude a adapter driver problem, i just deactivate my network adapter and connect to the internet via usb-tethering with my smartphone. so it’s a completly different network adapter connection, but the problem persist.
Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.