Firewall blocks what it shouldn't

This is driving me crazy.
I am sitting behind a router, running XP Pro SP3.
I have :

  • removed a Comodo file from the Windows Updater group and added it to the Comodo files.
  • removed a Comodo file from the System group and added it to the Comodo files.
  • blocked Windows Updater apps (don’t want to update).
  • specified SVCHOST rules to block SSDP, UPnP, RPC for SVCHOST.
  • specifically allowed it all it needs to get an IP from the router.

Yet the logs show that BOOTPS/BOOTPC is blocked, even if I try blocking NOTHING in the svchost rules:

Application - SVCHOST.EXE 
Action - Blocked
Protocol - UDP
Src IP - 0.0.0.0
Src port - 68
Dst IP - 255.255.255.255
Dst port - 67

The above action is specifically allowed in my svchost rules!

And then I get this internal IP: 169.254.149.191 instead of one from my router.

This is my rule set:

http://rapidshare.de/files/41194778/ComodoConfig.zip.html

Would some kind soul please check my rules and tell me why Comodo Firewall behaves as it does?

Have you opened Global Rules for Inbound UDP In/Out 67/68 0.0.0.0 – 255.255.255.255 ?

Try adding this rule for svchost.exe,placing it at the top of your ruleset for svchost,

Action=Allow
Protocol=UDP
Direction=In/Out
Description=DHCP Rule
Source Address=Any
Destination Address=Single IP 255.255.255.255
Source Port=Port range=67-68
Destination Port=Port range=67-68

Also make sure your svchost.exe application rule is above the blocked Windows Updater apps rule(as this also contains svchost.exe) as the rules are read from top down and if it hits the blocked WUA rule first that will apply.

Bad Frogger, Matty_R,
Thank you for helping.

I have both of your suggestions in the ruleset, and the problem still exists. I wish CIS logs would reference the rules used when blocking something…

I have also defined zones and port sets (to make referencing DNS, DHCP, BOOTPS, BOOTPC more ‘legible’), then saved my rules, then upon importing them later I found that those zones and port sets were not present and rules that relied on them had nothing in the affected part of the rule (e.g. the zone for a DHCP rule was empty). Running the rule sanity check found everything OK ??? ??? ???

If I am the only one experiencing problems like that, I’'l need to do a clean reinstall and test again.