I have always used Custom Policy Mode for CIS Firewall and have never had a problem getting alerts for all applications that request net access and adding them to the firewall Network Security Policy (either to block or allow net access). Never been an issue for me until a recent update (last 2 days???). Now Custom Policy Mode does not alert to any applications at all and those applications that access the net are immediately added to Trusted Applications without any input from me.
The Create Rules For Safe applications option has no effect (unticked/ticked). Do Not Show Popup Alerts is unticked. Alert settings even set to very high no longer work for Custom Policy Mode. Strangely (in testing) even if I set the firewall to Block All, applications are still added to the white list trusted applications. I can run with Defence+ mode completely disabled (thinking trusted vendors would be ignored) and Custom Policy Mode with High alerts for firewall still does not work (no alerts) and programs are still automatically added to Trusted applications.
As I said, this has never been an issue until just recently. I only noticed Custom Policy Mode was not working when I removed an application from the Network Security Policy to have it re-alert and add it again. It never happened which got me investigating the problem.
I have completely unisntalled/reinstalled and Custom Policy Mode simply will not work for the Firewall. Every application (net accessing) gets added immediately to Trusted Applications and absolutely nothing gets added to Network Security Policy.
Very frustrating and quite worrying not knowing if the firewall is doing it’s usual, more than satisfactory job.
Incidentally I have tried all three security configurations to no avail.
Version 5.12.256249.2599
First time I have had such a problem with this marvellous software suite.
Hoping someone can help or this issue is fixed soon (if it is not user error!).
Regards
Glo
EDIT: additional info - Running Windows 7 Ultimate SP1 with latest updates.
Is " dont show alerts" enabled? Its a choice (if you find it) while installation. Default is enabled. Dont know why.
You can disable that in each setting for a section later.
In Firewall Behaviour settings Do Not Show Popup Alerts is unticked but none show although they did previously for any application that wasn’t in my Network Security Policy. No alerts now, they just go straight into trusted files.
Not using Avast. Windows defender, firewall and security centre all disabled. CIS (AV and firewall) is/was my primary security suite. However, I am looking at other options now if I can’t find a fix for this.
As “here” is all fine like usual, you might
a) think about changes lately
b) look through the setting for logical reasons of this to happen.
c) load a backup of your setting
Firewall:
examples
-custom mode
-no “general rules” in application rules section
-settings
-made rules
-disable “create rules for safe programs”
Edit: Do you encounter those problems since using 5.12?
I use 5.10, as .12 was aimed for windows 8.
I appreciate your help on this.
I haven’t made any changes to my setup of CIS. I do have program updates on and this only started happening after CIS updated itself to 5.12 after a prompted restart. When my alerts stopped appearing and I couldn’t get them working after trying all conceivable configurations, I uninstalled, downloaded the latest installer (5.12) and went through my usual setup routine for Custom Policy and still no alerts would appear. I’d loaded in a previously saved configuration (prior to updating automtaically to 5.12) and still no alerts would appear.
Your last comment regarding .12 being aimed for W8 or at least having extra compatibility for it, made me look at getting hold of the previous version. I just got 5.10 from Filehippo, installed, setup Custom Policy mode with same settings as before for firewall side of things and now all alerts are appearing as they should. Nothing different in my setup of the software, just using the earlier version.
Fantastic! Thanks for pointing me in this direction. I have now switched off Program Updates and will stick with 5.10 until I hear that the latest version is working satisfactorily!
I am a firewall engineer of COMODO. I have saw your message about firewall bug, I am very sorry for CIS is annoying you.
I have tried to reproduce the issue but can’t succeed. for fixing the issue, I need your help. please help me do following things with 5.12 version:
1)Launch cmd.exe, and enter"sc query inspect" and observe if inspect is running state;
2)From Ethernet property to observe: if COMODO Internet Security Firewall Driver is installed;
3)Launch services.msc and observe if BFE service is running.
4)Download attached files and replace the driver file under folder windows\system32\drivers and test it again, observe if it works well.