Firewall does not work correctly in some cases

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?:
always
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: Clean installation and settings: COMODO - Internet Security and COMODO - Proactive Security

2: After running a safe or unknown application that tries to access the internet exploring other applications, eg browsers and some system files, we are alerted by the firewall on the request. This is an expected or correct behavior, since the application could being exploited by malware not recognized by the antivirus module.

3: This process will only work fot the default settings:
COMODO - Internet Security
COMODO - Proactive Security

4: In configuration:
COMODO - Firewall Security
the firewall does not alert but only the HIPS alert.

One or two sentences explaining what actually happened:
In the default settings:
COMODO - Internet Security
COMODO - Proactive Security

Since the sandbox is not disable and the application is not in the default firewall rules. The firewall will work!

One or two sentences explaining what you expected to happen:
The firewall should work with the sandbox active and sandbox disabled.
In the case where the firewall will fail, adding an application in the application firewall rules should be permitted according to the “parent application and the target application”. See exemple:

If a software compatibility problem have you tried the advice to make programs work with CIS?:
Has no compatibility issue

Any software except CIS/OS involved? If so - name, & exact version:
Zemana antilogger 1.8.2.113 (I tested with the OS clean, just like comodo internet security)

Any other information, eg your guess at the cause, how you tried to fix it etc:
As said before the firewall should allow according to connections, “parent application and the target application”.

B. YOUR SETUP
COMODO Internet Security - 8.0.0.4344

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
1ª: COMODO - Internet Security
Antivirus - Disable
Sandbox - Active
Firewall - Active
Firewall worked!

2ª: COMODO - Proactive Security
Antivirus - Disable
HIPS - Active
Sandbox - Active
Firewall - Active
Firewall worked!

3ª: COMODO - Proactive Security
Antivirus - Disable
HIPS - Active
Sandbox - Active
Firewall - Active (allow browser as: “browser web” )
Firewall failed!

Have you made any other changes to the default config? (egs here.):
COMODO - Internet Security
COMODO - Proactive Security
Antivirus - Disable
HIPS - Active
Sandbox - Active
Firewall - Active (allow browser as: “browser web” )

Have you updated (without uninstall) from CIS 5 or CIS6?:
No
if so, have you tried a a a clean reinstall - if not please do?:
N/D
Have you imported a config from a previous version of CIS:
No
if so, have you tried a standard config - if not please do:
N/D
OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
WINDOWS seven service pack 1 64 bits, UAC disable, account admin, no V.Machine

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=ZEMANA antilogger 1.8.2.113 b=No

Does this only happen when the browser is run as fully virtualized?

I wan to add that the web filter can also be bypassed by Chrome in certain situations

try setting it to block all, then try to go to facebook.com on Google Chrome.

in mi case it was blocked in Internet explorer but not in Chrome

create a separate bug for this

HI Liosant.

Very sorry you are experiencing this problem

Looking at the video, this is so complex that I do not think it can be processed without more precise steps to replicate, specifying exact applications. We would need these both for the case where the firewall succeeds and where it does not, with precise description of the differences between the cases, including whether the browser is virtualised.

I will leave here in the main board for a week or so to give you some time to add these if you would be so kind.

Best wishes

Mouse1

Since a week has passed and the replication steps have not been added im going to move this to incomplete. Once you add more precise steps for replication we can continue to process this bug report

Thanks