Not sure what this is about. Disable the firewall driver, reboot, yet apparently I’m still secure! Anyone confirm?
Wnidows 7 x64/CIS 6
[attachment deleted by admin]
It does make you wonder. :-
My system is acting the same as your system and even Windows action centre shows Comodo Firewall as running.
Edit: Win 7, disable the driver from the protocol then animation ceases.
The big question, is the system vulnerable at this point?
If I disable the driver in the same way as you and then rename the ‘inspect.sys’ firewall driver then an error is shown as expected.
I have never got my head around this totally as the driver doesn’t even show up there in XP. :-\
If the driver isn’t being loaded, I assume there’s no firewall filtering, but I’d need to verify that. As for the rest…
If I disable the driver in the same way as you and then rename the 'inspect.sys' firewall driver then an error is shown as expected.
But most people wouldn’t even think about things like that. All they’ll see ‘Secure’ and not worry about it.
I have never got my head around this totally as the driver doesn't even show up there in XP. :-\
It’s really just a different architecture.
Some pretty odd behaviour in the ‘secure’ mode:
The firewall settings prior to disabling the driver were Custom Ruleset/Alerts very high:
- When making a connection to a website with a browser, get an alert for 127.0.0.1:80 - Connects.
- Running a web server with a single Block IP in Global rule, still receives connections from outside.
- Deleting all application rules and making LAN connections doest generate any alerts
- Running a p2p application creates an outbound alert for the local interface and torrent port - works.
- RDP connections are accepted without any alerts, even though there is a Global Block IP in single rule.
…
Sorry for digging up the thread, but was anyone able to figure this out?
Thanks for reminding me, I’m not using version 6 any more and I’d forgotten to file a bug.
Heh, no problem. 
But I’m really curious about this. I know that Comodo 5.x used to rely on Base Filtering Engine on Win7 to provide the tray animation and real time stats. Since it seems this “driver” is doing the same, is it safe to disable Base Filtering Engine with Comodo 6.x?
Unfortunately, I’ve never managed to get a definitive answer about the relationship between CIS and the Windows Filtering Platform components, including the BFE, even though I’ve asked several times.
In tests I’ve run in the past, it seems to make no difference to CIS, if BFE is on or off. However, there are other reasons for keeping these services enabled.
AFAIK if you tick the driver of the NIC CIS no longer filters any traffic on it.
That’s more or less what happens - try deleting all firewall rules and using training mode with the driver disabled - which is why advertising the system as secure, is misleading.
In this case it took a ‘manual’ action to ‘disable’ the driver, It would be worse if the installer failed to attach it and then display it as ‘secure’… or if ‘malware’ could detach it.
But I agree your system is no longer ‘secure’.