Firewall events log

I’ve just loaded CIS a couple of days , Before I just had the fire wall. I’ve never had anything on the event log. How can I test this? Is there a guide for proper set up? I seen one set up in an older post. It must have been an older version because the pages looked different. Thanks for your help.


what operating system do you have? I had this problem on Windows XP, my firewall and defence+ blocked some attempts, but in firewall and defende+ logs there was nothing (even if I had logs enabled). Now I have Windows Vista and logs are working very well…

If I understand you properly, do you want to configure your firewall? I suppose you know this link, but for sure I write it :slight_smile:
Comodo Internet Security - CIS (Firewall, AV and Defense+) > Help - CIS > Install / Setup / Configuration Help

And here are default settings for CIS 3.8:

I hope it was useful for you.

Hi,Thanks Dan, I do have XP but I wasn’t very clear on set up ,I have default setting so I was hoping to get the safest settings. ( Max ) and to make sure the firewall is working since nothing is ever on the events log. Thanks

Hello 4putt,

I was just surfing throughout the forum and found some useful links for maximum security :wink:

Enjoy :wink:

If you want to test that the Firewall is working correctly and loging go to Firewall/Advanced/Firewall Behaviour Settings move the “General settings” slider up to custom and set the “Alert settings” to high.
Now you should be alerted for any application which tries to connect out which doesn`t have a rule for it in Firewall/Advanced/Network Security Policy/Application rules.

Try running an app which connects out(but doesnt have a rule) and at the pop-up chose block(MAKE SURE "REMEMBER MY ANSWER" ISNT TICKED or a rule will be created)
Now look in Firewall/View firewall events—>The blocked entry should be there


Hi Dan, Thanks for this I went through and set up everything as shown, also took time to read the help in the misc. section. I only have one question on the Firewall Stealth Wizard. I put the tick in the bottom (block all incoming connections stealth my ports to everyone) and clicked on finished as instructed. When I go back to look the tick is back up top (define a new trusted network). Is this normal? Is the bottom tick selected? Thanks for your help Tom

Hi Tom,

you are welcome :wink: As for Stealth Port Wizard I am not sure :-[ I suppose that rules are set as you tick “block all incoming connections stealth my ports to everyone” and click finish, so there is no need to do this more times, but I am not sure. I am curious, when I reboot my computer, if settings are preserved.


Super, that is cool :slight_smile: Now I have tried it and it works :slight_smile: Thanks

Hi Dan, I’m curious if when you use the wizard if your tick remains in the block all all incoming connections position. You don’t have to reboot, after you answer yes you just look again. Thanks again! Tom

Hi 4putt,

The wizard radio button, goes back to it’s original position.
This is 100% normal. So you run it and then forget it, it isn’t showing you a status.
The radio button for the wizard just has to start somewhere.