Hi,
I seem to have an issue where the Firewall events are missing.
In the Summary screen it shows how many intrusions are blocked so far and then there are blocked intrusions, but when I want to look at them the Firewall event viewer is blank ? as if there were no entries ?
This is a fresh installation on a new laptop.
Windows 7 SP1 Home premium
Thank you,
Hellion
Hi Hellion,
Have you by any chance accidentally (Ticked)disabled logging? More, Preferences, Logging.
See screenshot
[attachment deleted by admin]
Hi Captainsticks,
I forgot to mention that my settings are pretty close to defaults and I did verify that they are UN ticked.
Also this is a random issue; sometimes I do see events and other times not…
My apologies for lack of information on my original post.
Hi Hellion,
Is there any history of the events, if from within the event viewer you go to More then Entire Period?
Hi Captainsticks,
I Checked now and it’s all blank.
Except for this entry under tasks…
Log Clearing 2011-08-11 07:32:17 Old log file reached size limit and was deleted
My settings are set to when it reaches 50mb then it must recreate the log file, but to my knowledge it should take quite a while to get there?
I changed the size limit to 100mb and now I’m going to see what happens.
What do you think?
Hi Hellion,
I am not sure what is happening it would take a hugh amount of logging to have the need to delete when limit is reached with those settings.
Even if this limit was reached, I would expect it to only get deleted when more logs were created therefore I would expect some to be showing at all times ???.
If in doubt set it to save full logs to a specific location and see what happens, you can always delete these after if no longer required.
Sorry I am not much help here, if anyone else has some suggestions please do so.
Thanks.
Kind regards.
Hi,
I checked again now.
I have 69 intrusion attempts.
Clicking on them shows only 1 event and going to “more” only shows the one.
When I check by tasks it says it log cleaning 5 Min ago?!
It’s very weird.
This does not happen on my win7 SP1 32bit
I’m going try your suggestion now…
Thanks
Click on the View tab in the Firewall Log screen and make sure all the following are checked - see attached pic.
[attachment deleted by admin]
Before even worrying about these intrusions, you should update to SP3 and apply all to-date critical WIN updates.
Hi Donz,
Those are all ticked, as per default.
I saw entries today (6 intrusions), but when I go too look an the log file folder there’s is 5 100mb logs ? a bit much I think ?
I don’t even get 10 intrusions a day? (unless I install new software)
It seems to be creating log files, but they are not full of intrusion entries, because there simply is not enough intrusions to allow logs that big.
I cannot upgrade to Sp3 as windows 7 x64 Home premium only goes up to SP1.
All critical updates are installed as per automatic updates.
Hi Radaghast,
You are exactly right, I’m using avast free edition.
Why did you ask?
Hi Radaghast,
Thanks for the link! Very insightful indeed!
I will use the information there to investigate further.
I see that discussion stopped stopped June 20 2011.
I wonder what happened ? If he resolved the issue?
I cannot upgrade to Sp3 as windows 7 x64 Home premium only goes up to SP1.Sorry about that. Thought you were on WIN XP.
My setup is almost identical to yours. WIN 7 SP1 x64, Avast 6.x. I had no issues with Avast 6.x and Comodo 5.x other than with some Web Shield issues that are not related to your problem.
I did add Comodo’s cmdagent.exe and cfp.exe as Trusted Files in Avast’s Behavior Shield settings.
Radaghast will correct me if I am wrong on this but I am not sure intrusions are logged unless the rule that blocks them has “Log as a firewall event if this rule is fired” checked?
Do you have block global or application firewall rules where the above option is unchecked? If so Comodo’s firewall status screen will show the total number of blocked intrusions but no event will be placed in the firewall log.
Hi Donz,
I viewed the large log files via that tool in the thread link from Radaghast.
It has been avast causing a lot of entries, but there are more headers than just defence plus+ and f/w in the logs.
Strangely enough I changed the logging back to 50MB and make it recreate it when it’s full and now the logging is working?
I have made no changes whatsoever and My logs are staying there and it’s been like this for two days now…
Wierd.
I run Avast 6.x. The only thing I see in my firewall log is Avastsvc.exe which is used for Avast’s web shield and because I chose to log all events it generates.
BTW - Avast’s web shiield uses a localhost proxy that connects to port 12080 from your browser. It then connects to the Internet from localhost ports in the 12000 - 12999 range to the orignal destination port which is usually port 80. It only does that for http traffic. It does not do that for https, tcp, or anything else your browser might be connecting to.