Firewall in 5.10.228257.2253

I am using CIS verzion 5.10.228257.2253, regulary updated, on two computers. I am connection to these remote computers with VNC protocol ( Tight VNC, but I think this is not relevant )
To Computer 1 connecton is normal, firewall is set to Safe Mode, tvncserver.exe is marked in Firewall Network Security Policy as Trusted Application and Allowed All Incoming and Outgoing Requests
To Computer 2 connection is possible only when Firewall is turned off, in other cases is not possible.
Tvncserver.exe have same settings as in Computer 1

Can You please explain me what is happening and what should I do to normaly connect to Computer 2, with Firewall on ?

What does the log say about things being blocked?
Firewall log …
and in cases defense+ log.

Firewall log is empty.

Maybe this is not relevant, but I have to add that this computer 2, formerly was located in LAN in my company, and connection with VNC client was possible with firewall on, now when is on remote location, connection is not possible

There may be a difference between the Global Rules of both computers. If the second computer is set to stealth then you won’t be alerted for the incoming traffic.

Try running the Stealth Ports Wizard on computer 2 and choose option 2; “Alert me to incoming connections”. Next time you will try to connect to it you will be asked if you want to allow that connection or not.

If you want to keep stealth settings you need to open the required port in Global Rules. Let me know if you need assistance with that.

I followed Your instructions, choosed Option 2, Alert me to incoming connections, and now connection with VNC works with firewall enabled, but I was not asked to allow this connection. Wierd, a ?

Can you show a screenshot of the Global Rules of computer 2?

There is screenshot of Global Rules

[attachment deleted by admin]

Could you tell me what networks are defined by Posao1 - Posao4? You can find them under Firewall → Network Security Policy → Network Zones.

There is screenshot of Network Zones

[attachment deleted by admin]

Is the network with network mask 192.168.1.2/255.255.255.0 your local network on which your two computers connect? If that is the case your Global Rules are fine and should not cause any problems.

Can you take a look at the Application Rules of the firewall and see if there is a rule called “All Applications”. When the rule is there see if the rule for Tight VNC is at a place somewhere underneath that rule. When it is there drag and drop the rule for Tight VNC to a place above the “All Applications” rule.

Looking at your network zones you can remove network 3. The address in the 169 range only gets given by Windows when Windows does not see a network for some reason.

I guess network 1 and 4 are for VM Ware or Virtual Box. Is that correct?

  1. Yes
  2. In Application rules, tvnserver.exe is on top
  3. I removed it
  4. No, Network 1 and 4 are from LAN where computer was previously

Your Global Rules are fine and the rule for Tight VNC is in the right place. So we would expect to be able to connect to computer 2.

Before I call it a bug please make sure that there are no left overs of previously uninstalled security programs around. Not all uninstallers do a proper job. Left over applications, drivers or services can cause all sort of “interesting effects”.

Try using removal tools for those programs to remove them. Here is a list of removal tools for common av programs: ESET Knowledgebase .

Let us know if that helps or not.