Firewall is allowing ALLoutgoing requests on Default install (Safe Mode)

Hi

I installed Comodo Firewall (default), then used GRC.com leak-test program, and it was ‘contained’ - but if I uncontained it, the ‘firewall section’ let it pass and it was able to penetrate, containers are sandboxes, and the app wouldn’t work in that, windows said its been removed and can not access it.
I have tried many apps and have no notifications at all - all on SAFE MODE and ENABLED in advanced

to me it feels like SAFE MODE and TRAINING MODE are incorrect names for starters, to me TRAINING MODE on FIREWALLS means exactly that - it will ASK for every application (this is what i want)
then you can allow it never to be asked again. That’s how it used to work?

I’ve even tried uninstalling with Revo Uninstaller and removed all leftovers in the registry and folders, restarted, and reinstalled and the result is the same?

can anyone help, please?

thanks

See “Safe Mode (Default)” and “Training Mode” description here : General Firewall Settings.
That explains how these modes work.

hi

thanks for the quick reply - already read it, for me it doesn’t work as intended.

also ‘Creating rules for safe applications’ is off… still no notifications, even when notifications are set to high…

is Steve Gibsons leak-test app in the TRUSTED APPLICATIONS by default (when it shouldn’t be due to the tools use point)

Firewalls I’ve used in the past would always popup and ask when I test with that app…always… that’s the point of the app, so it shouldn’t be in any ‘safe mode’ or trusted/allowed applications

I’ve also noted that when I change anything in the comodo appliaction - then uninstall completely with Revo (to get rid of the left behind reg entries and files) - when I restart and then reinstall it - those settings are the same?

thanks

If I understand correctly than, as you mentioned in post #1, the leak test app did run contained the first time you ran it so it was untrusted by CIS. After that you’ve run it uncontained meaning you’ve rated the leak test app as a safe trusted app. In Firewall Safe Mode traffic of safe apps is allowed. In Firewall Training Mode traffic of all apps is allowed (the computer admin/user considers all files on that computer safe) and learned by CIS.

Uninstalling and re-installing CIS doesn’t change the behavior of Safe Mode and Training Mode as these modes work as intended as written in the Help document.

Hi

I deleted the DEFAULT rules from rulesets, and these all remained removed upon re-install (fully cleaned reg entries and leftovers with revo) restart and re-install, I can’t get a FRESH install., as if starting a fresh (like its the first time it’s been on the machine - It won’t get to this state)

when i first added it asked for most things, now i can not get it to do that again… tried diagnostics, no result.

I will just try something else that’s more reliable, shame as ive always rated comodo firewall as the best in the world, it has everything you need and then some.

edit: I have ‘create rules for safe applications’ off - so it should not have added it to a safe list upon de-containing it - i wished i could try with containers off…but as i say looks like you need a dedicated uninstaller - or reinstall yer OS!!

thanks

Hi snadge,

Thank you for reporting.
We are checking on this.

Thanks
C.O.M.O.D.O RT

The leak test app was untrusted the first time you ran it (CIS contained it) because its “File Rating” in the “File List” was “Untrusted”. After this the leak test app did run as a “Trusted” app (CIS did not contain it anymore) meaning its “File Rating” in the “File List” was changed to “Trusted” and as such the leak test app became a safe “Trusted” app status and Firewall in Safe Mode passes traffic of all safe “Trusted” apps by default.
The ‘create rules for safe applications’ setting does not matter in this case, as soon as an app has “File Rating” “Trusted” in the “File List” it is considered as a safe app by the Firewall in Safe Mode and allows the “Trusted” apps traffic.

As for the lost settings, try to restart Windows in “Safe Mode” and then run ciscleanuptool and follow its instructions (reboot twice etc.). This should remove CIS completely from you system. After that restart Windows in “Normal Mode” and reinstall CIS and check if you got back the default CIS settings.

It is preferable to perform firewall testing from outside rather than installing software on the PC because hackers scan online ports via IP
GRC allow it

https://www.grc.com/x/ne.dll?bh0bkyd2

Click on > Process > All services Ports
Test result of my PC with the firewall Comodo CIS Pro v.12.2.2.8012 in custom rules mode