I was wondering what settings have to be on to be able to view intrusion attempts? I have only noticed this after updating to the new version, it would previously show many. I have firewall and defence+ set in safe mode and configuration set to proactive sercurity.
Thanks
Go to FW > Network Security Policy > Global Rules and there right click on the “block IP in” rule > edit > check “log as a firewall event if this rule is fired” > apply > ok
Ok, thanks for the help. I think may already be set like that by default. these screenshots show how it is set. but still dont recieve any intrusions. I used to get alot whenever i used a torrent program but now none.
[attachment deleted by admin]
It looks like you’re running either the ‘Firewall or Proactive’ configuration - More/Manage My Configurations - which only have rules to control certain types of inbound ICMP. You can either change the security configuration to Internet - select Internet Security and click Activate - or you can run the Firewall/Stealth Ports Wizard with the third option:
Block all incoming connections and make my ports stealth for everyone
Either procedure will change the Global rules to those in the image below. Be aware, however, that making this change will require you to create some Global rules to accommodate your torrent client. You can take a look at this thread for help.
[attachment deleted by admin]
Cool, yeah so made it so it logs the intrusions now but on another issue using the GRC website it shows most of my ports open even though i have it set to the third option in stealth ports wizard - would u have any ideas on what to do? or what would be the reason, thanks
Results from scan of ports: 0-1055
1056 Ports Tested
NO PORTS were found to be CLOSED.
Ports found to be STEALTH were: 135, 139, 445
Other than what is listed above, all ports are OPEN.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
Are you behind a router? If so, scan tests like those from GRC are scanning the router ports, not the software firewall.
no I’m not. so, yeah really sure. i’ve had it working fine b4 stealthing all ports. just been giving me a little grief since the update
Curious! Your Global rules look the same as those in the image above and the IP address displayed at GRC is that of your PC?
Sorry, I’m not to sure what u ment but I’m using mobile broadband so i think the i.p. changes somewhat everytime I reconnect to the net. Could it be a problem with the installation maybe? It reports none in the diagnosis in the firewall though. I’ve tried all 3 options in stealth ports wizard with the same outcome at grc website.
When you run the test at GRC it shows the IP address it’s testing (image) is this the same address if you open a command prompt and type ipconfig /all?
Could it be a problem with the installation maybe? It reports none in the diagnosis in the firewall though. I've tried all 3 options in stealth ports wizard with the same outcome at grc website.
Anything is possible, but first, please confirm you have your Global rules as shown in the image above. Also please confirm the firewall has not been disabled.
[attachment deleted by admin]
Ok, windows says that the firewall is running. GRC gives my I.P 118.148.194.209 which is the same as what it says in the command prompt I think. I’m set on the 3rd option in stealth ports wizard running in safe mode with proactive security.
[attachment deleted by admin]
I would appear that you may have a problem with the installation, as everything seems to be in order. Just out of interest, you’re not using any other security applications and the Windows firewall is disabled?
Based on a previous post…
… So, not behind a router, but there could easily be a transparent proxy (ISP provided). It’s fairly typical for this type of connection.
Yes windows firewall is turned off. I’m running avast fee with just the main component installed - file system shield. Avast seems to be running fine but in security status in the windows control panel it says their is no anti virus program installed. Not sure if that would be affecting anything - probably not. Maybe i should try to re - install comodo firewall, though have already tried a few times. I have had full stealthed ports in the previous version of the firewall with the same mobile connection.
Which Avast shields (?) do you have running?
Just “File System Shield”
It’s a good idea Kail. I did download the manual but it’s a bit light on detail. http://www.huaweidevice.com/worldwide/productFeatures.do?pinfoId=2219&directoryId=5012&treeId=6&tab=0 It certainly offers DHCP, so it might be worth logging on to the device and seeing what other settings there are.
@Uncle Shane
If you want to try this, you’ll probably have to give your PC a static IP address before you can access the modem, as it’s address is 192.168.1.1. Give yourself an address, say 192.168.1.10 and then try connecting yo the modem by typing 192.168.1.1 in the address field of your browser. the default logon and password is admin.
You can post your findings here, maybe we can help…
Is Comodo actually seeing traffic… Open up the “View Connections” option. Then open up your favorite browser, generate some traffic. Open a couple different programs that use the Internet like steam, ventrilo, anything really. Leave them open and check that View Connections is actually showing this traffic. Also, while you have these up, trying switching Comodo Firewall to “Block All Traffic” and make sure all the connections drop. If either of these does not have the expected results (your probably having some of the same issues I just had… and are in for a long ride).
Its really strange that its reporting you have all those ports open though. That would mean something is actually listening. Try this also, get your IP from command prompt (ipconfig). With nothing running but Comodo, run as administrator “netstat -anb > results.txt”. The results will be redirected to results.txt so put it some place you can find it. You are looking for lines with your IP… Are there foreign connections with real IP addresses listed next to it with state (established) or 0.0.0.0 with state (listening). With GRC’s report I would expect a ton to show up (at least 1000+).
As a last resort, you can try to telnet to yourself on these open ports to see if you get any banners. Or you could even try scanning yourself with nmap (if your familiar with it). If you do all this, Comodo blocks when you tell it to, and everything but GRC shows your ports stealthed… I am lost for words at this point.
Hi, again. I tried logging into my modem in the browser without setting a static i.p and the i got nothing. could u please tell me how to set a static ip address as im not sure how to do this. thank u
By the ipconfig you posted, it looks like you’re running XP. You can change to a static address for the purpose of testing the connection to the modem, by using the settings in the image. You will probably loose Internet connectivity whilst you do this, so make sure you change the settings back to “Obtain an IP Address Automatically” when you’ve finished.
[attachment deleted by admin]