Firewall still active when it's off??

Hi there, I’ve been reading lots of good things about the Comodo firewall, so I decided to give it a try instead of AVG’s firewall that I have been using. I have no gripes with AVG, but if Comodo give the best protection, you can never be too safe.

I had so much trouble configuring it, I had to uninstall it and reinstall AVG. However, I’m still interested in using it, so I figured I’d come on this forum and see if anyone can give me some hints as to how to get it working properly.

I guess the biggest problem I have with it is that apparently when I tell it an application is trusted, it’s only partially trusted. In particular, two applications that I couldn’t get to work.

One is my Palm hotsync software. The first time it ran it, it popped up the expected alert, and I told it to allow it to run and remember my choice. It initially looked like all was well. The hotsync did all it’s business and didn’t give me any errors, but then when I looked at my backup files from the hotsync, there wasn’t a backup on my HD! Files went to my Palm, but nothing came back… This device is communicating through USB.

The other problem is with a program called GSAK. It is an application for sorting geocaching waypoints, and then upload the waypoints to a GPS receiver. It actually calls another application to do the actual uploads. Both of these applications are granted permission, yet when I try to upload waypoints to my GPSr, the application hangs when attempting to send. My GPSr is connected to a USB to Serial converter. My first thoughts were that the converter wasn’t being allowed connections, but I never had an alert pop up regarding the converter, and since it’s not actually an application, I have no idea how to manually give it permission.

So now it gets confusing. I definitely knew these issues were due to the new firewall because that was the only thing that had changed on my system. So I unplugged my broadband router so I didn’t have internet connectivity and shut down Comodo. Much to my surprise, I still had the same issues! I did notice that there were still some active Comodo processes in my task manager, so I end tasked them. This netted me a BSOD. So I decided to stop Comodo from loading with Windows and restart to see if these processes still loaded. They did…

So, I uninstalled Comodo, reinstalled AVG and all is functioning again.

So, I guess it’s good that the firewall is still somewhat functional even when the application isn’t even running, but it’s more than a little bit frustrating when I have configured these applications to be ‘safe’ as far as Comodo is concerned (to the best of my knowledge) and have them still being blocked to a certain extent. I could even deal with the hassle of disconnecting my router and shutting down the firewall to do these tasks as they are not something that is done very frequently. It’s a hassle, but I could deal with it if I knew I was getting the best protection available, but it’s apparently such good protection that I can’t even shut down the program and get these things to function!

Sorry for going on so long… Anybody have any thoughts?

The AVG “firewall” isn’t really a firewall in the true sense of the word since it only protects you against inbound attacks. It doesn’t log outbound connections in the same way most firewalls including Comodo do. If you’ve got a router, then you’ll be more or less protected from inbound malware anyway because you’ve got a private IP address i.e. one in the range 192.168.xxx.xxx. Packets sent to the IP address allocated to you by your ISP are forwarded to your private IP address by the router. There’s no direct connection between your PC and the Internet. You can test that by disabling the firewall, then going to http://grc.com and then clicking the “Shields Up” banner. Then click the link by the same name in the next menu and finally, run the port scan tests. You see that you’ll get a clean bill of health even though there’s no firewall running.

The danger with a firewall which only logs inbound threats is that the malware may be trying to connect to a rogue program you’ve unknowingly installed. A firewall which logs both inbound and outbound connections is more reliable than one which only performs that function one way.

But you should be able to see applications which you’ve allowed listed in the Security → Application Monitor menu. You can configure permissions still further by double clicking the application in that list.

Thanks for the info Zito. I’m too paranoid to turn off my firewall and access the internet though.

AVG does indeed protect against outbound packets. You are correct that it doesn’t actually log outgoing traffic, (by default) but you can turn outbound logging on if that’s what you prefer. However, even with outbound logging off, it will still block any outgoing traffic that you haven’t allowed. So nothing can connect to the internet without me knowing about it. So I’m a bit unsure how the actual logging aspect of outbound traffic makes a firewall any more secure than one that isn’t logging. Are you saying that if I turn on outbound logging, I’ll be better protected? That seems a bit odd as the log is only a text file listing the traffic the firewall has blocked. By the time I read the log, the event has already happened so it’s too late.

I did go into the security settings for applications, but as I said, my USB to serial converter (or USB communications in general) aren’t applications, so how do you allow them through the firewall? And why are they still being blocked when the firewall is shut down?

Does anybody from Comodo read this forum?