A. THE BUG/ISSUE:
It seems that whenever you have two computers connected to a router which gives them both an IPV4 and IPV6 address through DHCP, Comodo fails to successfully block access to your computer, an alert is raised but whether you let it expire or explicitly block it it is ignored and access is silently granted.
Comodo won’t even see the generated traffic at all and will not report it in the log nor in ‘Active Connection’ panel.
The problem is ‘fixed’ if one disables wither IPV4 or IPV6 on the network interface.
From my understanding, windows cycle through the available protocols when a time-out occurs (ie: when Comodo is blocking) and Comodo fails completely in that case and totally miss the connection attempt and let it through.
- What you did:
I’m using CwRsync 4.0.3 to synchronize files between my desktop PC and my laptop (both are using Comodo and both are running Windows 7 64bit).
- What actually happened or you actually saw:
Rsync was taking time to initiate the transfers and sometimes it failed completely to initiate them. Once, when it was hanging, I had the idea to look on the laptop to see what was happening and I noticed a Comodo popup asking me if I wanted to allow the connection attempt to the rsync_server service on port 873.
I was alarmed when I turned my head back to my desktop PC and noticed the transfer did start while Comodo was still showing the popup…
- What you expected to happen or see:
No transfer should have ever been possible at all since I never allowed the rsync server running on my laptop to receive any kind of connection.
I was also expecting to see the traffic in the ‘Active Connection’ panel.
- How you tried to fix it & what happened:
I tried to explicitly block rsync server on the laptop but it had no effect, in fact rsync was initiating the transfer even faster.
The only ‘fix’ was to only use one protocol on the wireless network interface of the laptop (unchecking either IPV4 or IPV6).
I also ran the built-in Diagnostic tool but everything was fine.
- If a software compatibility problem have you tried the compatibility fixes (link in format)?:
- Details & exact version of any software (execpt CIS) involved (with download link unless malware):
CwRsyncServer 4.0.3: Best Open Source Linux Operating System Kernels 2023
Rsync command used on the DektopPC:
rsync -rvtzh --delete --partial --stats --progress --no-perms ./folder1 ./folder2 laptoppc::shared/ 2> rsync_errors.log
- Whether you can make the problem happen again, and if so precise steps to make it happen:
Just use rsync between my laptopPc and my desktop computer (from the Desktop PC to the laptop, I don’t have rsync_server on the desktop pc)
And having IPV4 + IPV6 configured on both PCs network interfaces
- Any other information (eg your guess regarding the cause, with reasons):
Comodo gets owned when the system is switching between ipv4 and ipv6 when attempting a connection.
B. FILES APPENDED. (Please zip unless screenshots).:
3 creenshot (processes list + about)
1 CIS config file
Screenshots of the Defense plus Active Processes List (Required for all issues):
see attached files
Screenshots illustrating the bug:
Screenshots of related CIS event logs:
There is no event log when the transfer fails to be blocked, it’s like Comodo weren’t there at all…
A CIS config report or file:
see attached files
Crash or freeze dump file:
Screenshot of More~About page. Can be used instead of typed product and AV database version:
see attached files
C. YOUR SETUP:
- CIS version, AV database version & configuration:
- a) Have you updated (without uninstall) from a previous version of CIS:
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
- a) Have you imported a config from a previous version of CIS:
b) if so, have U tried a standard config (without losing settings - if not please do)?:
- Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):
I enabled ipv6 monitoring which is disabled by default??!??
I disabled the sand box
- Defense+, Sandbox, Firewall & AV security levels:
Sandbox is off
FW set to safe mode
D+ set to Clean PC mode
AV is disabled
- OS version, service pack, number of bits, UAC setting, & account type:
W7 64 bit SP1 admin account
I’m not using UAC I don’t know what its settings can be…
- Other security and utility software currently installed:
windows firewall service is set to disabaled
- Other security software previously installed at any time since Windows was last installed:
- Virtual machine used (Please do NOT use Virtual box)[color=blue]:
[attachment deleted by admin]