I going to move this to the bug section as I have submitted both blocking issues to the internal tracker. At Comodo staff bug ids 2400 and 2401
They happen whenever I log in to Windows or whenever I try to open up any application that hasn’t been run since the installation of the firewall. It also happens whenever a background process becomes active throughout the day. I had just had logged in and checked the logs and that’s what I saw (After I was prompted to restart after the Comodo Firewall installation) No windows were open. I just meant creating rules for the blocks that are occurring with the Firewall (Do you set the app connection for outbound or incoming/outgoing or incoming)? Because I was setting the connections to outgoing only and that would get rid of the firewall blocks. I’m just not sure what the difference is between outgoing only vs incoming/outgoing since Comodo Firewall defaults to allow all incoming and outgoing traffic after unblocking a firewall event. Not sure which one is safer. Such as for Steam or Nvidia programs…do they need outgoing or incoming/outgoing?
I can get rid of the HIPS memory access issue by going to HIPS rules/Comodo Internet Security/Edit/Protection Settings/Interprocess Memory Access/Modify/Then adding the app or folder to there/Then go back to unblock applications and unblock the program you just added. That gets rid of the alerts. I’ve had to do that with Steam. I’m not playing any games whenever it happens. It happens as soon as I open it up and continues to block it until I close it and that’s with just about any program on my laptop, including Viber, Origin, Malwarebytes, etc, etc. It’s immediately blocked by HIPS.
You can use any firewall rule as it won’t matter, because the global rules would need a rule to allow incoming before an application can receive an incoming connection request. It would be safer technically just to use outgoing only, but I don’t think adding the rules would stop the blocking at log in, you can try it to see if it helps. Remember to clean the logs and blocked application list after creating those rules.
Hi,
Thank you all for reporting this issue. Our developers has prioritized this issue.
Please check if “Cloud Lookup” and “Trust files installed by trusted installer” option is enabled. And, please also help us by submitting the blocked files at
HIPS blocks random programs (which is what you confirmed to be a bug), and even if they are unblocked, HIPS will not remember it and instead blocks them again shortly after.
So, I unblocked the apps that the firewall and hips had initially blocked and set them to outbound connection only and then added them to CIS Interprocess Memory Access. Restarted computer and there are no more blocks. Checked in Unblock applications and within the log files. There’s nothing there. Did another restart just to be sure and they are still unblocked. Ran now unblocked applications again without them being blocked by HIPS or the Firewall. The problem is that you end up having to do this with each NEW application that you open.
Now, this is an issue that I’ve had since I’ve been using Comodo. After installing the Firewall and restarting and stealthing ports to block incoming connections, I will sometimes notice that I have an inbound connection from “System” which in turns being ntoskrnl.exe, so I end up blocking that application within the firewall and that takes care of that. Now, if I have blocked incoming connections then why does “System” always end up being allowed an inbound connection to my computer? This has been on multiple laptops/desktops.
Are the blocks for interprocess memory access? If so then Blocked Applications is not able to allow the interprocess memory access. That needs to be done deeper in the UI.
When on Windows 10 1903 the logs of interprocess memory access are erroneous (they don’t happen on 1809). They are a sore to the eye but do not influence the functioning of programs. It should be fixed but it is not something to worry too much about.
Can you post a screenshot of this event?
Notice that an inbound connection connects to “System” and not from “System”. An inbound connecting connects from the local pc to a destination on the internet or local network. An inbound connection connect from internet or local network to the local computer.
I will need to see if I can replicate this. I did notice that the incoming address was to my laptop IP and the outgoing address was to the default gateway or maybe it was to another computer on my local network. Not sure.
Once you see the event post the screenshot. We will see when there is a reply in this topic and will come and take a look.
So, I unblocked ntoskrnl.exe along with explorer.exe and managed to encounter the issue.
There is no device on my nework that is using the ip of address of 192.168.0.80
Yet I can still ping it.
Actually, it is my girlfriend’s work laptop. I have incoming connections blocked though.
Starting with v12 it will automatically assign the first detected network as Home which in turn is a trusted network. The global rules will add two rules to allow all incoming connections from Home network zone and allow all outgoing to the home network zone. It will also create an application rule for SYSTEM to have the same allow rules. So SYSTEM will accept any incoming connection request on any port it is listening on if the source is within the local network which is assigned as a home network zone.
Ah. Yes, I just checked the global rules. I should have done that in the first place. Is there any risk when it comes to allowing this sort of behavior to occur? Sorry for all of the questions. I’m just trying to learn.
What exactly is the point of this and why would her laptop need to connect to mine? If it could be harmful is there any way to alter the global rule to block it?
There is always an element of risk sharing with another computer on your local network. If you don’t want to connect to or be connected from her laptop simply remove the two rules in Global Rules that make the local network a trusted network.
I should have mentioned, that this started to happen when i upgraded to 1903.