ICMP Out Not Detected By FW - A Bug Or...??

Hi.Today I noticed that the ICMP(Ping) out by programs not detected by Firewall? Is that a bug or something else?? ???
CFW 6
Avast 8

The programs you’re using may be trusted so they would be allowed. Are you running with default settings? Are you using custom firewall rules?

Hi EricJH.
I’ve defined it as Installer Or Updater in HIPS rules.But I dont think ICMP related requests are handled by HIPS component.I just find DNS Client in HIPS settings that can be related to this issue.
My Firewall is on Custom Rules Policy.FW asks for connecting on HTTP request,But the ICMP (Ping) are allowed without asking.If I dont mistake the issue is after upgrading to latest version.

I just see you are using Avast AV. Can you tell us what happens when you temporarily disable the Webshield in Avast?

I removed program from HIPS Rules list and turned off Web Shield of Avast.
FW does not ask for connecting and program send ICMP without permission.

Can you describe the scenario where this happens? What programs is sending the ICMP out message?

The program is for checking Online status ,and is written by VB, using Net Framewok 4 and has 2 method to check Online status:
1-Ping an address
2-Launch a website to check IP.

Method 1 does not make an alert for connecting.
But by Method 2 ,CFW asks for connecting.

I am not a programmer so forgive me extaneous questions. When pinging is the program using a Windows internal call (nt_do_ping , …) or does it call the command prompt in any way type or form?

2-Launch a website to check IP.
You are starting a browser?
Method 1 does not make an alert for connecting. But by Method 2 ,CFW asks for connecting.
Is your program running running as a Trusted Program (it is not sandboxed)?

1-Ping via internal commands of VB.No call for external commands,etc.

  • My.Computer.Network.Ping(PingAddress, Timeout)
    2-No via [httpwebrequest] as internal command of VB.
    3-It’s not Trusted and Not Sandboxed (Behavior Blocker Is Disable and HIPS is Enable)

Thx.

I reread this topic to be sure I have a grasp of all the information you provided. I noticed the following statement:

If you can positively state this I would call it a bug. If the strategy from the program did not change and a Firewall rule is not to blame I am willing to call it a bug.

If you have the time and energy please consider filing a bug report in the Bug Reports - CIS board following the format as described in FORMAT & GUIDE - just COPY/PASTE it!.

Reporting of bugs is strictly moderated to make sure Comodo gets clear bug reports. So, please make sure you closely follow protocol. That way your report will certainly be seen by Comodo staff.

Ok.I found that the IP Out by default is Allowed,Even if there is No Rule related.
I made a rule to Block ICMP Out and Ping result via Cmd was: General failure.
I don’t know its a Bug Or Not.But I remember that in previous versions when there was no rule for IP Out in Global Rules,ICMP Out was always detected by CFW.

I finally found the reason:
There is a rule in Program Rules section for MS Windows Programs to allow IP Out.I deleted it and Ping was unsuccessful.But I guess this Catagory Of Programs are updated in latest version to include more items such as Command Line Prompt ,etc… :wink:

A tip. When you want to change the rule for a system file that is part of Windows System Applications make a dedicated rule for it and place it above the Windows System Applications group. Rules are read top-down.

Thanks Eric but problem is we have to make rules Manually,Because there is always a rule in list that includes various windows programs,and will be applied,So FW does not ask for connecting.