If U allow i/b firewall alert, rule is created for IP mask, not IP [V6][M108]

freakenstein · December 19, 2012, 11:04pm

A. The bug/issue

1. What you did:
I run a Webserver on my host (10.1.1.1/24:80). Global rule allows incoming traffic on TCP/80. No application rule for webserver.exe exists and Firewall alert frequency level is set to “Very high” - all checkboxes checked except “This is an…ICS Server”. Now I connect from client 10.1.1.2. Alert pops up saying “10.1.1.2 - TCP, Port 80 wants to connect to webserver.exe” and I click “Allow this request” and tick “remember my answer”. CIS now auto-creates an IP MASK rule for 10.1.1.2/255.255.255.0 instead of a rule for just the one SINGLE HOST 10.1.1.2/32. When I don’t check “remember my answer” CIS acts the same way (all subsequent inbound connections to TCP/80 are automatically allowed!) - it just does not create a rule (of course).

2. What actually happened or you actually saw:
CIS creates a IP Mask based rule instead of a Single IP rule in “Very high” alert level for inbound connections.

3. What you expected to happen or see:
“Very high” FW alert level should create a rule/notify me for every different Endpoint (IP:Port)!

4. How you tried to fix it & what happened:
There’s no way to fix this from the user side since years.

5. If its a software compatibility problem have you tried the compatibility fixes (link in format)?: –

6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): –

7. Whether you can make the problem happen again, and if so exact steps to make it happen:
see description “What you did”

8. Any other information (eg your guess regarding the cause, with reasons):
This bug does exist and is known since v3+ already and everything has been described here long time ago:
https://forums.comodo.com/format-verified-issue-reports-cis/cis-531814151237-creates-wrong-firewall-rules-nbz-t71113.0.html

B. Files appended. (Please zip unless screenshots).
none

C. Your set-up

CIS version, AV database version & configuration used:
CIS 6.0.260739.2674, AV 14605
a) Have you updated (without uninstall) from from a previous version of CIS: no
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
a) Have you imported a config from a previous version of CIS: no
b) if so, have U tried a standard config (without losing settings - if not please do)?:
Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.):no
Defense+, Sandbox, Firewall & AV security levels: D+= CleanPC, Sandbox=Disabled , Firewall = Enabled, AV = Enabled
OS version, service pack, number of bits, UAC setting, & account type:
Windows 7 Enterprise English Service Pack 1, UAC=off, Administrator account
Other security and utility software currently installed: no
Other security software previously installed at any time since Windows was last installed: no
Virtual machine used (Please do NOT use Virtual box): no

rhgtyink · December 19, 2012, 11:13pm

Same here for other applications that need ingress rules.

mouse1 · December 20, 2012, 10:23am

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse

mouse1 · December 20, 2012, 12:16pm

Is the behavior different if you show more options on the alert before allowing?

freakenstein · December 20, 2012, 2:05pm

Where’s “more options” in the CIS6 alert dialog?

Example:

freakenstein · December 20, 2012, 2:14pm

But when you ask for CIS 5 - it made no differece.

mouse1 · December 20, 2012, 2:18pm

Fair comment

So the Alert change has removed a work-around that helped in some of the cases of over general rules. (Obviously not the one under consideration).

I wonder if they fixed those other cases?

At a personal can I offer my sincere apologies. You have a tracking number now albeit a mods one.

Best wishes

Mouse

freakenstein · December 20, 2012, 4:44pm

Thanks a lot for your efforts

mouse1 · May 5, 2013, 9:43am

Just to enquire if this is fixed for you in 2813.

I just tried for an outgoing alert, with alert frequency set to very high, and CIS created a rule for a single destination IP and protocol.

Best wishes

Mouse

Radaghast · May 5, 2013, 11:44am

It’s for inbound connections mouse and it’s not fixed.

mouse1 · May 5, 2013, 1:36pm

OK, thanks, so it works right outbound, but not inbound?

Title edited accordingly

mouse1 · May 5, 2013, 1:50pm

Tracker updated to not fixed in 2813

Chiron494 · June 21, 2013, 1:36pm

Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

Chiron494 · September 30, 2013, 5:44pm

Can you please check and see if this is fixed with the newest version (6.3.294583.2937)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

freakenstein · November 15, 2013, 7:52am

Hello! Sorry, I didn’t check here for a long time. I can confirm this problem is completely solved (I use version 6.3.300670.2970 currently).
CIS creates the correct rule and keeps asking when you do not check [x] Remember my answer.
Thank you! :-TU

Chiron494 · November 15, 2013, 6:11pm

Thank you for checking this. I will now move this report to Resolved.

If the problem re-occurs please respond to this topic and we can move it back.

Thank you.