Include "Allow Link-local Multicast Name Resolution (LLMNR)" Rule Out Of Box


A new feature introduced first with Windows Vista is Link-local Multicast Name Resolution.

Please see [MS-LLMNRP]: Link Local Multicast Name Resolution (LLMNR) Profile | Microsoft Learn for more information.

Unfortunately Comodo “breaks” this functionality. I’ll explain.

This protocol uses the private address of on port 5355.

Now when the user installs Comodo and an application attempts to use the protocol the user will have to allow it the first time.

Not much of a problem if only 1 application uses the protocol. But it gets old very quick if you use many applications that make use of this new protocol. You have to allow each application 1 by 1.

This protocol is a new built-in feature of Windows and should be trusted by Comodo. Users should NOT have to allow every application to use a trusted protocol.

Thus, Comodo Firewall should include by default a rule to allow this type of traffic. Simply allow all applications to connect to the IP address of using port 5355. (Note: You can do this manually right now).

Yes the user can do this today manually, but why not allow this new protocol to work correctly out of box?



but why not allow this new protocol to work correctly out of box?
One can see several reasons for that: -if implementing the said protocol in cis "out of the box" (while it is, as you observed it yourself, very easy to do manually), why not do the same for other not cis-implemented windows protocols: remote desktop, telnet, iis, why not gopher, it maybe still is used by 3 persons in the world? -llmnr is somewhat outdated: small business networks needing local communications (and not using a system administrator) have used concurrent solutions available far before llmnr and, a contrario, the "small lan user" with only a few computers has always been told by every software editor to depend only upon himself. -A significative proportion of cis home users does not run a lan, and even if doing so, does not want these lan computers to communicate with each other. -the free cis version is not supposed, if i remember well, to be installed on more then 3 computers: maybe the paid one achieves what you wish, i have no hint about this question. -such an hypothesis therefore not only should be an option (some users would not want it by default), but also would lead cis to publish specific versions for xp, vista/7....: one sure thing is that, as a xp user, i don't want to hear about whatever broadcast or multicast service being allowed, and if possible not even about such a dedicated service to run.