Internet Security - default Firewall setting seems wrong

Just installed the latest Internet Security package, v5.8, which defaults to “Internet Security” configuration.

I was having issues opening up the Firewall for the trusted program uTorrent, even though I’d added a rule to allow incoming on the right port under “Global Rules”.

The problem was that the default setting under the Firewall settings had been enabled for “Do not show popup Alerts” → “Allow Requests”. I don’t think the last version had this option at all and in this version it seems buggy.

So basically the Firewall was set to allow requests automatically for all applications without generating a popup, which seems a bit pointless! Strangely however, it was automatically blocking incoming requests for uTorrent, even if I manually added an allow rule under “Application Rules” as well as the aforementioned “Global Rules”.

Once I had disabled this option, making it act like the previous version of Comodo Internet Security, a popup came up to allow uTorrent to connect which added the correct rule under “Application Rules.”

Once this rule had been added, along with my Global Rule for incoming on the correct port, uTorrent then worked correctly.

I just checked the Help docs to discover the setting, “Do not show popup Alerts” → “Allow Requests”, is indeed set to default enabled for the Firewall. This is new for v5.8.

As well as not working correctly and causing problems with applications that require incoming connections, I can’t understand how a Firewall generates no popups and allows all? It was better before, where trusted files are permitted outgoing but incoming connections are alerted to the user.

Is this meant to reduce popups and leave it all down to the sandbox and Defence+ with trusted/whitelisted files to cach unsafe internet access?

How come the default Firewall setting “Do not show popup Alerts” → “Allow Requests” blocks incoming requests to a trusted application? It’s acting like it’s set to “Do not show popup Alerts” → “Block Requests”.

Also, upon a default install of Commodo Internet Security this setting overrides manual settings in “Application Rules” causing confusion.

Hi spirits247

Perhaps the following FAQ may be of help…

    [url=]Alert reducing settings in CIS - why, how & when to use [v5.8][/url]

… and specifically, the following cited portion would probably be of primary interest…

Hi Kail - thanks, yes I realize that it’s a new setting, but it doesn’t work correctly.

The old setting used to allow all outgoing connections anyway for trusted applications when set to safe mode (the default) and alert the user to incoming connections.

The new setting says “Do not show popup Alerts” → “Allow Requests”, but what it actually does is shows no alerts whatsoever (probably as intended) but blocks incoming connections! It’s as if it’s set to “Do not show popup Alerts” → “Block Requests”, which it isn’t.

To make things worse, with this setting enabled on a default install, any manual rules under “Application Settings” are ignored. I was scratching my head for ages trying to get uTorrent to open a port until I unticked that check box!

I think the problem is I selected Stealth all ports initially (to block pings) BUT after that I added my own port sets to “Global Rules” and “Application Rules”. With this “Do not show popup Alerts” → “Allow Requests” check box enabled by default, that didn’t work for uTorrent. It’s a bug as you should be able to set rules that override the popup suppression.

Not sure if the bug happens if you don’t stealth ports (which should only modify “Global Rules”), perhaps not as I’m sure this couldn’t have gone unoticed in testing a default install of Comodo Internet Security.

It’s a hard one to explain however in a bug report!

Aside from the new option I believe that there is also a new default Global Rule that allows all outgoing traffic. However, given what you’re describing I don’t think this is relevant. What is your Firewall Security Level set at?

It’s set to “Safe mode”. Here is what I did on a brand new XP install.

  1. I installed a fresh copy of Comodo Internet Security v5.8.
  2. Default options = Configuration “Internet Security” profile.
  3. Went to Firewall “Stealth Ports Wizard” → “Block all incoming connections…”. This is to disable ping and connection requests to the machine.
  4. Unticked “This computer is a Internet Gateway” under Firewall Settings.

As expect, in this default state all trusted/whitelisted applications were permitted outgoing internet access without popups, including uTorrent.

  1. Went to “Firewall->Network Security->Global Rules” and added TCP/UDP In rule for the uTorrent port.

Launched uTorrent - normally I get a popup about accepting incoming connection on the port I’ve opened above. I click allow, and it adds a allow all rule to “Firewall->Network Security->Application Rules”. Job done. However, in v5.8 I received no popup. uTorrent blocked.

  1. Went to “Firewall->Network Security->Application Rules” and manually added rule to allow uTorrent.

UTorrent was still blocked. Then I noticed the new checkbox enabled by default: “Do not show popup Alerts” → “Allow Requests”. Scratching my head, I thought this must mean that it allows all traffic through the Firewall without a popup requester. So why have a firewall or indeed a Firewall security level slider if it lets everything through? And why isn’t it allowing uTorrent to accept an incoming connection?

  1. Unticked the “Do not show popup Alerts” → “Allow Requests”.

Relaunched uTorrent. Popup alert appears for incoming connection to uTorrent and I click on Allow. uTorrent rule now automatically added to “Firewall->Network Security->Application Rules” and uTorrent works! Port open!

I just find this box is a little confusing. Why would anyone want to allow all to every requester? I could understand the use of block all and only use the rules you’ve setup, to prevent someone with low PC knowledge clicking allow on every requester, but allow all just means disabling the Firewall, although it appears not to work anyway and continues to block incoming!

Safe Mode? Then that’s the problem. In Safe Mode you have no control over the Application Rules as CIS deals with it, any custom rules you create CIS will over-write and/or ignore them as it sees fit. You need to change the Firewall Security Level to Custom Policy mode. In addition you should probably also enable Create rules for safe applications. See General Settings for more detailed information on these settings.

PS In this post, I’m just dealing with the above. Since, I think not getting CIS to obey your Application rules may have confused you somewhat and lead you down the wrong path (so to speak).

That doesn’t make sense. Why doesn’t Comodo grey out the “Applications Rules” section if Safe Mode is enabled? It causes utter confusion to think everything manually added for incoming connections in the “Applications Rules” is ignored, but “Global Rules” are still valid? I know that Global Rules manually added are not ignored in Safe Mode.

There is still the issue of not allowing uTorrent incoming connections unless I disable the “Do not show popup Alerts” → “Allow Requests” checkbox.

That checkbox implies that all traffic is allowed through the Firewall, when clearly only outgoing is allowed. If you don’t disable this checkbox in Firewall “Safe Mode”, it blocks all incoming requests without a requester to create a rule for you in “Application Rules”.

Something is not right in how Comodo works. I hope they can clear it up and make it more user friendly in v6. Still a very nice tool however, just needs some polishing up! :slight_smile:

Not all Application rules are ignored in Safe Mode… for instance and Blocked Application rule will still function as expected I believe. But, the thing to remember is that when you’re crafting your own rules, then you need to grab control from CIS. Custom Policy mode does just this. CIS will not create any Application rules unless it is instructed to by a Remembered Firewall Alert when in Custom Policy mode. In this mode, you create and change the rules, not CIS. You can add the “Ask” operation to Application rules to generate an Alert that CIS can remember (add) rules that way still.

I would imagine (although I’ve not tested it) that any Block rules (both Application & Global) would still be obeyed by CIS with this option enabled and set to Allow… as this setting only impacts events that would have generated a pop-up (alert) and a block (or any existing rules for that matter) wouldn’t have raised any alerts. In your case, since you’re crafting your own rules, you probably would want to disable this option.

As for blocking incoming torrent traffic then this might be caused by your current Global Rules depending on what the Stealth Ports Wizard process has done to them. Generally, when using Custom Policy mode then you wouldn’t want a final Block & Log rule in the Global Rules, since the incoming traffic would usually be defined in the actual Application rule… say for… a torrent inbound listening port.

I believe the logic and concept behind these new options are detailed and explained in the FAQ URL that I posted initially. I can’t say that I’m totally thrilled about them myself either… but, then again they’re not meant for me (us) really. :slight_smile:

Gee… I’ve rambled on a bit here. I hope this helps, please ask any questions if you need to. :slight_smile:

You’ve been very kind in your replies and I appreciate the detail kail. :slight_smile: Doing the forum proud. :wink:

I need to have another play around bfore commenting any futher. :smiley:

I know I rambled on a bit too and it’s not easy having the patience to read long detailed posts on a forum, but I did point out that I have set an incoming rule for the port number in Global Rules.

I guess simplified, the main problem is the new default setting of the check box “Do not show popup Alerts” → “Allow Requests” doesn’t make sense or work as implied.

It blocks any popup requester and does NOT automatically allow, thus preventing trusted applications receiving incoming connections even if you have a open port set in Global Rules. Uncheck the box, and hey presto - a Firewall requester where you can click allow for an incoming connection and it’s added to Application Rules.

One person’s logic is not going to sit with everyone else. It all needs to be simplified. It’s so frustrating as with a few changes here and there, the interface would work very well indeed but at the moment some settings are non-intuitive.

Just curious, which version of CIS are us using 5.8.?

It blocks any popup requester and does NOT automatically allow, thus preventing trusted applications receiving incoming connections even if you have a open port set in Global Rules. Uncheck the box, and hey presto - a Firewall requester where you can click allow for an incoming connection and it's added to Application Rules.

That’s not what I’m seeing on a fresh install of CIS, with the Internet Security configuration.

  1. The check box for ‘Do not show popup alerts’ is checked if you select it during installation.
  2. The default Global rules have an ‘Block IP In ANY’ as a final rule, obviating the need to run SPW with the third option.
  3. Enabling the ‘Do not show popup alerts’ and adding a Global rule to allow TCP/UDP for uTorrent allows uTorrent to work correctly, no Application rules or alerts are generated.

[attachment deleted by admin]