Is there any way to see why something was blocked?


I’ve been using Comodo for around two months so far, and my first impression of it was that it had a lot of customization and seemed to be very intuitive. However after using it for a while and adding a bunch of my own global rules, I’ve come to notice that the logs no longer tell me anything. While I can see the source IP, protocol, destination IP and the like, I never know for sure which one of my rules (or the rules that Comodo started with) is blocking a connection. I’ve spent a couple of days trying to troubleshoot but have not come up with anything. A popular trend in my logs is that the Windows OS is being blocked a lot, and I have no clue why the connections aren’t belonging to any of the applications that I am using. I cannot make individual exceptions for every block because this is for my home computer, where I do not connect to the same couple of addresses every day. If there is any way to figure out why something is being blocked, it would be greatly appreciated if you could explain it to me. If it’s supposed to be obvious, I’m sorry :P.

Thank you.

The firewall event logs will give you an idea of why something is blocked. For your own block rules that you create for either an application or in global rules you have to enable logging by checking the log this event when this rule is fired. Now the only time it isn’t obvious when seeing blocked events is when the source and destination ports say 0 which means it was a blocked fragmented packet.

Other than that you just need to look at the source and/or destination address and/or port to see why the block. Also the protocol column will give a clue such as if the protocol is ARP then it will because you have protect the ARP cache enabled. In order to understand the log you need to search up the IP address or ports that is being blocked.