"Log as a firewall event if this rule is fired" gets unchecked on its own.


  1. What you did: Was away from keyboard, PC was running an online AV scan from a website, I think.
  2. What actually happened or you actually saw: When I opened “Network Security Policy” and went to “Global Rules” and clicked “Edit” on “Block And Log IP In From MAC Any To MAC Any Where Protocl Is Any”, the “Log as a firewall event if this rule is fired” had gotten unchecked on its own. This has happened to me perhaps 5 times in the last month now. It seems to happen randomly, I cannot see a pattern to it.
  3. What you expected to happen or see: I expected to see the “Log as a firewall event if this rule is fired” to remain checked as I had set it.
  4. How you tried to fix it & what happened: I checked it. Earlier I tried to import a new configuration from “Manage My Configurations”. Seems to not have worked.
  5. If a software compatibility problem have you tried the compatibility fixes (link in format)?: No.
  6. Details & exact version of any software (execpt CIS) involved (with download link unless malware):
  7. Whether you can make the problem happen again, and if so precise steps to make it happen: I don’t know how.
  8. Any other information (eg your guess regarding the cause, with reasons): I thought it might be a corrupt configuration, which is why I tried to import a new one, but it has not solved the issue as it keeps happening. I suspected malware, but have ran countless scans with different software. I tried it might be an incompatibility issue with MSE, so I have uninstalled that, but it has not solved the issue either. Have also noticed that “Computer Security Policy” adds an “Applications” list with various applications that are granted full rights apart from “Run as executable” when using Paranoid mode in Defense+. This happens very similarly as the original issue in this post; at random times, seemingly without a pattern, so I’m choosing to post it as well.

B. FILES APPENDED. (Please zip unless screenshots).:

  1. Screenshots of the Defense plus Active Processes List (Required for all issues): Attached
  2. Screenshots illustrating the bug:
  3. Screenshots of related CIS event logs:
  4. A CIS config report or file:
  5. Crash or freeze dump file:
  6. Screenshot of More~About page. Can be used instead of typed product and AV database version: Attached


  1. CIS version, AV database version & configuration: Comodo - Internet Security
  2. a) Have you updated (without uninstall) from a previous version of CIS: No.
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:
  3. a) Have you imported a config from a previous version of CIS: No.
    b) if so, have U tried a standard config (without losing settings - if not please do)?:
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No.
  5. Defense+, Sandbox, Firewall & AV security levels: Defense+ = Paranoid Mode, Sandbox = Enabled, Firewall = Safe Mode, Antivirus = On Access.
  6. OS version, service pack, number of bits, UAC setting, & account type: Windows XP Pro, SP3, 32, No UAC in XP, Administrator account
  7. Other security and utility software currently installed: Malwarebytes’ Anti-Malware
  8. Other security software previously installed at any time since Windows was last installed: Microsoft Security Essentials, RegRun, McAfee Security Scanner
  9. Virtual machine used (Please do NOT use Virtual box)[color=blue]: None.

[attachment deleted by admin]

It is possible this is due to you running more than one bit of security sofware at once. Please see FAQ here. Also a re-install may resolve this, as it is not behavior I have seen reported elsewhere. Please report back in this thread if resolved. Meanwhile I will forward.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again


I may have solved this, at least partially. When using the Stealth Ports Wizard and enabling the “Stealth my ports and block all incoming connections” option, it seems to reset the “Log as firewall event” rule at least on SOME firewall policies. I tested and it definitely resets it on the “IP In From MAC Any To MAC Any Where Protocol Is Any” policy. It does not seem to reset the log rule, for example, on “Allow IP Out From MAC Any to MAC Any Where Protocl Is Any”, even though the log rule has gotten unchecked on that policy also in the past, so there is still not an explanation for everything.

Can anyone do some testing on their computers to verify if Stealth Ports Wizard has an effect on this?

Thanks for the extra feedback. I don’t really understand firewall operation enough to comment so I hope someone else will. A stray thought is that maybe the stealthing setting make the firewall act as a stonewall just a silent block, not other activity at all. Don’t really understand why though.