Hello Ladies and Sirs,
I found Comodo v3 won’t log when those “blocked network zone” been blocked.
It even won’t log in the counter:“The firewall has blocked … intrusion attempt(s) so far.”
Hope it could log these in the firewall events.
That we could sure those unwelcomed network zone really being “blocked”
Thanks very much in advanced.
Best Regards, forcesorcery.
Anyone noticed this?
Comodo seems won’t logs when some IP blocked in the “Blocked Network Zone”.
Even won’t count in “blocked … intrusion attempt(s) so far.”
Months ago, my Yahoo Messenger seems infected because my sister got some file from her friend.
Yahoo Messenger became like a trojan downloader.
Though Comodo seems blocked the downloading for me, not 100% sure.
I’m really fear that there’re still some malicious object in my computer,
So I added those IP Yahoo Messenger connected to.
But Comodo doesn’t log ANYTHING when “Blocked Network Zone” works,
so I can’t sure my computer is “clean”…
Hope this will be improved in future version. (L)
Best Regards, force
What are your global rules? Have you run the stealth port wizard? Use the "block all incoming connections " option. Also if Yahoo Messenger became infected for some odd reason you need a goo virus scan to clean that up. I have been using Yahoo Messenger for over 6 years and never had any problems with it. Dont rely on just Comodo to stop an infection. Comodo cannot cure an infection but only stop it. Be sure to do a complete virus scan and spyware scan.
Thanks very much, Master Vettetech.
My global rule is “Block IP in From IP Any to IP Any Where the Protocol is Any”
My AV-program is Kaspersky Anti-Virus 7.0.325.
In fact, no AV could catch all malicious objects…
That day, I uninstall Yahoo Messenger right away and deleted all could been infected.
But I’m still considering about those IP Messenger connected to.
I wish Comodo would log if some thing block due to the rule in “Blocked Network Zone” works.
That I could sure my computer totally out from the risk of the virus of Yahoo Messenger.
Comodo is only gonna show a log if you have a log rule for that program.
Because Comodo won’t log when those zone blocked in the “Blocked Network Zone”
Even won’t add the intrustion attempt blocking counter…
NOTHING loged, so I’m afraid this function really works or not.
I wish this will be improved in future.
I’m a newbie so maybe no one listens to me.
But I thought “logging” is one of an important part in security programs.
Best Regards. (V)
Run the stealth port wizard like I said and select “block all incoming connections”. That should give you the logs you want. What are you trying to block and why is it so important to see a log? You can make a log block so you see your logs.
Thanks, Master Vettetech.
I apologize if I couldn’t explain the situation clearly, my native language isn’t English, sorry.
I add those IP to “My Blocked Network Zone” because my infected Yahoo Messenger connected months ago.
Though I uninstall and deleted all of the Yahoo Messenger files.
I fear that there still something like malware or rootkit Messenger downloaded.
Hope if the rootkit or malware outbound connecting to those IP I would be able to find and delete them.
But I found no logs for me to confirm or deny my worry.
I already used the stealth port wizard.
I don’t care abou’t inbound attempts…I know comodo is awesome at stealth.
I just afraid that something in my computer would trying connecting to those malicious IP.
Even it’s been blocked, I’m unable to know.
Yahoo Messenger is safe. I have been using it for years. The only way to get infected through Yahoo Messenger is by photo or file sharing. There is no reason to block Yahoo Messenger. If you have a good virus scan then that will protect you. Avast has an IM protector. I have shared photos with others but I scan the pictures first before opening them.Think of Comodo as a Dr but not the cure. You need a virus scanner to cure things and not just prevent them. If you went to shields up and it passes all the tests then you are protected by Comodo.
Thanks for replying,
My Yahoo Messenger was already infected cuz my sister got a file from her friend.
I noticed it connect with some malicious IP.
I’m not blocking Messenger, I uninstalled it.
I just want to use “Blocked Network Zone” to see if something still there in my computer that would connect to these IP AGAIN…
But I’m unable to know because Comodo doesn’t log for me.
If you make a custom rule for that IP then you can make a log for I believe. The only way you will see a log for it is if that IP is used again or tries to connect.Is it an IP address or is it a web site?
There is a way to achieve this if you wish.
1.Firewall/My Network Zones
2.Add/A New Network Zone/Call it blocked zone/Apply
3.Right click on where it says Add Address Here and choose Add
4.Enter the Address/Range of Addresses
5.Go to Firewall/Advanced/Network Security Policy/Global rules
6.Click on Add/Destination Address and check Zone/From the drop down menu choose your blocked zone/Apply
7.This will make an Allow rule for the blocked zone.Now right click on this rule and choose Edit/Change the rule to Block IP In/Out and make sure the Log box is ticked.
8.Highlight this new rule/s and place them at the top of “Global Rules”
You may have to do this several times to cover each differant address if it`s not just 1 zone
You should end up with a Global rule like this(Top one)
[attachment deleted by admin]
Thank you Matty. I just didnt know how to.
Thanks very much for these info, Master Vettetech and Master Matty.
I would try this to see if something still in my computer.
Excuse me , sorry for that I have a difference problem.
Could I add more than two IPs in ONE Zone set?
Or do I need create “Blocked zone1”.“Block zone2”…and so on?
You can only use either a range 192.168.0.120 to 192.168.0.130 or an individual IP.This is the reason why when you create a Blocked Network Zone it does not come up in “Global Rules” because if you had a lot of Blocked zones/IP`s you could end up with Global Rules being to long and unmanageable.
Thanks very much for replying,
I mean, do I need creat more than one group in the network zone?
Ex: [Block Zone1] 18.104.22.168
[Block Zone2] 22.214.171.124
And creat two rules in Global rule to block it.
Or just one group contains more than one address?
Ex: [Block Zone] 126.96.36.199 and 188.8.131.52
Creating rule : Block and Log IP In\Out form IP Any to IP in [Block Zone] Where Protocol is Any.