There are a number of “Trusted” applications that are allowed trusted privileges that are digitally signed and on a safe list that comes with CFP 3. They can connect without any policy being defined for them because of the Trusted status. Loopback connections are not connections that go in or out, so they are allowed by default. You can block them, but you would have to write a rule for a particular application.
So that means, regardless how I setup the rules, some applications will always have privileges to listen on ports, even if I block them ?
I will give you example:
I have firewall security level in custom policy mode. If I’m not mistaken, in that condition firewall does not recognize trusted and untrusted application. That means, user is prompt every time for each connection, if rules do not exist yet. I start some game server and setup Incoming TCP/UDP connections to block for that “game”.exe.
And now my question:
will Comodo still state “Listening” status for that game and will it accept incoming connections for the game from outside IPs ?
Is the “game”.exe incoming connection blocked, regardless the “listening” status and will allow incoming conections only from localhost ?
and PS: how do you block loopback connection ?
A Block rule should prevent an application from accessing any internet data although if you write an “Ask” rule, that does not seem to work for Trusted software currently. If you are getting “Allow” pop-ups asking if you want to allow a connection, the rule is not functioning as it should. There is a problem that might be causing that result (a fix is in the bug-fix release coming shortly). If you look at Firewall>Advanced>Network Security Policy and scroll down looking for the application in question, you may see several entries for that application, many with a ~ in the path (DOS short name path). If so, Remove every entry for that application and reboot. Then start your application and when a pop-up with that application’s name on it appears, click the “Treat this application as…” button and select the predefined rule that you want - “Trusted” or “Blocked”. This should repair the rule.
About the loopback connection - why do you want to block it? It is not a hazard to my knowledge. See What is a loopback address? for some background.
No, it is not hazard, but CFP Version 2.x had the option “skip loobback TCP request” or something like that. In version 3.x this option does not existst. So you could actualy block your own computer, to access its server. But own traffic cannot be dangerous, so I guess they removed the option in CFP 3.x.
Thanks for answering
*Under Defense+/Computer Security Policy there should be an entry for each of your applications (if it is trusted and not there, add it). If you click “access rights”, there is an entry for loopback networking, which is usually marked “ask”. If you set it to “block”, does it do what your are looking for?
*Do you mean that if you have port 25 blocked for all traffic for a mail program for example, that it still shows up as listening on 25?
*I use stunnel and ashmaisv as proxies for sending and receiving email and they both show up on the connection list as listening to the appropriate loopback ports. My email connection, for example, goes from Thunderbird to ashmaisv 127.0.0.1 port 11110 to stunnel 127.0.0.1 port 11110 to pop server IP address port 110. Stunnel shows the proper “listens”; ashmaisv shows the “listens” for ports where it would actually connect to the internet. What doesn’t show up are connections that simply go from one loopback port to another, purely internal. Is this the type of connections are you referring to?
Yes, thank you. I haven’t checked under Defence TAB. I actualy shut down defence, becouse of anoying pop-Up messages. But I can block loopback connection, but it will still allow me, to connect.
Yup. I have block Rule for Internet Protocol (IP) IN/OUT at the bottom in the Global rules. That means all other ports, except those I listed in allow rules Above should be blocked. But it still says listening on that port for a specific application, althou that port is not accessible from outside network, only localhost (127.0.0.1) can can connect.
*Yes I am refering to that type of connection. Thanks again
At last we understood eachother.
Try blocking the in/out at the end of the application rules instead and see if that helps.
It’s still listening. But it is blocked, nobody can conect through it. Active connection monitor is probably not binded to Open/Closed ports, but on the *.exe.