Mail Client Configuration Not Working Correctly in Proactive Mode [M976]

A. THE BUG/ISSUE (Varies from issue to issue)

  • Summary - Give a clear summary in the topic subject, NOT here.
  • Can U reproduce the problem & if so how reliably?:
    Yes, at anytime I start Outlook
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
    1: Change CIS to Proactive Security and restart computer.
    2: Change Firewall component to Custom Ruleset
    3: Open Outlook and note that there is no option in the popup to Manage As Mail Client. Thus, choose Trusted App.
    4: Outlook will then connect as expected.
    5: However, then go to Tasks/Firewall task/Open advanced settings/Application rules, right click on Outlook rule and select Edit. Chose Mail client and choose okay.
    6: Note that you once again get the same popup, meaning the Mail Client option is not working (in Proactive config only)
  • If not obvious, what U expected to happen:
    I suppose to be able to select “Email client”, but the item is missing. Also, after manually selecting Mail Client I would expect Outlook to be able to connect and to not ask again with the popup.
  • If a software compatibility problem have U tried the conflict FAQ?:
    Outlook perhaps.
  • Any software except CIS/OS involved? If so - name, & exact version:
    Outlook
  • Any other information, eg your guess at the cause, how U tried to fix it etc:
    In Proactive the only way to make this work is to set it as a Trusted app through the popup. Mail Client Does not work. However, if you change CIS to the Firewall configuration there is now an option in the popup to use the Mail Client. This also works correctly. Thus, this seems to be a problem with Proactive configuration.

B. YOUR SETUP

  • Exact CIS version & configuration:
    Comodo Firewall 7.0.317799.4142 - Proactvive config - Firewall Custom Ruleset
  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
    HIPS disabled
    Sandbox disabled
    BBlocker disabled
    Firewall Custom
    AV disabled
  • Have U made any other changes to the default config? (egs here.):
    Added the port 443 to Portsets/Port POP3/SMTP
  • Have U updated (without uninstall) from CIS 5 or CIS7?:
    No
    [list type=lower-alpha][li]if so, have U tried a clean reinstall - if not please do?:
    I did a clean install.
    [/li]- Have U imported a config from a previous version of CIS:
    No
    [li]if so, have U tried a standard config - if not please do:
    NA
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
    Windows 7 Ultimate sp1 x64, UAC disabled, admin account, real OS, not virtual
  • Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
    a=Avira Antivirus free 14 b=None
    [/list]

[attachment deleted by admin]

I’m a little confused, but are you saying that the issue you are experiencing is that CIS is asking you for permission to connect every time you launch Outlook?

I’m sorry, you’re right. I was so focused to compile the “module” correctly that I miss the main info:

  • I open Outlook 2013, CF ask me for its permission to comunicate to IP https xxx.xxx.xxx.xxx port 443
  • I would to choose Manage As and Mail Client, but IT’s a missing item
  • I choose in this case Thrusted app (remember the answer checked)
  • Close Outlook
  • Open CF main window, went to Tasks/Firewall task/Open advanced settings/Application rules, right click on Outlook rule and select Edit. Chose Mail client
  • Close all windows with OK
  • Open outlook, same CF alert for the same IP and port
  • Close Outlook
  • Went back to CF Firewall settings, Ruleset, RH click on Client email, Edit, RH click on POP3/SMTP requests, Edit and as Direction I changed to In or Out
  • OK for all windows
  • Open Outlook, same alert
  • Close Outlook
  • Open back Firewall advanced settings, Portsets this time
  • RH click on POP3/SMTP ports
  • Edit
  • Add
  • A Single Port and type 443
  • Close all windows with OK
  • Open Outlook, same alert for the same IP and port (also if I just added to the rules)
  • Close Outlook, reboot, open Outlook, SAME ALERT

so, Outlook alert miss Mail Client option and if you change, as I did, the parameter as I explained, it not works. Or Thrusted Application or nothing (the other options are not useful to be considered for an app like that)

Now it should be more complete, sorry again

UPDATE
Changing the Configuration from Proactive to Firewall, rebooting, when I open Outlook the alert/Treat as show me the Mail Client option, and it works
Changing back from Configuration/Firewall to Proactive, rebooting, when I open Outlook the Alert/Treat as DOESN’T show the Mail Client option

Are you saying that in Firewall configuration it correctly shows you the Mail Client option, and it works correctly for allowing Outlook to correct? However, for the Proactive configuration the Mail Client option is not shown, and even if you manually set it Outlook is not allowed to connect?

Does this capture the essence of the problem? Sorry, I’m trying to shrink it down to something which can more easily fit in the format.

Thanks.

Don’t be sorry mate, that’s correct.
In Proactive works only as Trusted app (the most right one you can choose), no manual settings are accepted to fix, in Firewall config instead all is correct without changing anything manually

Okay, I just edited the first post. Please look it over and let me know if everything seems correct.

Also, please attach a diagnostics report and your exported configuration to the first post. If you have any questions about how to do that please feel free to ask.

Thanks.

Done

I hope to have saved correctly the actual configuration, let me know in case there’s something wrong.

Tks to you and have a nice time

Thank you. Is everything in the first post correct. I guessed at a few parts, and wanted to make sure that everything written correctly reflects the problem you are experiencing.

Thanks.

Yes, thank you, all it’s correct. It’s a bug supposed to be in the whole CIS 7, but after some try to understand better I can surely confirm it’s just in the Proactive config, that’s all.
For any additional info pls feel free to contact me

Have a nice time

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

You’re welcome!

I love this product since years, and for me is the minimum I can do :wink:

Cheers

One of the other Mods tried to replicate this issue and was unable to replicate it. Below is an explanation of what they did.

  1. Port 443 is not an SMTP or POP3 port, but Outlook client uses it to access Exchange Server in corporate environments. CIS is not designed for corporate use, though ESM is, ESM has a different config.

  2. I cannot replicate the problem he describes when adding 443 to POP3/SMTP portset - this seem to work fine. I replicated in proactive mode with custom firewall set to high alert frequency. To emulate the client I used Firefox defined as an Email client in Application Rules, accessing https://www.google.co.uk:443, as Outlook is very difficult run in a VM without installing it as part of Office, which takes a long time, and can still give licence errors.

Does that solve this on your system as well?

Thank you.

No mate.
I just see that my email account with digital signature is using the SMTP port 465, like Gmail, but if outlook 2013 is setted as email client in Comodo, it alerting me Outlook want to comunicate through the port 443, that confuse me

My Outlook is working as thrusted app, otherwise I get that error

That is expected behavior, 465 is an SMTP port so it is covered by the policy

but if outlook 2013 is setted as email client in Comodo, it alerting me Outlook want to comunicate through the port 443, that confuse me
That is expected behavior as 443 is not a POP or SMTP port. Outlook uses it to communicate with exchange server. But exchange server is a corporate product, so it is not appropriate for CIS, which is a personal product, to include this in either the POP/SMTP port set or the email client policy. However I have investigated the policy in ESM the corporate product, and that does not include 443 either, so I have made an enhancement request to add that.
My Outlook is working as thrusted app, otherwise I get that error
That is expected behavior. By default Outlook allows outgoing connections for trusted files.

I hope that helps clarify things for you.

Best wishes

Mouse

Hello, what is wrong, at this point, is that all my accounts uses POP3 and SMTP servers with ports 110, 25, 995 and 465, I don’t have any account with any other port, and Comodo ask me for port 443 when I open Outlook.

Anyway, I left Outlook as Trusted app and I stop to disturb you

Have a nice time

Hi Andy

I am not doubting you, just trying to work out why as this is not normal behavior for Outlook as far as I can see from internet searches, and my own experience.

A couple of possibilities

  • an Outlook plug-in may be causing this, for example secure email (remember Outlook has more than one plug-in type COM and normal if checking)
  • you may have mistakenly added a non POP3/SMTP account
  • you may have a corporate Outlook version set up by default for exchange server access

It is also just possible that Outlook requires it to fully display or preview certain HTML emails, if for example they contain images which must be downloaded from an SSL-secured server. But this would be unusual I think - in general such resources are stored on a non-secure server.

Best wishes

Mouse1

Hi,
since few days before this post I had CF 5 with Outlook as email client, and everything always worked fine. The issue now raise when it start to check each email account for messages (as soon as I open it), not when I’m try to read any amayl from my 10 email accounts.

Anyway, tks for your time

If you have the reading pane open, then the previewer will access the internet to display remote resources eg pictures. Rules, spam filters and security suite plug-ins (eg Norton email scanner) may also do the same on every download to apply tests eg for spam or downloaded file inspection by AV.

Possibly also if you have outlook set to download picture with emails it will happen even with the preview pane closed, not sure.

I have just found an email that requires comms over 443 to download images, so this does happen

I think the reason CIS does not add this as an allowed port is that Comodo would feel it insecure to allow email downloads by default.

I am not sure why it did not happen in 5.x, possibly it’s a co-incidence, possibly 5.x behavior was incorrect.

I hope that helps a bit

Mouse

Hello Andy.

On the basis of the above analysis I think:

  1. The fact that 443 is not allowed in the CIS email client policy for Outlook is correct. If it were allowed the email client would be starting to confer browser privs which not all uses would want. (Some users don’t want the email client downloading email images etc without permission as can be a security risk). So I have closed this issue - M976 - in the tracker.
  2. The fact that it s not allowed in the ESM policy either is probably a mistake as many businesses use exchange server which does require this port to be open in it’s email clients. So I have opened an issue for ESM - M1010 - on that basis.

Thank you very much for this report which has allowed us to identify a bug in the business version of CIS, ESM

I apologize for not acting on this sooner. As mouse1 has created a new bug report for this in the CES tracker I will now move this one to Resolved, as this section is specific to bugs for CIS only.

Thank you.