All:
I am using Comodo Firewall. The Stealth Ports Wizard is set to Block all Incoming Connections. At first this setting prevented any IP addresses from being picked up by Malwarebytes so I disabled it. Today I checked to see Malwarebytes was still not picking up any IP addresses. I was surprised to see that it’s picking up a large number of them.
What can I do to rely on Comodo 100% and not need Malwarebytes?
Thanks very much.
RSinger
I’m not 100% what you’re talking about here… Malwarebytes or CIS. But, CIS’s Stealth Ports Wizard is not a setting/option, it is a process. You run it, it adds & changes rules depending on what you asked for and then it ends. It cannot be disabled, because it cannot be enabled… it can only be run. However, removing/changing rules can easily undo/break what Stealth Ports Wizard did.
So, with this in mind… can you please elaborate on what “picking up IP addresses” is & what was “disabled”? Thanks.
Also, assuming that your post is a request for help/support (am I correct?), I should really move this to the appropriate section.
Kail:
Sorry I wasn’t clearer in my first post.
A few months ago I put a post on this forum saying that I had installed Comodo Firewall and still had Malewarebytes on my computer. In the Malwarebytes log file it showed all the IP addresses it was blocking in spite of my having installed Comodo. Someone replied (I forget the name) that I set the Stealth Ports Wizard to block all incoming connections.
I did that and then looked at the log files in Malwarebytes. There were no blocked IP addresses so I disabled Malwarebytes thinking I didn’t need it. I made no changes to Comodo Firewall.
Today I activated Malwarebytes to check the log file and saw that it is blocking dozens of IP addresses.
I would like to inactivate and even uninstall Malwarebytes and rely on Comodo to block unwanted IP addresses. Can you advise me which settings I need to make in Comodo to block all incoming IP addresses.
I hope this post is clearer.
Thanks very much.
Regards,
RSinger
Yes, it is thanks. OK, I think that I understand what you mean. But, you’ll need to confirm it for me (I’m not familiar with that aspect of Malwarebytes).
I’m assuming that Malwarebytes has some form of IP blocking (ie. blocking IPs that are known to be bad). Is that correct?
That is correct. Here are a few lines from the Malwarebytes log file:
15:14:00 Bob IP-BLOCK 212.117.167.129
15:16:17 Bob IP-BLOCK 173.244.198.75
OK. CIS does not have this ability. Instead, it protects you from what bad sites try to do (drive-by attacks, etc) to your browser & OS. CIS doesn’t prevent access to those sites and it doesn’t rely on a list of bad sites/IPs.
OK, thanks. I’ll leave Malwarebytes active.
Best,
RSinger
No problem. 
I am noticing this issue as well today.
It is not clear in MBAM log if it is blocking incoming or outgoing connections, and in fact I did not think it was a firewall !
CIS is set on proactive and stealth, so in my view it should be blocking all incoming unless in trusted zone or allowed otherwise.
Therefore that suggest that MBAM is blocking outgoing requests to known malware sites.
It lists the following IP addresses, but unfortunately it does not say which application was trying to connect -
14:50:09 IP-BLOCK 89.28.46.105
14:50:09 IP-BLOCK 89.28.51.110
14:50:17 IP-BLOCK 89.28.46.105
14:50:17 IP-BLOCK 89.28.51.110
All these are worryingly in Moldova ???
More worryingly is as to what on my PC is trying to connect with these sites. I have recently run several checks, and will re-run them today.
CIS in the firewall log does not show any blocked events or connection to these addresses.
By the way, how do I get CIS to log every single connection in or out? I know it would be a big list but it might help me troubleshoot this?
In Global Rules edit the Allow IP Out rule to also log.
I did that earlier today, MBAM then later blocked some IP addresses, but no corresponding events were shown in the CIS log.
To be honest, althoujgh I have ujsed CIS for 2 years I still find it confusing. I should be able to easily see a log of all events and not have to create special rules. And then it is not clear to me if all requests are logged with this rule, or only those events where the application is allowed “outgoing ony” - what about the other rules and events logs for them? Do I need to work throught every single default rule and make it log also? And then what about each application rule?
I also noticed that some of my applications such as Firefox and Skype are not shown in “network security policy” and I do not understand why not!? I thought the firewall added all apps to the list and according to default rules, or it would prompt me accordingly?
Sorry for being confused, but on the one hand I do not want a talkative firewall, but I still want to be sure I am protected and that it logs all events. I am not fearing that Firefox and Skype are somehow not covered and that MBAM is preventing me from being atttacked rather than CIS?
How can reset CIS policies, all of them, back to default, back to beginning, without re-installing?
Thanks
You could decide to change the Firewall policies by editing them to log. That way you don’t have much work to do. If you edit the Outgoing Only Policy to log all traffic all programs with the Outgoing Only policy will be logged.
I also noticed that some of my applications such as Firefox and Skype are not shown in "network security policy" and I do not understand why not!? I thought the firewall added all apps to the list and according to default rules, or it would prompt me accordingly?With default settings CIS will not make rules for trusted (whitelisted) applications. To have it make rules you will have to enable "Enable rules for safe applications in Firewall Behaviour Settings --> General. All programs then get a default policy; which is outgoing only without logging iirc.
Sorry for being confused, but on the one hand I do not want a talkative firewall, but I still want to be sure I am protected and that it logs all events. I am not fearing that Firefox and Skype are somehow not covered and that MBAM is preventing me from being atttacked rather than CIS?Firewalls like CIS are complex and have a learning curve. That comes with the territory.
How can reset CIS policies, all of them, back to default, back to beginning, without re-installing?CIS keeps back ups of the default configurations in its installation folder. If you want to start clean import the default configuration, give it an appropriate name, like My Clean Proactive Security, and activate it. That can be done under More → Manage My Configurations.Thanks