Hi,
when I try to watch multicast stream, network monitor block it with DDos Attack (Udp flood).
How can I avoid this?
Thanks
Lukas
Welcome to the forum!
I would be nice if you could attach a screenshot of network monitor rules.
Some info about your connection and if you are using a router.
Hi and welcome to the forum. For a quick reference though, go into advanced, advanced attack and detection, you can set the UDP flood protection packet size. 
OTHER CONSIDERATIONS if not that:
Are you sure the stream isn’t too high for your connection? what’s your speed and what is the speed of the multicast? If you have say 5mbps and the stream is 10mbps, you will get flooded. If they use an ASM system, they are far more prone to Dos attacks. SSM isn’t since it’s a specific send and accomodates the targeted destination. There is much more to it of course but also many do use UDP streaming. You also have to make sure you have the correct plugins for certain viewers to handle it. If you pay for multicast you should be a custom reciever but if you are watching from a free source somewhere, the stream may not be compatable. Also there are Dos attacks that more and more seem to target Multicast (with obvious reason). Have you tried to set your UDP to allow a range? If you are behind a router or have NAT, there are some configurations as well. Can you post what you use to view, speed, if routered, OS?
Paul
Thanks for welcome,
sorry for insufficient information.
When I turn off network monitor I can watch stream without any problem.
(stream is 7Mb, net is 100Mb, stream is from LAN. )
I use VLC or VBrickStreamPlayer Plus for wathing.
VLC is trusted aplication.
IP in/out source any, dest any is allowed.
ICMP in/out any, any allowed
If you are in a lan you have to make a trusted zone. If you have CPF you have to do it on all computers. If you already have a zone, and just forgot to tell, we have to figure something else out. You have a ICMP rule for allowing all, so i suggest that you make a IGMP rule to allow all.
Network rules to add. Move them up in the list, but not above the first two rules.
Allow IP
IN or out
S. IP - Any
D. IP - Any
IP Det. - IGMP
Allow ICMP
IN or OUT
S. IP - Any
D. IP - Any
ICMP Det. - Any
Allow ICMP
IN or OUT
S. IP - Any
D. IP - Any
ICMP Det. - Echo reply
Allow ICMP
OUT
S. IP - Any
D. IP - Any
ICMP Det. - Echo request
Just try if they work. If not, post again…
same problem - watching TV programs from muticast streams - dos attack block this
don’t work for me - even if i set 1000 packets per second and fw dont log any dos attack multicast stream dont work
dont work for me too 
its very hard maybe impossible make trusted zone for multicast …
and i dont think this will be a secure solution - alowing inbound icmp echo requests for whole network …
comodo seems to be a good fw solution for me and i am sad i cant manage this
What about UDP in any?
Paul
If you are behind a router i don’t think it will be insecure, because the router stealths you from internet. This was also a test just to see if it works. Make “loose” rules, then tighten them up.
In my router i had to turn on IGMP manually to get it to work. Sometimes it works anyway, so check if it’s enabled.
The latest VLC (8.5) caused me a lot of problems (not with streaming), not sure why yet, but i uninstalled it and will try the next version.
Have you tried to add a trusted network just for your stream?
Sorry that i couldn’t help you, but maybe someone elsa have solved this problem, or know how to…
Did you start using the multicast before or after CPF installed?
Paul
Just to be sure i went to Pcflank and took a couple of tests.
Stealthtest and advanced portscanner. I was perfectly stealthed in both tests with the rules in previous posts, and a second trusted network for stream. I had the router in DMZ.
Look like the image.
[attachment deleted by admin]
this is not a true - being behind a router will add no additional security at all - maybe if u mean behind a NAT …
i am network administrator on campus and we are routing seven C class public ip networks and in fact i need fw protection for this “LAN” 
no in my case it is not easy to do - there is many multicast streams not all with static address - SAP protocol
no problem - i am just in “testing new firewalls - old making me crazy” phaze
dont know if u ask me
if so i started using multicasts before CPF (if its help i was using Kerio FW - dont satisfy me in this form …, in kerio for multicasts working i just need permit same igmp and icmp settings - think so )
Hi, all I can suggest at this point is either make sure all instances of Kerio are absolutely gone. If you choose to, you can opt to send a support ticket here…
https://forums.comodo.com/index.php/topic,2516.msg19440.html#msg19440
They may better be able to resolve this for you.
Paul