The home screen of the firewall shows large numbers of “network intrusions.” However, when I click on the number of intrusions, the next screen is blank for all categories in the drop down menu so it’s impossible for me to figure out why these intrusions are being logged and what the reason is for them. I am running the latest version firewall, only, 6.x on a 32bit W7 machine. Suggestions?
On the new window, right-click anywhere where it’s blank and in the context menu click “Entire period”
You could be receiving network intrusions but that you have not checked the “log this event if firewall rule is fired”.
If you go into your global rule settings and tick the blocked incoming connections box it should log the events for you. 
Only intrusions which are set to be logged will be counted in the Network Intrusion counter. Or my installation of CIS is botched because I have blocking rules which are fired every second however I have them set to not log and then the counter doesn’t go up from those.
hmm thats strange.
if intrusions are in the counter then they should be logged.
Perhaps the OP has not got any firewall events being logged at all or the logging is turned off altogether. :o
I think it’s a period thing with CIS logs rather than something not being logged, if you change the period to ‘Entire Period’ then the logs should show up, then all that is need is to sort them by date (which is beyond me why CIS doesn’t do by default?!)
Seeing as we are speaking of intrusions.I am trying to solve the problem with hips intrusions being counted when the sandboxed browser is open.
I cannot find out if this is intentional behavour or not. !ot!
Sorry for off-topic but thought the 2 instances of intrusion logging maybe somehow connected. >:-D
From what I can see these two instances of logging doesn’t really have anything in common, perhaps they have in common is what is being blocked and logged but the topic is about blank log files while intrusion count is high, not whether what is being blocked should be blocked or not.
Whether it is intentional or not I do not know however what I do know is that I have not been able to find any setting for the blocking and logging of sandboxed browsers, so the setting that blocks and logs these are under the hood of CIS and the user doesn’t have control of it, at least that’s my finding, I would prefer if one could set them to block but not log. 88)
Also, if you clear the logs then the intrusion count will not reset until you restart your computer.
Check to ensure that logging is enabled in preferences. In v5.12 that is found in the ‘more’ tab.
In CIS/CFW 6.x
Go to main menu > Task button > Expand “Advanced Tasks” > Click “Open Advanced Settings” > Click “Logging” in the left menu of the new menu.
“if intrusions are in the counter then they should be logged.
Perhaps the OP has not got any firewall events being logged at all or the logging is turned off altogether.”
I only have one logging event and I have checked logging both in the general settings and for the event. It does not show up in the log files, even when I click “entire period” in the blank screen. Right now I have 2 “network intrusions” listed (they disappear after a reboot) in the detailed screen but it does not show any of them being blocked. I have followed all the suggestions here but still cannot figure out what these 2 network intrusions mean or where they came from.
Could you post screen-shots please?
Which firewall setting are you using.?
Custom.
safe mode.?
Do you have have block all requests and show no pop ups selected in your firewall settings.
Maybe outbound connections are being blocked which you are not aware of.
Here is a screen shot: I am running in stealth mode.
[attachment deleted by admin]
6 isn’t really a high number of network intrusions, most normal I would say. If you click the number, what does the next screen show? (Screen-shot please)
The next screen is entirely blank, which is the reason for my question. Although logging is checked in both places (general and the special special deny firewall rule for stealth connections) there is nothing in the log. I am trying to determine what this number means. It, of course, resets after each re-boot.
Just for verification could you post a screenshot of the blank screen after having changed the period to ‘Entire Period’?
For some unknown reason, I now have logs (whereas I did not before) which enabled me to discover the network intrusions. One computer on my network is isolated from all others using global block rules. The network intrusions identified pertain either to blocked DHCP or ARP requests. For those who responded and offered their wisdom – thank you!