I have set up two network rules to prevent one of my applications from sending data to its website- one based on the IP of the site and another based on the host name of the site.
The host name based rule is to block TCP or UDP In or Out from Any IP to Host IP NAME: [http://xyz.com] from any source port to any destination port.
The IP based rule is to block TCP or UDP In or Out from Any IP to Any Host IP from any source port to any destination port.
These are the first and second rules in my list.
Now, I would expect that no page should load from xyz.com or the IP address. However, the site very well loads in my browser. I looked at the comodo logs and found some instances of the block of the IP, though not the host name. But the site loads. And there is never any alert though I have checked the create alert for this rule option.
I tried to block a domain, and at first it didn’t work.
Restarting the computer did the trick. ;D
You shouldn’t have to restart your computer to get a network rule for domain block to work.
The rule was like this.
Tcp or Udp
Source IP Any
Destination IP Host name : www.xxx.com
Source port Any
Destination Port Any
Have you tried this in component monitor? If I understand, you are trying to block and app with 2 rules from connecting to the server\site right? You can create the rules in application monitor etc…as you are but if not blocked in component monitor, (the .dll or whatever file) app both, most likely will not get blocked. Say if I create a rule as you did, block eg…Windows Media Player from the server or site, I would block in component monitor the part of it say update.dll etc…that would block the app from attempting to access the site. What you see in App monitor is basically (somewhat) broken down into pieces if you will in the component monitor. Just a thought and if i misunderstood, it’s Aowl’s fault.
Hmmmm. It is a bit of overwork. And yes, the addy should be as you mentioned. Component monitor should be blocking this too or it won’t work. Thing is I am a bit confused here…
<<And for the IP blocked, there is no alert, though I have set the rule to alert. The browser displays a blank page and says ‘sending request to site’ forever!>>
A blocked IP won’t get an alert if i’m correct, only an attempt. Also, if the browser displays a blank page, this is normal if blocked. Unless you mean your browser home page and all others?? Are you sure you aren’t blocking a needed app? Aowl, thoughts?
Don’t be so ■■■■■■■ yourself, but yes, AOWL , GIVE A HOOT DON’T POLUTE!! (:CLP)
We need to keep this on topic. I still think that something is being blocked that shouldn’t but only time will tell when Glass replies.
Here guys, the time has come for my reply- it is the time zones.
Let me answer your questions as I can. The application is naviscope and this is a local proxy that pings http://naviscope.com/afd by its stated design. The website is no more owned by this now out-of-production software, and so I want to block traffic to this site. One of my rules was to block http://naviscope.com and another, its IP address.
I believe I did try dropping the http:// and www too, but it doesn’t seem to fix the problem.
Also, I believe Component Monitor won’t be of much help here because I don’t want to block any program or dll; rather no browser should connect to the site.
If a site is blocked, I would think an alert should pop up from Comodo (I chose the option: ‘show alert if this rule is fired’); and the browser should notify me that the site could not be reached and stops requesting - I remember this was how it was in Zonealarm (I liked that in ZA). No, I am not looking for a fancy error page.
I like Comodo and would definitely like these fixed. In fact, I had put in a wish to have the ability to bunch many URLs into a single block rule (similar to creating a blocked zone in ZA). And if there is a spec on how the host name has to be entered, I hope it should be stated somewhere.
Thanks for your help, guys. Let me know if you have some thoughts.
If a site is blocked, I would think an alert should pop up from Comodo (I chose the option: 'show alert if this rule is fired'); and the browser should notify me that the site could not be reached and stops requesting - I remember this was how it was in Zonealarm (I liked that in ZA). No, I am not looking for a fancy error page.
I made a network monitor rule and it did block the site. There won’t be a pop up, but you will get a log entry in activity/logs if you check “create an alert if this rule is fired”. I did.
The rule looked like this:
Action : Block & Log Protocol : TCP or UDP Direction : In/Out Source IP : Any Destination IP : Host Name : naviscope.com Source Port : Any Destination Port : Any
Move the rule to the top (ID 0)
Sometimes i have had to reboot the computer before the rule worked, but this time i just restarted CPF. Wait 20 seconds when you have exit CPF before you start it again.
Good work Aowl. I would like to mention, no, there will not be a pop up alert if it is blocked. As Aowl said, it will be logged. As far as component monitor, an application “if own capability” will use a dll, or whatever , let’s call it it’s update engine for now, will try to access the internet or it’s site, etc…Like my example, I prevented WMPupdate.dll from accessing update to it’s homepage. But if it uses OLE , which wasn’t on my mind at the time, then yes you have to do it this way< The way of the AOWL
Either way, I think he’s got it down for you so i’ll bow out. The mad scientist of rule making.