Nmap Security Scanner & Block All Mode [BUGREPORT] [CFP x32]

Hello there.

I’m running COMODO Firewall Professional (32 bit) on Windows XP SP2 and have noticed that scanning a remote host’s ports with Nmap Security Scanner (version 4.23RC1, available at www.insecure.org) goes completely unseen by COMODO Firewall when no DNS resolution is used.

To recreate the situation:

  1. Set the Firewall Security Level to Block All Mode. According to the mode description, “No traffic is allowed to/from any network interface”.

  2. Run “nmap -v -n <some target host’s IP address>” (-v toggles verbose mode, -n turns off DNS resolution).

In my case, nmap does a successfull scan of a remote host. There is no indication of any activity in Active Connections when the scan is in progress.

Same with the Custom Policy Mode. Although no application rules for nmap.exe exist, Nmap scans succesfully, without any alerts popping-up. No traces of nmap.exe in the Firewall Events log.

Looks like a bug to me.