No firewall logging when Alert Settings on Low/Very Low [274]

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

The bug/issue

  1. What you did: Switched firewall Alert Frequency Level to Low while trying to help solve another Comodo user’s problem of having no firewall log events.

  2. What actually happened or you actually saw: When I switched it to Low I opened the firewall log and refreshed every few seconds. The log entries had stopped appearing.

  3. What you expected to happen or see: I have a lot of bittorrent packets coming in after closing uTorrent so I normally have block entries every couple seconds on port 61638.

  4. How you tried to fix it & what happened: I switched the Alert Level back to High and checked the log. The log entries had started appearing again. I switched to all of the levels, checking the log after, and established that when the Alert Level was on Low or Very Low, the firewall would stop adding log events.

  5. Details (exact version) of any software involved with download link: N/A

  6. Any other information you think may help us: I only have one global rule and that’s to allow all ICMP.

Files appended

  1. Screenshots illustrating the bug: N/A
  2. Screenshots of related event logs or the active processes list: N/A
  3. A CIS config report or file: N/A
  4. Crash or freeze dump file: N/A

Your set-up

  1. CIS version, AV database version & configuration used: CIS: 5.0.162636.1135 Configuration: Proactive

  2. Whether you imported a configuration, if so from what version: Imported from 5.x (whatever previous version was. I also tried a bare Proactive config)

  3. Defense+ and Sandbox OR Firewall security level: Firewall: Custom Policy

  4. OS version, service pack, no of bits, UAC setting, & account type: Windows 7 x64 SP0, UAC off, Admin account.

  5. Other security and utility software running: None

  6. Virtual machine used (Please do NOT use Virtual box): None

2

Thanks for telling us about this.

This does not seem right to me, so I’d report it as a bug and see what the devs say.

We would very much appreciate it if you would edit your first post to create an issue report in line with the bug forum guidelines and format here. You can copy and paste the format from this topic.

To understand the reasons why we ask you to follow these guidelines please see below.

WHY WE ASK YOU TO FOLLOW THESE GUIDELINES
Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Best wishes and many thanks in anticipation

Mouse

3

What Global Rules are you using? Please show a screenshot of them. Are there specific programs you are expecting logs for?

The default Global Rules and the default allow outgoing rules have no logging enabled. Hence my question.

4

Post has been edited.

I only have one global rule, and that’s to allow all ICMP. I always have a lot of dropped bittorrent packets in my log after I turn off uTorrent so it’s easy to tell if it stops logging.

This is not really an issue for me, as I keep it the Alert Level at High. I was helping someone else who was wondering why his log was empty and this is something I stumbled upon. Considering the default Alert Level on the Firewall & Internet Security configurations is Low, it might be an issue for others.

5

I have (had, I use v4 again) that same problem.
See also https://forums.comodo.com/bug-reports-cis/high-cpu-usage-comodo-v5-when-logging-enabled-in-conjuction-with-avast-v5-free-t62770.0.html

6

Is this fixed in CIS 5.8

Many thanks in anticipation.

Mouse

7

Just wondering if this may be by design…

Playing around in 5.8 it still doesn’t generate log entries when the Alert settings are set to low or very low, but only for ‘safe’ applications. When an application is run that’s not TVL/Safelist/Trusted, it both alerts and logs.

[attachment deleted by admin]

8

Well possibly. You only get a log when something is prevented from doing something - so is the safe app being prevented from doing something? Outbound connections are allowed by default for trusted files, even in proactive config.

9

OK just noted inbound logging on safe files on ‘low’, so this fixed now I think.