No internet when 'www.microsoft.com' is blocked!

Hi all!
I’m on a new machine with a genuine copy of Windows 7 Home Premium. Nevertheless I still want to block Microsoft because I don’t want any “Big Brother” constantly checking up on me.
Adding the host name as “microsoft.com” to My Blocked Network Zones has no effect.
But when I add the host name as “www.microsoft.com” my internet connection is totally blocked.
This is weird and it bothers me.
Could it be that the operating system only allows internet access if a connection to Microsoft is also allowed?
Any advice is very appreciated, thanks for your attention.

Can you show me the Firewall logs? They can be found under Firewall → Common Tasks → View Firewall Alerts.

Thanks for your reply EricJH
Must be a bug. With PrivateFirewall on a Virtualbox Win7 system created with my Win installation cd, blocking Microsoft does not affect connectivity at all.

[attachment deleted by admin]

I see you are also using Returnil? May be CIS and Returnil are not very compatible? Try disabling or uninstalling it to see if there are adverse interactions between the two of them.

Hy Man ,verify if you have also " www.microsoft.com" in your Hosts file ,if it is ,remove it from the Hosts file and test

Thanks guys. I don’t want to uninstall Returnil from my main system right away, later maybe.
Yes, I have a ‘hosts’ file on my main system from http://www.mvps.org/winhelp2002/hosts.txt
I did add www.microsoft.com and others and left them in. But Windows ignores that entry anyway. This is documented on the net.
If I block ‘www.partypoker.com’ which is in my hosts → internet ok
If I block ‘update.microsoft.com’ which is in my hosts —> internet ok
Ok, now if I block Microsoft which is in my hosts → no internet !

Then, if I use an empty hosts file, reboot and then block www.microsoft.com → no internet!
It doesn’t matter if there are entries in the hosts file or the hosts file is empty.

Ok for final proof I installed the latest Comodo PF on a fresh virtual Win 7 system in Virtualbox.
Host file is empty. Installed progs see attachement. No Returnil installed.
Again I blocked www.microsoft.com → no internet! Other blocks are ok.

So, it ONLY happens when www.microsoft.com is blocked. WHY?
I challenge you to try this out yourself.
If you want to try it on a virtual Win system: Virtualbox is free from Sun. http://www.virtualbox.org/

Thanks for your attention.

[attachment deleted by admin]

I just tested it here with v4 beta on Win 7 and to my amazement your claim reproduces. :o ???

I will move this to the bug boards.

No please this is not a bug, the following happens here:

CIS get’s a block all for www.microsoft.com but you put it in the host file to resolve to 127.0.0.1 guess what get’s blocked now !!!

ALL traffic to/from 127.0.0.1 because a Firewall needs an ip address to block not a name, CIS does a name-lookup every system boot for this “name2ip” get’s back 127.0.0.1 loopback and blocks all traffic for it.

So if you remove it from your host file it should resolve “some other ip” and only block that.

So effectively your not blocking www.microsoft.com :wink:

Looks like i “assumed” to much here, there is indeed an issue also on Win7 x32 & WinXP SP3.

  • Blocked networks should have an option to set logging enabled on a “blocked rule”
  • Issue is not caused by multiple A Records on DNS query, blocks all results from different query
  • Issue can’t be reproduced on a global rule
  • Issue is reproduced if you put a manual rule like this on application rules
    (Block, Log, IP OUT, src any, dst M$)
  • What you will see then is that all traffic is blocked on firewall log
  • If you revert from Blocked to Allow you’ll have a ‘log all traffic’ rule so the dst hostname fails and reverts to an “ANY” rule that’s the reason it blocks all outgoing traffic
  • Issue does not arise if you use a hostname that does not resolve to an IP

So this is a real bug :-TU

Thanks for checking this. :slight_smile:

Comodo can’t block 207.46.232.182

I had disallowed an outgoing ping and written down the ip 207.46.232.182
I tried to block it.
Guess what? Comodo can’t block this ip !?
And guess WHOIS this ip !?
Try it yourself.
Thanks.

[attachment deleted by admin]

It’s good ol’ big brother. :stuck_out_tongue:

This is an interesting bug. Is it only on Win7 systems?

[attachment deleted by admin]

I can confirm this bug.

[attachment deleted by admin]

Just noticed that after updating Comodo PF from within the firewall itself the
ip 207.46.232.182
IS BLOCKED.
great.

I have been testing some with blocking www.microsoft.com on Win 7.

At one point I introduced closing browser and flushing dns cache and the problem was no longer reproducible.

Are you willing to try the following:

  • Close all browsers
  • Open the command prompt and execute ipconfig /flushdns

Does that “fix” it?

It looks like Comodo chokes when there is an invalid dns reference in DNS cache. If that is true then the IP address of www.microsoft.com has changed I guess.

I rebooted, ran ipconfig/flushds, opened Comodo, set the block in My Blocked Network Zones and then started the browser.
→ Again, everything was blocked.
You can verify my findings on a fresh install of Windows, like on a virtual system, you will see that only the entry www.microsoft.com will produce a total block.
Thanks again.

[attachment deleted by admin]

I see I made a typo. I added ww.microsoft.com at one point during testing. That’s why it seemed that the flush dns routine I added to the test routine was fixing it.

I retested and I can now 100% confirm on Win 7 32 bits.

Basically only rule you need to internet on any windows system is svthost.exe allowed UDP IN/OUT destination port 53.

You can block entire rest of the system.

This svchost.exe on port 53 will only allow UDP DNS queries, if you block all other traffic you will only be able to resolve Names to IP Addresses…

When I block microsoft.com, it doesn’t block the microsoft website.
Yet after I click apply it instantly pops up an alert asking if cfp.exe can connect to my DNS IP’s.
And every time I click on my blocked network zones again, it asks 10 times to connect to the DNS servers.
Of which I just click cancel, and it still connects to the net.
When I block www.microsoft.com it does the same thing.
I also have static IP’s through the router, and I have svchost.exe and Explorer.exe and System, permanently blocked from the net.
And my net works fine.
http://i49.tinypic.com/2a9eiqo.jpg