Hi.
Using 3.0.15.277 on Win XP SP2. Public IP.
Firewall on Custom policy mode.
Starting apache service and everyone from internet able to connect to my web server! The very strange thing is that in View Active Connections at that time I only see that apache is listening on port 80 (0 bytes in/out)!! Even if someone download big file I don’t see that traffic anywhere in Active Connections!
Even if this is some setting that allows apache(but really there is no rule for apache to allow such connection) I should see connection and traffic! Is this something known?
httpd spawn multiple processes in order to handle http traffic.
The httpd process listed in View active connection is only the one that spawn the other httpd processes that actually serve the data.
I guess View active connection was meant as a secondary bulitin utility and doesn’t support yet that spawnig behavior.
Regarding
I guess you tested that using a loopback connection. V3 can be configured to bypass traffic on loopback.
If this was not your case I have other questions but since you uninstalled CFP I guess this topic will be regarded as “View active connection” related
I guess you tested that using a loopback connection. V3 can be configured to bypass traffic on loopback.
If you mean listening interface for apache then it was set to my public IP and there was no loopback connection. Incoming connections were made from internet to my public IP.
If this was not your case I have other questions but since you uninstalled CFP I guess this topic will be regarded as "View active connection" related
You can go ahead and ask questions, I'll be happy to install CPF on my vmware and check for you.
I’ll try to get back to this this week. Little busy at the moment.
However, just small information that Avast is only running Standard shield, no network/web shield at all, so I guess it will not be the case. Windows firewall is initially disabled.
When I get a chance I’ll install CPF and stop Avast service to see if this helps.
Just one more info, I am now using Agnitum Outpost fw v4 with same avast and other software/configuration and it is properly detecting apache incomming connection.
Sorry guys, I just got a chance to install latest version and have the same issue.
I’ve stopped avast service at all. Windows fw service is disabled initially.
netstat -a
C:\Apache2\conf>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP oksanaxp:http oksanaxp:0 LISTENING
CFP is showing
httpd.exe
TCP Listening:80 0b 0b
CFP mode is Train with Safe Mode
Let me know what information you need.
More news… I’ve started mysql service and surprisingly found that I am able to easily connect to it as well!!!
Please assist me to find out whether this is bug or not.
I’ve sent you pm with link to collected data.
Please keep in mind that I’ve tried 3 other fw brands which are detecting/notifying and blocking incoming connection in the same environment. However I would like to understand why it’s not working with CFP and stick with it.
The report states you have two configurations can you confirtm this?
What is your active configuration?
I see a number of net aware processes that are started before cfp. I guess that is the reason cfp don’t alertr about them.
Please stop mysql service and restart it.
As far as I can see in configuration manager in CFP there are Optimum and Network security configurations. Optimum is currently selected.
As for mysql - I’m always starting apache/mysql manually and I have tried to restart both apache and mysql after CFP is enabled.
It looks like CFP is not able to intercept TCP accept and data events in its driver, particularly in my environment. Or perhaps it doesn’t properly install hook.
Should you need more diagnostics just let me know.
I’m using http://www.wampserver.com/ to test here and when I start the services and then use the httpd or mysqld I get new fw rules added to CFP.
Those processes are marked as trusted by comodo so the rules will allow all outbound connections.
In your report you had no rule for those two can you check if these rules are created now if you starte these process manually and attempt to use them?
about your config please look at HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro
your active config is HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\0 but you should have
also a HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\1 branch.
Does this branch look like the other one or it has no leaves?
The only app that could cause such issue would be VMware but it looks like you are not using a virtual machine for these tests.
I’m supposing that even though there would be a rule(which is not true) allowing or denying particular connection, CFP active connection should have show bytes rx/tx. However they are always 0, for apache and mysql.
There is no rule neither for httpd nor for mysql.
You mentioned that you are using wamp, however, at this point I’m sure all listening connections are affected to this problem.
I guess that the rule absence and the view active connection are two different issues.
As for httpd it spawn several processes bat those are not listed in view active connection (maybe the refresh interval is not small enough)
I’m not sure about Vmware. Are you using vMware in bridged mode?
Please before trying to uninstall VMvare try to enable monitor other Ndis protocol under Firewall\advanced\Firewall behaviour settings\Miscellaneous and then reboot.
After a reboot starting stopping httpd/mysql services and attempting a connection would be a way to test this before attempting a vmware uninstall.
I see that there is also a Usergate NAT driver I’ll try to find some info about that.