Using 188.8.131.527 on Win XP SP2. Public IP.
Firewall on Custom policy mode.
Starting apache service and everyone from internet able to connect to my web server! The very strange thing is that in View Active Connections at that time I only see that apache is listening on port 80 (0 bytes in/out)!! Even if someone download big file I don’t see that traffic anywhere in Active Connections!
Even if this is some setting that allows apache(but really there is no rule for apache to allow such connection) I should see connection and traffic! Is this something known?
httpd spawn multiple processes in order to handle http traffic.
The httpd process listed in View active connection is only the one that spawn the other httpd processes that actually serve the data.
I guess View active connection was meant as a secondary bulitin utility and doesn’t support yet that spawnig behavior.
I guess you tested that using a loopback connection. V3 can be configured to bypass traffic on loopback.
If this was not your case I have other questions but since you uninstalled CFP I guess this topic will be regarded as “View active connection” related
I’ll try to get back to this this week. Little busy at the moment.
However, just small information that Avast is only running Standard shield, no network/web shield at all, so I guess it will not be the case. Windows firewall is initially disabled.
When I get a chance I’ll install CPF and stop Avast service to see if this helps.
Just one more info, I am now using Agnitum Outpost fw v4 with same avast and other software/configuration and it is properly detecting apache incomming connection.
I’ve sent you pm with link to collected data.
Please keep in mind that I’ve tried 3 other fw brands which are detecting/notifying and blocking incoming connection in the same environment. However I would like to understand why it’s not working with CFP and stick with it.
As far as I can see in configuration manager in CFP there are Optimum and Network security configurations. Optimum is currently selected.
As for mysql - I’m always starting apache/mysql manually and I have tried to restart both apache and mysql after CFP is enabled.
It looks like CFP is not able to intercept TCP accept and data events in its driver, particularly in my environment. Or perhaps it doesn’t properly install hook.
Should you need more diagnostics just let me know.
I’m using http://www.wampserver.com/ to test here and when I start the services and then use the httpd or mysqld I get new fw rules added to CFP.
Those processes are marked as trusted by comodo so the rules will allow all outbound connections.
In your report you had no rule for those two can you check if these rules are created now if you starte these process manually and attempt to use them?
about your config please look at HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro
your active config is HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\0 but you should have
also a HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\1 branch.
Does this branch look like the other one or it has no leaves?
The only app that could cause such issue would be VMware but it looks like you are not using a virtual machine for these tests.
I’m supposing that even though there would be a rule(which is not true) allowing or denying particular connection, CFP active connection should have show bytes rx/tx. However they are always 0, for apache and mysql.
There is no rule neither for httpd nor for mysql.
You mentioned that you are using wamp, however, at this point I’m sure all listening connections are affected to this problem.
I guess that the rule absence and the view active connection are two different issues.
As for httpd it spawn several processes bat those are not listed in view active connection (maybe the refresh interval is not small enough)
I’m not sure about Vmware. Are you using vMware in bridged mode?
Please before trying to uninstall VMvare try to enable monitor other Ndis protocol under Firewall\advanced\Firewall behaviour settings\Miscellaneous and then reboot.
After a reboot starting stopping httpd/mysql services and attempting a connection would be a way to test this before attempting a vmware uninstall.
I see that there is also a Usergate NAT driver I’ll try to find some info about that.