Not showing apache active connection!

Using on Win XP SP2. Public IP.
Firewall on Custom policy mode.
Starting apache service and everyone from internet able to connect to my web server! The very strange thing is that in View Active Connections at that time I only see that apache is listening on port 80 (0 bytes in/out)!! Even if someone download big file I don’t see that traffic anywhere in Active Connections!
Even if this is some setting that allows apache(but really there is no rule for apache to allow such connection) I should see connection and traffic! Is this something known?

More formal info:

  1. CPU 32 bit
  2. Windows XP SP2
  3. Avast with Standard shield only.
  4. There is nothing I can do as workaround
  5. F: Custom Policy mode D: Train with Safe Mode

Just wondering if this was fixed in this new release.


Just installed and can confirm that this has NOT been fixed there.



Could you post a link to the apache build installer you are using?

Please attach a screenshoot of all your active connections using CFP

C:\Apache2\bin>httpd.exe -v
Server version: Apache/2.2.4 (Win32)
Server built: Jan 9 2007 23:17:20

Stable verision downloaded from

Sorry can’t provide screenshot as I removed CPF due to high security risk as you can understand.

Let me know if I can help you any other way.

httpd spawn multiple processes in order to handle http traffic.
The httpd process listed in View active connection is only the one that spawn the other httpd processes that actually serve the data.

I guess View active connection was meant as a secondary bulitin utility and doesn’t support yet that spawnig behavior.


I guess you tested that using a loopback connection. V3 can be configured to bypass traffic on loopback.
If this was not your case I have other questions but since you uninstalled CFP I guess this topic will be regarded as “View active connection” related

I guess you tested that using a loopback connection. V3 can be configured to bypass traffic on loopback.
If you mean listening interface for apache then it was set to my public IP and there was no loopback connection. Incoming connections were made from internet to my public IP.
If this was not your case I have other questions but since you uninstalled CFP I guess this topic will be regarded as "View active connection" related
You can go ahead and ask questions, I'll be happy to install CPF on my vmware and check for you.

Other useful informations would be to test global firewall rules and application rules indipendently.

  1. test if a global rule catch apache incoming connections.
  2. test if an existing application rule catch apache incoming connections.
  3. test if incoming wan connections addressed to apache generate firewall alerts (this should be the issue you described).

Anyway if the issue in step 3 is still present please open a new bugreport topic.

Developers addressed this issue but CFP is correctly catching the incoming request in their tests.

They suggested to test with AVAST/Windows Firewall disabled.

If this issue is still present then they need a step to step test-case to reproduce this issue and later test a fix.


I’ll try to get back to this this week. Little busy at the moment.
However, just small information that Avast is only running Standard shield, no network/web shield at all, so I guess it will not be the case. Windows firewall is initially disabled.
When I get a chance I’ll install CPF and stop Avast service to see if this helps.
Just one more info, I am now using Agnitum Outpost fw v4 with same avast and other software/configuration and it is properly detecting apache incomming connection.


Yep devs got CFP properly detecting incoming connections too when tested this. That’s why I asked for a step to step test case.

Maybe they tested this with a new build but there is a chance that an unknowns software confilct is cousing this on your side.

So there is no way to make a progresso on this until further info is provided.

Sorry guys, I just got a chance to install latest version and have the same issue.
I’ve stopped avast service at all. Windows fw service is disabled initially.

netstat -a
C:\Apache2\conf>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP oksanaxp:http oksanaxp:0 LISTENING

CFP is showing
TCP Listening:80 0b 0b

CFP mode is Train with Safe Mode

Let me know what information you need.

More news…
I’ve started mysql service and surprisingly found that I am able to easily connect to it as well!!!
Please assist me to find out whether this is bug or not.


the output of cfp match the netstat one I’m not sure what this example shoud mean.

As for Info you can use the script at Comodo Firewall Pro Configuration Reporting Script

I’ve sent you pm with link to collected data.
Please keep in mind that I’ve tried 3 other fw brands which are detecting/notifying and blocking incoming connection in the same environment. However I would like to understand why it’s not working with CFP and stick with it.

The report states you have two configurations can you confirtm this?
What is your active configuration?

I see a number of net aware processes that are started before cfp. I guess that is the reason cfp don’t alertr about them.
Please stop mysql service and restart it.

As far as I can see in configuration manager in CFP there are Optimum and Network security configurations. Optimum is currently selected.

As for mysql - I’m always starting apache/mysql manually and I have tried to restart both apache and mysql after CFP is enabled.

It looks like CFP is not able to intercept TCP accept and data events in its driver, particularly in my environment. Or perhaps it doesn’t properly install hook.
Should you need more diagnostics just let me know.

I’m using to test here and when I start the services and then use the httpd or mysqld I get new fw rules added to CFP.
Those processes are marked as trusted by comodo so the rules will allow all outbound connections.

In your report you had no rule for those two can you check if these rules are created now if you starte these process manually and attempt to use them?

about your config please look at HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro
your active config is HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\0 but you should have
also a HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\1 branch.
Does this branch look like the other one or it has no leaves?

The only app that could cause such issue would be VMware but it looks like you are not using a virtual machine for these tests.

I’m supposing that even though there would be a rule(which is not true) allowing or denying particular connection, CFP active connection should have show bytes rx/tx. However they are always 0, for apache and mysql.
There is no rule neither for httpd nor for mysql.

You mentioned that you are using wamp, however, at this point I’m sure all listening connections are affected to this problem.

Below is information requested.

This is from LAN properties(edited to fit in one picture)

I can uninstall VMware completely if this would help to check, please advise.


I guess that the rule absence and the view active connection are two different issues.
As for httpd it spawn several processes bat those are not listed in view active connection (maybe the refresh interval is not small enough)

I’m not sure about Vmware. Are you using vMware in bridged mode?

Please before trying to uninstall VMvare try to enable monitor other Ndis protocol under Firewall\advanced\Firewall behaviour settings\Miscellaneous and then reboot.
After a reboot starting stopping httpd/mysql services and attempting a connection would be a way to test this before attempting a vmware uninstall.

I see that there is also a Usergate NAT driver I’ll try to find some info about that.