Hello all Guys,
I would need an advise regarding a recent concern I had if you can…
When connected through my VPN I noticed that >90% of traffic go through Openvpn.exe (Which is good), then my concerns are:
My feeling is that every application (malicious included) could go through Openvpn.exe without the Firewall doing anything being Openvpn.exe “allowed”, is that possible?
Or is the firewall monitoring also apps that connect through OpenVPN?
If other apps different from Openvpn.exe popups in the traffic monitor as active, does that mean they are connecting outside the VPN?
Sorry if my questions sounds not precise or a bit noob.
Thanks for your advise.
Yes it should, actually.
Maybe it is and it’s me not understanding well.
Anyway what I see in Comodo FW “show connections” screen is:
Openvpn.exe: connecting from my local private network IP to VPN server IP
Explorer.exe: connecting from my local private network IP to Msnbot IP (191.232.139.62)
Any other app: connecting from TAP Adapter IP to destination IP
Do you have DNS leak protection enabled with PIA. If not and you do enable it its very important to right click the tray icon and disconnect each time instead of just closing PIA first. That way it will revert to your default DNS settings, and not break your connection. That may the problem with the leaking traffic. Also you need to disable WebRTC across all your browser(s). If your referring to Windows Explorer just treat it as Blocked Application. the only useful reason to connect to the internet is verify digital signatures of files and Comodo will do that for you.
If malware is running on your system then yes it will make connections through Openvpn. You could takes the steps of only allowing browsers, torrent clients, chat clients, Et cetera by setting up rules. Comodo will not filter the traffic once Openvpn is granted outgoing access. Atleast to the best of my knowledge.
As long as the firewall driver is installed/listed for the VPN network adapter then the firewall will filter network connections when connected to a VPN, to verify filtering you can set the firewall to custom ruleset and launch a browser and go to any website, you should be asked for allowing access as long as their are no rules set for the browser in question to allow access.
Thanks for your tips.
with explorer.exe app I was not referring to browser but to file manager app.
I was not using every time anti-IP leak feature to keep the ability of switching off PIA when needed, but I checked on ipleak.net test and it was always negative even with client feature disabled.
Anyway I need to do further test because this looks very strange…
Thanks for that suggestion! This is exactly what I need to do to check if apps are actually filtered before going through VPN, good catch! thank you.
What do you think about explorer.exe going from my local network IP to destination IP of msnbot?
Could this connection actually escape from VPN connection?
It could be that the connection was already established before connecting to the VPN and therefore didn’t reset to using the VPN that’s my best guess and all new connections would connect through the VPN.
Your correct, but I was looking from default config in firewall safe mode with do NOT show alerts as much as possible enabled. Trust VMware (or any other process) with these setting and see what alerts appear. This is how I install CIS for other people who aren’t familiar.
thank you.