Port scans not getting blocked

It seems that the port scan blocking feature doesn’t work in Comodo v3. I’ve run full range port scans at various rates, up to near 700 probes per second, but Comodo will just keep logging individual connection attempts (not all of them of course) throughout the complete duration of the scan. If any ports are listening and enabled by firewall rules, they will successfully be detected as open. Comodo will not completely block the host at any point. The feature is mentioned in the Attack Detection configuration, but there seem to be no specific options for enabling/disabling or adjusting it, except for the block duration. Is there something I’m missing here?

Comodo X32
Windows XP Professional SP2

You have to define your home network (LAN or computer) and run the Stealth Ports Wizard. If you have a single computer (no home LAN), you can just pick the third option (Block all incoming connections…) and this will stealth your computer. After this, connections will only be allowed for attempts that fit the rules for individual applications.

My configuration does allow only connections that fit rules for applications. This is not the problem.

I’m talking about the feature that’s supposed to block a certain IP when it detects multiple port probes coming from the host. As it is, anyone can run full range port scans against me and Comodo will allow it. Complete stealth is not an option, as I need to keep some ports open to this computer in any case.

Quoting from the manual:

"Comodo Firewall Pro detects the most common forms of port scans, alerting you and temporarily blocking the banning the IP address of the scanner, ensuring that they are “cut off” before they can discover any useful information about your system. "

The Stealth Ports Wizard writes some Global rules that govern incoming connection requests and the firewall’s response to them. Any ports that are not stealthed will appear in a port scan, even if only as closed ports. If you are leaving ports open for some reason, they will be discovered by a port scan. Have a look at
to see if the application that you are wanting to use is discussed there.

What exactly are you saying? That Comodo does not have the Port Scan Blocking feature that’s mentioned in the manual and also Attack Detection settings? If you know that it’s still not readily functional in V3, why don’t you just say so?

I’m not looking for other advice on this topic, I simply need to know if the feature as described is supposed to be functional or not at this point, and if it is, what might prevent it from working.

A missing global block rule is definitely not what prevents it from working, and it would be pointless to use a feature like this in conjunction with complete stealthing of all ports. The feature is meant to stop port scans in time before they get a chance to find out about all the open ports.

Sorry, I did not quite understand your first question. There are two aspects of port scans that are dealt with by CFP. The most common is a port scan that is looking for open ports that can be used by worms to access your computer. The second kind of attack is a DOS or denial of service attack. The scan blocking that is employed depends on the rate of connection attempts and the response is to deny all connections for the duration of the attack. The first kind of port scan may only look at likely ports that are often left open and the rate of scanning may not trigger the DOS shutdown. To deal with that, ports need to be stealthed to avoid discovery of your computer as a live IP address. If you have open ports, there are a variety of worms that can try to infect your computer.

As I wrote in my first message, I’ve done full range port scans at various connection rates. I’ve also done common ports only probes. Comodo won’t react in any special way.

Also regarding Denial of Service attacks, I’m unable to get the flood detection to trigger either, tried all kinds of packets at rates well over the configured limits in Comodo’s attack detection settings.

I would suggest that you file a bug report. Please include the details of what tests you used and how they were executed and the way that you had CFP set up. I am only a user like you, but this wants looking into.