I am not posting this in the “bugs” section as I am not sure this is really a but or maybe a feature request.
This is Windows 10 Version 1703 Build 15063.413 on a Dell Latitude E5470. I have disabled Windows Firewall, Windows Defender and Security Centers. Comodo is Antivirus and Firewall. HIPS and AutoContainment are also activated. Webfiltering not.
I have a rule for Photoscape (yes, the right executable) that only allows local traffic on 10.0.0.0/24 and 127.0.0.0/8. Until recently, this worked fine. Photoscape did not call home when starting, and it did not fetch a Flickr image to display on the welcome screen.
Today, it managed that. Wireshark clearly showed the request went on the network, and the Sysinternals’ Process Monitor traced the TCP Connect/Send/Receive operations as well.
I deleted the firewall rule and redid it - just in case. Nope. Photoscape was still allowed to communicate despite a rule clearly stating otherwise.
A reboot returned the system into a sane state. Firewall rules work again.
While I call this a bug in effect, one may also see this as a feature request. With Windows Update runs occurring at night (when nobody is watching and nobody will see possible popups to act upon them), funny things may happen. Apparently, one of them is an effective disabling of the firewall function of Comodo… well, partially, because some programs were still blocked from outside traffic. I also saw in the logs entries of blocked traffic. It only seemed to affect Photoscape 3.7 in my case.
This may call for a feature that periodically checks the integrity of protective functions after Windows updates. In any case, it is not acceptable to have the firewall (partially) disabled after updates. That somewhat defies the purpose of having security updates and firewalls in the first place.
Has anyone else observed this? How would I be able to detect this situation other than by coincidentially seeing something unexpected resulting from undesired Internet communication?
Thanks for your opinions.
PS:: Comodo is the latest version 10.0.1.6258 with any applicable updates installed. Windows also claims there are no further updates available.