Quietly sneaking around & blocking

I just spent an hour, along with two tech support staff experts attempting to figure out why when I uploaded with WS_FTP to my server (which is set to allow IN & OUT under application monitor) and also tried uploading using my CoffeeCup HTML Editor FTP Built in component (also set to allow under applicaton monitor) to the same server, the file appeared to have transfered, but was a blank index file. Unbelievably as a last resort, I closed COMODO and shazaam, it uploaded fine. Why didn’t I get a prompt asking for permission or something? Seems odd it would just quietly block an approved program action without any notification. What am I missing here?
(Just dumped my paid Kerio Firewall for this one)
Thanks for any help

Hi Timbuk2.

If you managed to transfer a file, albeit incompletely, then the firewall is working correctly.

If you would, please describe the rules you have in Network Monitor and Application Monitor for FTP. A picture would be good :slight_smile:


Disable do protocol analysis. sometimes it blocks some packets without reporting it.

That didn’t work. Seems like the problem has reoccured after having worked ok for months. I just realized I posted the problem in a new post, but when I searched I didn’t find this one.

Application Monitor and Advanced Security (ABA + Component Monitor) are the only popup alerts you will get. Any events involving Attack Detection or Network Monitor will not generate a notification to the user; they will be blocked ‘silently’ according to the user’s settings.

If disabling Protocol Analysis did not do the trick, then it is most likely related to Network Monitor. Make sure that you have the FTP rules properly built to allow necessary In and Out traffic , and positioned in such a way that they are not blocked by a more restrictive rule (ie, they need to be placed in order above a more restrictive/conflicting rule).

If something is being blocked, it will be in the Logs. Go to Activity/Logs, right-click an entry and then select Clear all Logs. Then go through your process again. Check the Logs for entries showing blocked traffic.

You can export those for analysis here…

Right-click an entry, select “Export to HTML.” Save the file and reopen it (it will open in your browser). Highlight the relevant entries, Copy them, and Paste them into your post here. If your external IP shows, you may edit it with ‘x’ for privacy if you like.


Nothing shows up in the log, the file uploads, it just uploads it blank instead of with the intended content. Seems very strange to me.


This is definitely not the normal behavior. My first guess is that when you installed CFP, you either had some other active security software that caused conflicts during installation, or you have remnants from your previous firewall. Typically these oddball issues are the result of one (or both) of these.

With 2.4, I definitely recommend that installation & uninstallation be done in SafeMode to minimize the chance of conflicts (in SafeMode other security apps won’t be running). v3 seems to do okay for install/uninstall in Windows normally, as long as other active security apps are thoroughly disabled.

Let me know which version you’re using there, and we’ll go through some steps to see if we can eliminate the issue you’re having.