RDP is not working with global rule for port 3389

Hello, I have a strange problem after reinstallation of CIS. All my rules were erased, so I’m trying to set up access for RDP again.

I have all working with the firewall turned off. Surprisingly, simple adding of the destination port 3389 to global rules change nothing and the RDP cannot connect to my PC. Tried adding application rule for svchost.exe and reinstalling of CIS and it is still the same.

I’m confused and don’t know what else to change/add in global rules, please advice.

Edited:

Ok, I solved it by removing “Windows Operation System” from the bocked application list in firewall events

Still, could please someone explain me why nor global not application rule for the port haven’t affected the block?

Make sure allow global rule is above any blocking rule, make sure svchost does not have a block rule in application rules. Did the firewall event logs show blocking of the RDP port? If both destination and source port say 0 then it was a blocked fragmented packet, to disable blocking of fragmented IP traffic, un-check the firewall setting block fragmented IP traffic. Also make sure the windows firewall is disabled, but not the windows firewall service.

global rule is above any blocking rule
yep

make sure svchost does not have a block rule in application rules.
nope, it isn't there
Did the firewall event logs show blocking of the RDP port?
Yes, exactly

make sure the windows firewall is disabled, but not the windows firewall service.
Oh, I don't know how to check the service. Is that the needed one?

When you removed Windows Operating System from blocked applications list, did you choose remove or unblock? Did it create a firewall application rule for WOS? If it did and RDP now works then it is a bug as svchost is supposed to handle the RDP connection. Does view connection tasks show svchost or WOS for incoming traffic for RDP? Look for a line that says TCP In under each process for 3389.

I believe it was “Unblock”, as the RDP worked right after that.

Did it create a firewall application rule for WOS
I don't know as I don't remember if it was on the rule list before, but I have "Allow all incoming and outcoming requests" rule for WOS now. Changed it to port 3389 to prevent the risk.
svchost or WOS for incoming traffic for RDP?
Well, strange enough but I don't see any 3389 port on the "active connections" (as well as no WOS services in the list). I see it via KillSwitch and it shows svchost.exe

What happens if you remove the WOS firewall application rule, does it work or does it get blocked from connecting again? In killswitch is the port state ‘Listen’ or ‘Established’?

It get blocked.
I have 3 TCP connections with RDP connected and 2 without it on the port 3389. By comparison of both states I believe it’s established (“Слушает” = “Listen”)

By the way, SMB-sharing has not being working before I added WOS exceptions to both global and application rules. Never touch these settings on previous installation and all was fine.

Could it be

  • some global blocking rule (basically there is one by default, “Block all IP from any MAC to any MAC”)
  • incorrect network activity detection by some bug?

So you needed to create an allow rule for WOS on port 445 instead of ‘System’ for SMB connections to work? Can you tell me what OS you are using, if Windows 10 can you give exact version and build number e.g. Windows 10 version 1709 build 16299.19.

incorrect network activity detection by some bug?
yes it seems like it could be.

The dxdiag results says:
Operating System: Windows 10 Pro 64-bit (10.0, Build 15063) (15063.rs2_release.170317-1834)

WOS on port 445 instead of 'System'
I basically added my local IP range to existing RDP rule for WOS in application rules and created a new global rule using the same setup in Global rules.

Hello everyone,

Im acing a strange problem. My computer is a windows 10 System. Both computers are Windows 10 and running Comodo Firewall.
Windows firewall is deactivated for private Networks. Both computer are in private Networks. Both computers are in the same subnet. Network is working fine. The only Problem is RDP. It doesn’t connect. The strange thing is. There are two ways to get it running:

  1. Option: Deactivate Comodo Firewall.
  2. Option: Disable and reenable RDP in Windows System
    I also added several rules like RDP allowing rdp port or allowing all connection, that shouldn’t even be necessary in my opinion but RDP request doesn’t reach the computer.

Is this a know issue or what is the problem? Any ideas?

Greetings
Matthias

My topic with the same problem is right under yours. Please try the following:

  1. In firewall general settings enable change notification level to the highest.
  2. Open the firewall event window.
  3. Try connecting to your PC using RDP.
  4. Refresh the event list in firewall event list.

Now, if you have exactly the same bug as me, you will see “Windows Operation System” connection to port 3389 in the list:

If so, open blocked application list, find “Windows Operation System”, right-click - unblock. It should create a new rule for WOS in firewall application rules, simply modify it from “Allow everything” to “Allow port 3389”.

Hope it helps.

Oh yes. Thank u very much. Seems to work :slight_smile:
Have a nice weekend :wink:

Thanks I have reported the issue and I could replicate the same with RDP but not for SMB. CIS correctly lists (and asks when firewall is set to custom ruleset) for ‘System’ to receive a connection on TCP port 445 on CIS 10.0.2.6408 Windows 10 1709 RS3.

//bug 2320

Posting this here since there seems to be no thread for bug 2320. I’m encountering a similar issue with v10.0.2.6408. I have a firewall configuration dating back to CFW v6 with a rule to allow traffic for svchost on my local network which enables RDP among other things; after installing v10.0.2.6408, this rule no longer has any effect and I can’t RDP into the machine (it may be entirely impossible for svchost to accept any connections, but I haven’t verified that). The block event also does not appear in the log despite the rule having logging configured. After downgrading to v10.0.1.6294, the rule allows RDP as expected again with no changes to the configuration.

Please investigate if you were not aware of this.

Moreover, I just ran an experiment using VirtualBox and a fresh installation of Win10 Enterprise 1709 using a host-only network adapter. Results are:

  • Start, no firewall installed: RDP works fine.
  • After installing 10.0.1.6294 and switching to custom ruleset mode: Upon attempting connection, a prompt pops up saying svchost is attempting to accept a connection. After clicking allow, RDP works fine.
  • After upgrading to 10.0.2.6408, no configuration changes: Upon attempting connection, nothing happens. No prompt pops up, the connection is blocked, and nothing is logged.

After upgrading to Windows 10 1709, I have a strange problem with incoming Remote desktop connection.

Whenever the computer restarts, no RDP connection can be made to the computer, until turn off remote desktop from system settings and enable it again (without changing any of the comodo firewall settings). Connection can be made without toggle the system setting by disabling Comodo firewall. Since I’m having the same issue on both my desktop and laptop computers, believe it’s some incompatibility issue with the new windows update and comodo firewall.

I tried adding global rule to specifically allow incoming TCP connection on port 3389, and enable svchost.exe on the incoming port, both has no effect on this problem. All other incoming connections are acting as expected.

This is really annoying, when you trying to make a connection to the office computer and realize the connection is been blocked. Please advice if there’s anything else I can try. Many thanks.

Hi unikly,
Sorry about that.

This is a known issue got introduced in last v6408 release.
We are going to release a hot-fix next week as stated here.

We will have RC version available by Monday, 20th Nov, 2017.

Thanks
-umesh

The registration and activation process here took some days, but I wanted to follow up on coolstorybro. I updated CIS to version 10.0.1.6294 this week and I also cannot connect to the PC via Remote Desktop anymore. I created a rule for the port, but nothing works. When I deactivate the firewall, i can connect again.

Hi umesh,

Thanks for the prompt reply and good news. Looking forward to the hot-fix update next week.

cheers,

Frank