Receiving remote connect attempt popups on non trusted network, why?

We have CIS 5.4.189822.1355 installed on a fully updated Windows XP Professional system.

Trying to find out why machines on the Internet are able to see services on the machine and attempt to connect to them, causing countless Comodo pop-up messages.

A short time ago, I instructed the user of the machine to remove all of the network connection build-up as the client’s USB based Internet connection creates a new Comodo firewall interface as they get a different IP address each time they connect. They had a build up of about 400 networks.

We left only 127.0.0.1 and their trusted LAN connection in the list of networks.

No new USB Internet networks have appeared in the list since that purge was done.

Yet countless remote connect popups continue to appear.

Why is it that these remote connection attempts are even presented since clearly the USB Internet connection is not in the list of network zones? Is there an additional place to define trusted / untrusted networks that we are not seeing?

In Global Rules we only have the Comodo default blocks, and allow rules for their LAN / VPN.

Is remote connection sharing turned off in XP?

Yes the default desktop sharing was turned off.

We install VNC to be able to provide remote support over the VPN connection. Global rules accommodate that.

But this system is remote and NOT connected to the VPN.

Thus I question why the user is getting all of these nonsense popup boxes since they are connected to an untrusted network.

It sounds like you are using the default Global Rules. They work fine when the user is behind a router. The router will filter the unsolicited access request that come from the web.That leaves basically only traffic from the LAN will ask for access to your computer. That is not web for most users.

BUt in the case where only a modem connects to the computer to the web the user will see the “background noise” of the web.

Best thing to do is to set CIS to stealth setting using the Stealth Ports Wizard. Choose option 3: Block all incoming connections and make my ports stealth for everyone.

Also make sure Automatically Detect New Private Networks is disabled.

Is the system free of malware? I ask that because if he had 400 connections defined at one time, a lot of bad guys could have slipped through.

@EricJH: Is reconfiguring the system with “Stealth Ports Wizard” non-destructive to their normal home / VPN connection? We need one mode of networking from home, another mode while on remote dial-up USB wireless, and a similar “also untrusted” mode if they happen to jack in to someone else’s Ethernet.

@DonZ: Yes we scan the machine regularly. The user never checked the check box to trust other computers on the new network interface being created / added, thus no Global trust rules we inserted for them… only the fact that “Comodo has detected being on XYZ subnet” on the networks tab.

BTW: Odd that clearing out the list somehow stopped Comodo from re-adding them… almost as if Comodo remembers it announced the new network once, realizes it got deleted by the user, and now will not re-add the network.

Is reconfiguring the system with “Stealth Ports Wizard” non-destructive to their normal home / VPN connection? We need one mode of networking from home, another mode while on remote dial-up USB wireless, and a similar “also untrusted” mode if they happen to jack in to someone else’s Ethernet.

As I recollect when changing exisiting settings by running the Ports Wizard, it will replace existing global rules with new ones. So I would make a note of any global rule modifications you have in place. That will allow you to manually reenter them after you run the wizard.

You can also “export” or save your Comodo current configuation. Note that this backs up all Comodo settings; not just the firewall settings. Note that the export file is used for later restoring your current Comodo configuration. I know of no way to “view” the export file for current settings.

PUKE!!! ???

Comodo adds Global rules to allow trusted LANS. I was assuming that if it was not specifically allowed, it was denied. Is that not the case?

So we back up the settings required for LAN/VPN access, then run the wizard. What types of rules is it going to magically add. Like I said, I was under the impression that it was “block by default, add rule to allow”.

That makes is very cumbersome to switch between home trusted LAN and mobile untrusted connections.

I noticed in the Admin UI a “Manage My Configurations” area. Can that somehow be used to create a Home and an Away configuration?

When you change the global rules as I described the basic rules change. Adaptations you made for Global Rules, for example for your VPN, will stay in place.

[at]DonZ: Yes we scan the machine regularly. The user never checked the check box to trust other computers on the new network interface being created / added, thus no Global trust rules we inserted for them... only the fact that "Comodo has detected being on XYZ subnet" on the networks tab.

BTW: Odd that clearing out the list somehow stopped Comodo from re-adding them… almost as if Comodo remembers it announced the new network once, realizes it got deleted by the user, and now will not re-add the network.

That must be related to the use of networks one way or the other. I cannot give a defnitive explantion without more information. Did you disable the alert for new networks I described in the above?

The default stealth settings I gave are the most secure as they will block all incoming traffic unless allowed by an exception.

As I recollect when changing exisiting settings by running the Ports Wizard, it will replace existing global rules with new ones. So I would make a note of any global rule modifications you have in place. That will allow you to manually reenter them after you run the wizard.
Don't worry. It will change the basic rules but will leave adaptations made by the user.
You can also "export" or save your Comodo current configuation. Note that this backs up all Comodo settings; not just the firewall settings. Note that the export file is used for later restoring your current Comodo configuration. I know of no way to "view" the export file for current settings.
It is stored in xml format. You can view it with any editor. [quote="mdlueck post:8, topic:269106"] PUKE!!! ???

Comodo adds Global rules to allow trusted LANS. I was assuming that if it was not specifically allowed, it was denied. Is that not the case?
[/quote]
If you set up a trusted LAN in Global Rules then changing the basic rules with Stealth Ports Wizard will not change that.

So we back up the settings required for LAN/VPN access, then run the wizard.
DonZ is not on the right track here. Backing up settings has nothing to do do with your problem.
What types of rules is it going to magically add. Like I said, I was under the impression that it was "block by default, add rule to allow".
Making a backup is not doing anything. DonZ is not on the right page here.

The default settings of CIS will alert the user when an unsolicited request for access happens. If you want default stealth you need to use the Stealth Ports Wizard as I described in the above.

That makes is very cumbersome to switch between home trusted LAN and mobile untrusted connections.

I noticed in the Admin UI a “Manage My Configurations” area. Can that somehow be used to create a Home and an Away configuration?

You are very warm here. The only way to make separate settings for Home and Away is by making two different configurations.

To make an extra configuration for let’s say away choose to Import a new configuration. Navigate to the Comodo Internet Security installation folder and import either the Internet Security or the Proactive Security configuration. Give it an appropriate name; let’s say CIS - Proactive Away.

You now have a clean configuration that you can totally adapt to be secure when away. Notice you are starting from scratch here which can be a lot of work if you heavily use custom rules.

Indeed the “Automatically Detect New Private Network” check box had gotten unchecked. Thank you for pointing out why that was happening. ;D

And thank you for your concise steps to utilizing profiles. Indeed leaving the current settings for “home” mode and creating a new “away” mode seems logical.

The order of ops I will suggest is:

  1. Make a configuration backup
  2. Make a new “away” configuration
  3. Switch to the “away” configuration
  4. Put in the bare necessity Global Rules
  5. Run the “Stealth Ports Wizard”

Does that sound correct?

That is correct.

Thank you so much! I will send the instructions to this person.

This person did the above suggested steps, and now reports…

Is there something in the Comodo settings we changed that would start gobbling up my bandwidth? I am suddenly sucking up twice the bandwidth each day. I personally and the computer apps I am implementing are not sucking this bandwidth. The only thing I can figure is Comodo.

In 3 hours when I am only working on email but have several
web browsers open I am using over 120 mb !!! Usually it is
in the neighborhood of 40 megs. This has been going on ever
since we changed the settings.

This will severely hobble my ability to be online.

We did not expect this sort of a reaction to performing the steps.

Please advise.

That sounds like the bases.cav of the AV is corrupted. Best thing to do is to manually download and install the bases.cav as described in Where can i download the latest full AV database?.

After putting the latest full bases.cav in place there will be only some incremental updates.

Success reported from this person…

Replacing the basis.cav file really made a difference in bandwidth usage. Thank you for helping me through the process.

Thank you for your help with the sudden spike in bandwidth utilization.

I will confirm that the pop-up’s have also quieted down.

Feedback on my inquiry about the five steps listed above:

I have not done the 5 steps yet and I also have had no popups.

Why would this be? (shrug)