Remote Desktop

I’m having a problem with Comodo version 3.0.13.268 blocking inbound Remote Desktop connections even though there are rules allowing. When I look at the firewall log, I see the problem.

It appears Comodo is ‘sensing’ the remote desktop connection in reverse. That is, the source IP and port are really the destination IP and port, and vice versa.

Therefore, the rules never match on the IP address or the destination port of 3389. This is a problem!..

MM

Can you post the screenshots of you Firewall log, Global Rules, and Application Rules for svchost.eve?

192.168.64.10 is my desktop, the one initiating the Remote Desktop Session (RDS) to 192.168.64.100 (Laptop) running Comodo Firewall.
Notice how the Source IP is not correct. The log shows .64.100 (Laptop) as the source IP but the RDS is being started by .64.10 (Desktop). Also, the port info is reversed. The Desktop is initiating the RDS on port 1731 and the destination is the Laptop on port 3389. That is not what shows up on the log below.

12/10/2007 12:06:29 PM System Idle Process Blocked 192.168.64.100 3389 192.168.64.10 1731
12/10/2007 12:06:32 PM System Idle Process Blocked 192.168.64.100 3389 192.168.64.10 1731
12/10/2007 12:06:38 PM System Idle Process Blocked 192.168.64.100 3389 192.168.64.10 1731

My Global Rules: (Home Wireless has the IP address for my router and all computer on the wired/wireless network; Home IP Address is my WAN IP)

Allow TCP or UDP In/Out From In [Home Wireless] To In [Home Wireless] Where Source Port is Any and Destination Port is Any
Allow TCP In/Out From IP Any to In [Home Ip Address] Where Source Port is Any and Destination Port is 3389
Allow IP Out From In [Home Wireless] to IP Any Where Protocol is Any
Allow IP In From In [Home Wireless] to IP Any Where Protocol is Any
Allow ICMP Out From IP Any to In [OpenDNS] Where ICMP Message is Any

SVCHOST.EXE Rules
Allow IP Out From IP Any to In [OpenDNS] Any Where Protocol is Any
Allow IP In/Out From In [Home Wireless] to In [Home Wireless] Where Protocol is Any
Allow UDP In/Out from IP Any to IP Any Where the Source Port is In [67-68] and destination port is in [67-68]
Allow TCP In/Out from IP Any to IP Any Where Source Port is Any and Destination Port is 80
Allow UDP In/Out From In [Homw Wireless] To IP ANy Where Source Port is Any and Destination Port is 1900
Block IP In/Out from IP any to IP any where protocol is Any

I Also have the following rules for the RDS Program (MSTSC.exe)
Allow TCP Out from IP Any to in [IP Home Address] Where source port is any and destination port is 3389
Allow TCP in/out from In [Home Wireless] to In [Home Wireless] where source port is any and destination port is 3389
Block and Log unmatched request

Please take a look at this: http://support.microsoft.com/default.aspx/kb/306298 (Description of the Windows Messenger Reverse Connection Process Used by Remote Assistance)

Does it apply to your situation somehow?