Security Policy Fails to take effect.

Hello, I am running CFP v. x64 on Window Vista Home Premium x64. Whenever I go into the Network Security Policy window and define a Global Rule, Comodo completely ignores it. For example, I’m attempting to stream media to my XBOX 360, and I have told CFP in just about every way possible to allow it in (specified IP address, ports, protocols, etc.). However, when I apply these settings, nothing happens. My 360 still fails to connect. Upon further investigation, I see a whole slew of blocked incoming connections from the 360 in the Firewall Events logs, blatantly contradicting my rules that I’ve specified. The only way I can get my 360 to connect is by disabling the firewall altogether. I’ve tried restarting my computer, but it doesn’t help. I have also defined my 360 in the Stealth Ports Wizard, meaning that it should be able to see it without a problem. However, looking back to the logs, it continues to deny it access, in blatant disregard of any rules or policies I (or itself for that matter) have defined. Any help would be appreciated! I like this firewall and want to stick with it, but if I have to disable it everytime I want to grant something access, it no longer becomes useful. Thanks.

The only thing the global rules do is allow data to pass to or from the application rules. Or block that data. You need the specifics in a set of application rules.


Can you please post screenshot of related block entries in the log.

Actually, that is not true. When you click on the “What Do These Settings Do?” help link at the bottom of the network security policy window, it says:

“The ‘Global Rules’ tab allows users view, manage and define overall network policy that applies to your computer and is independent of application rules.”

Here’s a screenshot of the log blocking the IP address (which I’ve highlighted), along with the list of policies to the right of it that it is violating.

[attachment deleted by admin]

Do you have any values specified under “destination address” “source port” and “destination port”? Or they are set to “any”?

Can it be by any chance that your XBOX comes from some number of IP addresses which are shown on your screenshot (as all of them come to one port and are related to one process)?

If you uncheck everything under firewall->advanced->attack detection settings (6 options), create network zone which cover all needed IPs and change that global rule for XBOX to allow/tcp&udp/in/[zone: XBOX]/any/any/any do you still experience same problems?

Those additional values were set to “any”. Also, each device on the network (I happen to be on a school network) is assigned one IP address, so the address highlighted belongs to my 360. Chances are, those other IP’s attempting to access through the same ports are other 360’s, as several of them exist on the network. I deleted all of those rules I had, and created that new rule you described. I also went through and re-did the stealth ports wizard to allow that zone in. However, it is still blocking it.

First of all, do you have this issue on latest CF v3.0.18 (use Stealth ports wizard to make your XBOX trusted network)?

If so, did you try this:

Another thing to try: add rule for “system” under application rules manually to allow incoming traffic from your XBOX, move this rule above any block rule.

If issue is still here pls export your configuration, delete all global rules, add “Windows Operating System” to application rules (if it is not already there): add->select->running processes and set 2 rules for it:

What are results?

It’s kind of odd, but I got it working. Adding the rule under the “system” application failed to produce results. However, if I made my own rule for it for “All Applications”, it started working fine. So it must have been needing access to another application. Either way, it’s working now. What I don’t understand, though, is why those global rules were failing to do anything? It shouldn’t have been blocking it the way it was. Anyway, thanks for your help!