Hello, and sorry if Im in the wrong forum as Im trying very hard to post a question in the Firewall forum(help for V3) but there is no “New Topic” button to start a new thread :(, so am posting here as a last resort. Now, the main problem.
When I try to access some sites, I keep getting blocked. The application being blocked is “Windows Operating System”. The only way I can get round this is to make a rule in "Network sucurity policy: “allow all outgoing requests”. My main problem with this is, by allowing “Windows operating system” all outgoing requests, is this safe, or failing this, can anyone suggest a better solution.
I am really sorry about posting deliberately in the wrong Forum, but because I cant locate a new topic button in the Firewall forum I have no choice, also, if a Moderator decides to move this post, please bear in mind, Ive already checked and I cant locate a “Reply” button either,(its not the first time Ive had this problem) so this is the only way for me to post here 
The ‘Help for V3’ board is an outdated and archived board. It, along with the other archived boards, are closed and are only there to help users who have a common question which might have already been answered on that board. The new CIS board is the one ganda gave the link to above, but your post has been moved there already.
ow great, now the OP will be looking for this topic 88)
;D
Ok ;D thanks for pointing me to the right Forum, now, can anyone help me out with the issue, thanks again, Techdunce 
Hi.
A couple of things:
- Which application are you using to try and connect? (A browser)
Could you post some screen shots of your firewall rules, both Application and Global.
Hello Toggie, and thanks for the reply. Yes its a browser thats being blocked, Firefox 3, and its only started recently. Am not sure how to post screenshots, as for the rest, am running XP SP3, with Comodo 3.9. The connection being blocked is to rapidshare mostly, but a couple of others too. The only way to fix it was to make the rule in Network Security Policy: “Allow all outgoing requests” for "windows operating system:
Thats pretty much the only rule apart from the standad and custom rules, Ive put in there, but Im wondering, if I have to allow all outgoing requests, then its not much better than windows built in Firewall, or am I wrong(wouldnt be the first time ;D )
Im gonna be in and out all day, so will get back soon as possible, but thanks again, Techdunce
EDIT: Ok, a couple of screenshots
http://img194.imageshack.us/img194/8425/screen2n.th.jpg
http://img29.imageshack.us/img29/8564/screenshot3gac.th.jpg
The first one shows the new rule, and the second one pretty much captures the rest of the window.
Thanks again, Techdunce
A few things. You don’t appear to have a rule for svchost, which is likely causing a number of problems, one of which will be DNS qureries.
Looking at your rules, I would suggest you consider making them a little less liberal. providing a single rule that allows IP out to everywhere is not the most secure way to do things.
I notice you have a rule (third one up from the bottom 9in the larger picture) It doesn’t appear to be associated with an application. You should investigate this.
Would you be able to post a screen shot of your Global rules please.
Hello Toggie, thanks for sticking with it. First off, is this the “nothing” rule you mentioned:
http://img196.imageshack.us/img196/9885/screenshotoif.th.jpg
Here’s a screenshot of Global rules, they’re pretty much untouched (I dont mind admitting, Firewall’s defeat me :-\ )
http://img3.imageshack.us/img3/4629/screenshop5.th.jpg
As for “tightening” up existing rules,might need lots of help with that, or at least a few pointers.
Thanks again Toggie, I gotta go out now but will definitely check back soon as possible, appreciate your help, Techdunce
That’s the one. Personally, unless you know what it is, I’d remove it. It could be anything or nothing, but better to play safe.
Your Global Rules are fine, no problem there.
As for "tightening" up existing rules,might need lots of help with that, or at least a few pointers.
No problem, please feel free to ask as many questions as you wish.
There are a couple of things you can do immediately.
- Create a rule for svchost.exe
In Application Rules click Add/Select/Running Processes/svchost.exe
Click Custom Policy/Copy From/Predefined Security Polices/Out Going Only.
This will create a basic rule for svchost, which can be adjusted later.
- In Application Rules, Right click on firefox , select Edit then Copy From/Predefined Security Polices/web Browser. You can do the same for IE too.
Again this will get you going, it can be adjusted later. It also will allow us to capture events in the log file.
Hey Techdunce, you can also remove the following entries from Network Security Policy/Application Rules
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
C:\Program Files\Windows Media Player\setup_wm.exe
Also it would be a good start if you gave your applications the pre-defined policy “Outgoing only” and Remove the entry for “Windows Operating System”
The reason for this is that if the Firewall blocks something it allways gives it the definition Windows Operating System if there is no specific rule that triggers the block.
Try doing as Toggie suggested with regards svchost, setting Firefox as web browser etc, then see what happens. If it still fails it might be an idea to show us a screenshot of the logs when trying to connect.
Matt
p.s. You can also hit Purge in Application rules which will remove any defunct rules
Ok, I think Im up to date with instructions so far, followed your instructions Toggie, and removed everything to do with Windows Media Player as I uninstalled it about a weed ago, so a bit of housekeeping was in order there anyway :P0l
Thanks for the offer to “feel free to ask questions” (you may regret that yet ;D )
Deleted the rules Matty_R mentioned, thanks for that,and to Toggie.
One question just to get the ball rolling, do I need to make rules for every application, or when making rules for any sample app, do I need to define ports for outgoing and incoming, Im just thinking this could be a huge learning curve Im going on.
Thanks again to Toggie and Matty_R, Techdunce
There are a number of factors involved in dictating how much involvement you have with creating rules, not least of which is your interest in doing so.
First thing to do, is check how things stand now. Open the Firewall/Advanced and select Firewall Behaviour Settings.
There are two tabs here, General and Alert. I suggest you take a quick peek at the help for these two tabs. just click on the ‘What do these settings do’ link at the bottom of the dialogue box. Getting these settings right will be an important factor in what follows.
Also if you wish to show any screen shots, you don`t need to use an external source. Just click on “Additional Options” then browse to pic and double click. If you have more than 1 just click more attachments.
Matt
p.s. Have you had any luck with the problem since changing Firefox to web-browser policy?
Hello again, wish I could say changing the rules for Firefox worked, but it hasnt, what I notice is, once a site gets blocked, then more follow. The block, or blocks shows up in “events”, but, if I exit comodo, I still cant connect, unless I reboot, then I can get some access, weird eh. Question, is Comodo logging events it blocks, or events that are blocked by it or anything else, just a thought.
[attachment deleted by admin]
As you can see, it still reports “windows Operating System”, again, I dont mind admitting, Firewalls defeat me, thanks again, Techdunce
EDIT: Ok, dont want to cause too much confusion here (yet ;D ) but went back to rules, and as it happens, I didnt change all rules to custom/predefined/allow all outgoing, as Matty _R suggested, have done that now, everything except Firefox and IE, and accessed problem sites no problem (if it was just the one I might put it down the a problem their end) will definitely keep an eye on it though and let you know how it goes. Also, posting new rules, just to be sure, big thanks again, Techdunce
[attachment deleted by admin]
Are you using a router?
Yes, Wireless router (zyxel) got it for free, so I use it, Firewall is turned on but I dont mess with it much (I think you know how I feel about Firewall’s by now ;D ) and havent made any changes there since I switched the Firewall on, about a year ago. Also, it doesnt seem to be “feature rich” thankfully
Do you think my rules are “safe enough” for the moment, or do I need to do a bit more tweaking. Again, help is much appreciated, Techdunce
Sounds like everything is working now?
You might want to change the rule for System too…
System, that one must of slipped by me ;D Thanks again for all your help, you just know Im gonna be back with lots more problems/questions, but in the meantime thanks loads to you Toggie and Matty_R, Techdunce