And these are applications you have in your Application Monitor, correct? This causes CFP to give you an alert; the reason - the way the allowed application is trying to connect does not fit the criteria established by the Network Monitor rules.
I’ve been through these in some detail, to make sure how they work. If you turn Network Monitor off, then Apps listed in the App Monitor can communicate in accordance to those rules. But with NM on, apps that are Allowed but are outside of the NM rules will cause an alert. Apps not Allowed (not in App Mon) will not cause an alert; the NM will just block the connection attempt (this refers to a connection attempt that is not in line with NM rules). There will be no Application Monitor entry in the logs in this instance; just a Network Mon entry. If an App that’s not allowed in the AppMon (such as a newly-installed app) tries to connect (in a way that’s allowed by the NM rules), you will get an Application Alert to allow to deny.
Hope that makes sense. If yours doesn’t work that way, IMO, there’s a problem. For instance, let’s say you open an IM program that wants to use IGMP. You don’t allow IGMP in your NM rules, but the application is allowed in the AppMon. IF that application is able to send outbound IGMP without your express permission, then “Houston, we have a problem.”
I’ll look into it when I have some spare time on my hands. Right now I’m rather swamped…
To explain my point: I have an app that is allowed access through the AppMonitor, but is explicitly denied access in the NetMonitor for test purposes. Still it gets through ???
That’s definitely a problem… AppMon does not trump NetMon (unless NetMon is turned off…). If it were to do so, then it wouldn’t be any different that Norton, McAfee, etc (ie, USELESS!).
In my experience with CFP, there’s got to be a rule allowing the app access out. Remember that even tho’ you have an explicit block in the NetMon, that rule has to come b4 any rule that will explicitly or implicitly allow it.
In other words, let’s say for example that Rule ID 0 Allows Out TCP, Any Source/Destination/Port. Rule ID 2 Blocks TCP Out, Any Source/Destination, Port 362 (and that this relates to your app). Your app will be allowed because of rule order. If you move ID 2 up to ID 0, and the app uses Port 362, then it would be blocked. However, if the app used a different port than given in your rule, it would still get through.
Unfortunately (from a user standpoint) in CFP you cannot “link” an Application Rule directly to a Network Rule so that the Application is “forced” to use that rule.
I’m interested to hear more about your situation. You can PM me if you want.
I love Windows Vista but unfortunately Comodo Firewall doesn’t support it. The Vista Firewall passed all the ShieldsUp tests except for blocking incoming ICMP Echo Requests. I wonder if anyone knows how to configure Vista Firewall to block them.
Do you know any free firewall that is Vista compatible?
I correct what I posted earlier. Windows Vista Firewall does pass all the ShieldsUp tests. We have to uncheck our browser in the Firewall Exceptions tab.
It is rather peculiar indeed, Little Mac.
As I said, I haven’t debugged this properly, and I suspect I won’t have time to either. I’m probably gonna reinstall my laptop from scratch, and sandbox my corporate framework. There’s too many badly written, internally developed apps currently running. And I have managed to exploit atleast two of them and this was several months ago. Still no feedback from Internal Corporate IT… sigh
The apps are now prevented from running, which makes my laptop rather flaky. Gonna try Vista and await the CFP 3.0b.
Wanna go whip the dev. team for me?
I’m waiting for the Beta too. However, the Vista Firewall is much better than XP’s. If you select “block all incoming connections” it will pass the ShieldsUp test.
Well, at least you can tell it to block incoming connections. But IMO, you shouldn’t have to; it should do it anyway!
On a side note, if anyone has seen the Mac commercials released in the US, I love the new one regarding Vista and its security protocols. Hilarious! Maybe they have 'em on their website, I don’t know.
LM
Edit 2/26/07 - here’s the mac commercial; “Security” is the best one, IMO Mac - Apple
I’m back after a long absence from this forum as my new Vista computer cannot use CFW all these months. Now, the latest beta seems to working fine although there are some bugs and it is rather slow to start up and react.
I set the Global Rules based on your Reply #16 in this posting. Could you take a look at my settings in the attachment and let me know whether there are any conflicts?
Could you also tell me what the following items mean (it came by default when I installed CFW 3):
Allow Incoming ICMP Packet Lost In Transit Replies
Allow Incoming ICMP Fragmentation Needed Replies
Allow Incoming TCP/UDP Connection Requests.
CFP is still in its BETA stages, so everything isn’t ironed out yet. Please keep this in mind when using the BETA product
As for your queries about ICMP, it’s just how you allow the ICMP suite to reply to certain events. The two you mention basically means that ICMP sendt a notification to the source whenever the ICMP packets are lost or dropped before reaching you (the destination) or when the packets are too big and needs to be resized (fragmented).
As for the TCP/UDP request, I’m a bit unsure why it’s listed in there. Try looking it up on the BETA thread and see if it has been answered by any of the Devs. Chances are it already has
Good luck on testing the BETA. Please feel free to post any findings/shortcomings/bugs on the BETA feedback thread.
Charlie, egemen gave an explanation about some of the current beta’s functions, and suggested moving leaktest applications into one of the “unsafe” categories. I don’t remember exactly, whether it was the “Lockdown” or “Pending” lists. That way they won’t be automatically allowed under the “Learn” modes for files previously on the system. Might play with it a bit.
In Reply #35 of this post, you confirmed you entered [mycomputername] instead of Any because you don’t want to receive traffic meant for other computers on your LAN. But [mycomputername] exists in CFP 2 but not CFP 3.
How do I configure the Global Rules to achieve the same result in CFP 3? I tried entering my computer’s name as a Host Name but it doesn’t work.
