In Outlook Express, on Windows XP Home Edition, while sending E Mails with attachments (scanned in questionnaire sheets), the downward moving red arrow is showing constantly and I hardly see anything of the green arrow, except just before the send actually starts.
Doesn’t the downward moving red arrow indicate that something is being brought DOWN from the Internet?
Doesn’t the upward moving green arrow indicate that something is being SENT UP to the Internet?
If that is the case, why, while sending a 300K attachment (outgoing) in an E Mail being sent (outgoing) does the red arrow do its thing practically all the way through doing that?
As I understand it, Green is Out, Red is In. If you watch the Connections under the Activity tab (in CFP) that will show you how much is In versus Out.
If you want more detailed reporting, at the present, then your next step is to find a utility that monitors how much traffic is occurring in real-time, graphing/charting/etc that activity. In that area I have no recommendation for you…
It’s also possible that it’s showing incorrectly, or that we are misunderstanding the directionality of the traffic…
Well, given that, during the sending of a long, outgoing E Mail/attachment, it’s showing the arrow for the incoming data notification, the software is clearly misreading what is going on and that amounts to being a bug, I’d guess.
If a firewall’s tray icon is mistaking outgoing data for incoming data, where else in its code is the firewall likely to be making that same mistake?
If the software is misreading what is going on during just the displaying of the arrows, where else might it be mis-identifying uploads as being different from downloads, and vice-versa?
I just turned my tray animation back on, and sent a 5MB file. I did not notice any inconsistencies. I also had CFP’s GUI open to Activity/Connections, and was watching the Bytes columns. Again, no inconsistencies.
Here’s something though; I’m not using an active email scanner. If you are, this can be adding to the situation, as the email proxy that the scanner sets up will add to the traffic count. It should also be noted that while you are sending email outbound, your email client will be communicating with the server separate from your transmission; thus you will show inbound as well.
Also be aware that the tray animation is not just showing In & Out traffic for your email client, but for your entire computer. If your browser’s open, information is being transferred. Your system is transferring information to and from the DNS/DHCP servers used to keep your connection active. Other applications may be performing automatic updates in the background. Without using a traffic-monitoring utility, you may not be aware how much traffic is going back and forth, and being used by what applications. Barring that, your best indicator is to watch the Activity/Connections page in CFP.
As to the details of it, I’ll let the Comodo team answer with any specifics; that is their department, after all…
No active E Maill scanner. I use Avast with the E Mail part turned off.
No background updates ongoing.
CFP is the 4th firewall I’ve installed/used and none of the others showed the slightest sign of this happening.
This is a matter of (and maybe for) genuine concern.
I’m still curious about where else in the operation of CFP such mistaken identity can take place?
If it IS possble, does this indicate a fundamental flaw in the way CFP keeps track of whether data is outgoing or incoming on a larger scale within the workings of the firewall, globally?
While I can see that the Tray icon may be too superficial an item to accurately represent the true intricacies of two-way traffic between my machine and the Net, it still seems a touch odd that it could show ONLY INCOMING (red, downwards) flow recognition all the way through a 334k outgoing E Mail attachment…twice.
You’re currently reading a post from somebody seriously challenged in such an area as understanding network traffic and firewalls and my curiosity may be seeded from a lack of knowledge…I happily acknowledge this possibility.
I really don’t think CFP is misrepresenting the traffic flow; I think you don’t realize exactly what traffic is happening, and the full potential thereof. That’s not a slam on you, by any means.
While you are doing such a file transfer, please open the CFP GUI to Activity/Connections, and watch the traffic flow there. I think you’ll have a little better understanding that way. I’ve attached a screenshot of mine. Note all the Firefox connections - that’s with only three tabs open. Only one instance of Outlook. There’s more going on than meets the eye…
I understand your concerns about what traffic is moving in what direction, and how that’s reported. I assure you that I have not seen such an issue; if your traffic in the Activity/Connections is showing incorrectly (verifiable by a packet sniffer), then something apparently interfered with the installation of CFP in the first place.
I would then advise completely uninstalling CFP, cleaning the registry of any rogue entries, rebooting again, turning off all other security software (AV, AS, HIPS) to avoid further conflicts, and reinstall CFP.
As stated before, the Development team is best suited to answer the question of details about the traffic count; please let them respond before making any conclusions.
Just to reiterate, only the red incoming arrow in the tray icon shows when sending mail with Outlook Express. This despite both incoming and outgoing activity as shown in attached screenshot.
(msimn.exe - Bytes In = 105.278KB; Bytes Out = 4.841MB
svchost.exe - Bytes In = 0B; Bytes Out = 684B)
Many may not have noticed this unless a largish attachment is involved and an eye is kept on the tray animation. Am using Proxomitron but this only applies to http traffic. Am also using frontgate mx but this only checks incoming mail which is confirmed by my Activity/Connections display. The above shown activity was only during sending mail and only the red arrow was shown for the duration of sending. Will now need to watch closely what happens when receiving mail.
In your cases, green should seem more than red. As outgoing traffic seems much more compared to incoming. Yet there are some cases such a case can occur but i dont think any of them would be applicable for you.
Can you disable the local proxy and tell us the behavior change? Btw, a new tray icon is coming according to our users feedback. It will also show the traffic rate instead of in/out breakdown only.
Have disabled local proxy - no change. (There shouldn’t be as it is only for http protocol).
Besides the OE anomaly the tray icon animation works fine.
