uTorrent - problem after following the guide

I followed the guide (first post) https://forums.comodo.com/guides-cis/firewall-tutorial-for-utorrent-with-comodo-internet-security-t15677.0.html
Simply when I start uTorrent I get asked if I’d like to allow a TCP connection to IP 67.215… on port http(80) and only when I answer Allow+Remember the uTorrent will accept incoming connections later on (gree thick in the status bar, without Remember - exclamation mark, yellow). The problem is when I mark Remember option CIS will ad the infamous ANY ANY ANY ANY ANY rule.

Any suggestions?

I’m on VDSL modem.

What do you mean with the infamous any any any any rule? Can you show it?

It’s simple. When a certain program triggers CIS firewall question by asking permission to access a certain IP over a certain port and the user will grant the access with the option “Remember” thicked CIS will create a rule for that application allowing it any IP to any IP over any protocol.

I believe, that for the uTorrent guide, the two things that will stop CIS creating rules based on your Alert Frequency Level is having the Firewall in Custom Policy Mode and having the final Block-and-Log-anything-else rule in the uTorrent Predefined Policy.

edit: typo

My Alert Frequency Level is at Low and my mode is Safe mode, plus automatic creation of rules - disabled. I’d like solve my problem and keep my Safe mode setting. If it’s not possible I’m willing to switch to Custom…. I’m waiting for further instructions.

That’s never been a problem for me. I think those rules are fine.

So what’s the point in using the whole uTorrent guide. Let’s just allow it do anything (any any any rule).

OK, Safe Mode is what is creating the rules and the Alert Frequency Level is determining the level that they are created at (Any IP to Any IP in your case). You don’t need to alter the Alert Frequency Level, but you would need to change the mode to Custom Policy Mode. This basically tells CIS not to automatically create rules (important if you’re creating your own). Rule 6 in pand’s tutorial (the final block-and-log rule), blocks anything that you do not specifically have a rule for.

The inbound on HTTP (port 80) that you mentioned previously might have been another torrent user using, what are called, privileged ports (1-1024) and CIS (based on pand’s rules) trying to block them… which didn’t work because of the Safe Mode. However, if it was an outbound HTTP then it might have been a torrent tracker (they sometimes use port 80 and other privileged ports).

Some people believe this is safe. I think there is much debate on this issue during the later pages of pand’s tutorial topic.

I would really appreciate your advice on how to treat uTorrent for safety in a Safe mode as this is the case of most of the people I recommended CIS to.

Assuming you mean me, rather Dch48, I cannot sorry. As I explained, in Safe Mode CIS will automatically create rules at a level determined by the Alert Frequency Level. In short, you cannot create and use your own rules, as CIS in Safe Mode will automatically create rules that over-write/ride them.

In other words - while in Safe mode CIS cannot provide security to the user using uTorrent?

I didn’t say that. From Dch48’s post he obviously believes that the “IP any to IP any” (typical Safe Mode rule) is just fine. I guess that it’s a personal preference and it has been previously hotly debated. Some people trust uTorrent (and the P2P network), whilst others do not. I suspect one of the reasons for trusting P2P/uTorrent or not, can differ depending on the individual uses of P2P itself.

Let me rephrase it then - while in Safe mode (or when using ANY ANY ANY rule) CIS just grace trust to application that connects to a P2P network and expects that nothing bad will happen. It’s the way I see it and believe me, I’m looking forward to be proven wrong by at least a forum admin and not some random user.

The only options (that I know of) in this case are Safe Mode or Custom Policy Mode and since, from what you’ve indicated, you need to use Safe Mode… isn’t this question mute? Normal users would use Safe Mode, where as advanced users might well use Custom Policy Mode. Is using Custom Policy Mode an option for you? Would your users also be using something like PeerBlock? Also, as I said, the level of security that you require depends on what the users are using uTorrent/P2P for (to be clear: I believe some security measures try to prevent/mitigate legal bad things from happening). And I suspect that might not be within your control.

I know for a fact, that Egemen (CIS’ main man) would say that CIS in Safe Mode for P2P networks is just fine and that you are completely safe.

It really does depend on what P2P is being used for.

OK, so let’s forget about the custom policy mode. I only ask now how should I handle uTorrent (set up CIS) to keep me reasonably safe in… Safe Mode? :slight_smile:

In Safe Mode, other than answering CIS’ initial alert (remembered), I don’t believe that you or your users need to do anything. :slight_smile:

So I did as instructed - nothing. Thank you :slight_smile: I also take it that the ANY ANY ANY rule just created (without popup) will keep my system reasonably safe.

Of course I removed the custom uTorrent rule before I did the ‘nothing’.

Yes. The rule creation without an alert was most likely due to uTorrent being deemed a Safe Application by Comodo (in Safe Mode only unknown applications will generate an alert I believe).

If others feel that this inherently unsafe, then I’m sure they’ll say so (and why hopefully). :slight_smile:

Thank you again!

It looks like I still have some problems with uTorrent in Safe mode. When I start uTorrent I get the “OK” network status in its status bar but after a while an exclamation mark appears (“No incoming connections”). My firewall log shows thousands of blocked ICMP requests. Shouldn’t be there some sort of Global rules as we’re talking about incoming connections? If so, what rules should I create?