I used happily Comodo firewall V5 with the exception that I had to live with the fact that I had traffic (outbound) I could not controll with Comodo. Well, I thought it must be my lack of understanding the software or something else that I might have induced.
So, I updated to V6 of Comodo firewall since I could not find a rule set that might have been the culprit of my issue.
Thouh I knew about some problems in the past of the firewall and Avast AV since that used a local proxy technique and routed traffic into the internet without Comodo being able to see it or filter it. However, that problem was in Comodo V5 and an older Avast…
Now, with Comodo V6 I hoped that this huge problem would be solved.
I just freshly installed V6 and noticed that there is still traffic that can go to the Internet without Comodo noticing.
The culprit is the local proxy software Proxifier. I have it set up to allow applications to access the net directly and I set up some rules to lead some application through a socks5 proxy.
These applications are not filtered by Comodo Firewall 6.
The reason could be that Proxifier works at a lower level than Comodo but, hey, can this still be in the year 2013?!
There shoud be no way for any (MI6 or Mossad or whatever code to work on a lower level than the desktop firewall even though this is free software
So, all in all, I still believe that it is my misunderstand of how to set up the Firewall correctly. As said, it is freshly installed with default settings as far as I can tell.
However, I set up the firewall to use my custom settings though there are none at the moment…and the HIPS is deactivated since Avast 8 is running.
What it the proper setting if there is one I can use or must use to filter the traffic of my local proxy software?
According to egemen CIS filters are the lowest level (NDIS) and the problem with Avast is that it filters somewhere a bit higher. The same probably applies to Proxifier.
I will try my best to see whether I can find a way to circumvent my issue. If you know already a way how we could possibly force traffic of this kind with Comodo 6 I think you already would have done so. If not please be so kind to answer once again
I thought may be it is possible to use a rule (global one ) that makes anything that wants to go through 127.0.0.1:9051 (TOR in my case) to trigger an ask rule. That at least would help me if that idea with relation to Proxifier makes any sense.
I never ran the Comodo browser and therefore there should be no rule …
Since the firewall setup is pretty fresh and I did not commit any changes I must say that I can not tighten my traffic or at least monitor, filter and control with Comodo Firewall as I would like.
I think this is still a litte problem as it was with Avast days past but hey, this is a fresh install with Comodo’s preset and an easy ‘traffic bender’ can bypass all my security - ehm you know what I mean felt security.
But I still hope it is just my lack of knowledge how to set up things!
Is my question already tagged and understood as being answered by the moderators and I have not noticed that or is it an issue no one wants to talk about`?
Proxifier is a tiny tool and I bet the applied technique is nothing special so any one could bipass Comodo firewall if Comodo can not filter a local proxy layer.
At least I will not go so far to declare that however I can not make the firewall to monitor this traffic so I am asking for help.
I can tell that Comodo V6 can monitor this 127.0.0.1 port 9050 traffic and block it if I make use of a GLOBAL RULE. But a normal rule set nor a rule on the application level does block or pop a pop up for it?!
It’s neither an issue that we feel you have been given an adequate answer to, nor is it an issue no one wants to talk about.
We moderators are users just like yourself that help to moderate the forum. We can’t answer questions that we don’t have the answer for.
This issue was reported by the developers to be fixed prior to the release of version 6, but there have also been reports from users like you that this issue still persists.
If you’re worried about this being a possible method to bypass the firewall, it’s really not because only trusted applications are allowed to set up a proxy connection.
thank you for your honest words. I must say sorry since I really forgot about the function of mods. It is so easy to think that mods are part of the dev team or so but you are totally right. So, please be my pardon.
I understood all you said except the last sentence. In my case with Proxifier it is true that I trust this program since I installed it and I set up the proxy rules. My problem is that any process can go right through the proxy into the net that has no appropriate rule in Proxifier. I can not set up rules for all processes in advance. That is the reason why I would like Comodo to monitor all as it is supposed to do and to pop in…
So, I would notice that a process wants to go through the proxy. This is not the case and I can not tell that only trusted once want to otherwise I would not run a desktop firewall.
FYI: Proxifier sends all traffic through TOR or whatever except those I do want to connect to the net directly (banking soft as a example). That does not mean I want to allow malicious code to travell through TOR or whatevcer to its destination. So, I want to control it via desktop firewall but Comodo does not make it possible via default settings (so it is open like a ■■■■ barn) nor am I able to make it happen.
Only a trusted application is allowed to set up a proxy connection. Meaning, the connection that Proxifier set up was allowed because you trusted it. An unknown application will not be able to set up a proxy connection like this.
I did not mean that other applications would not be able to connect to the internet through the connection set up by Proxifier.
I got it now. Sorry I hadnt the time to do any further reading in between.
Now I read through the Avast’s forum (Netshiel issue - the same as here with Proxifier) and the good work of Radaghast here on the forum who made public aware that there is this huge issue with Comodo V5 V6 and at least Windows 7.
The problem is as you said that if we allow such a tool with these proxy-tunnelfication^^ abilities deliberately or not that Comodo can not control any application that travels right through this anymore.
So, it may be no problem if we know that our computers are clean. But this is something most of us will never know
If there is any harmful software on it it can go outbound as it likes through
Avast’s Netshield, Proxfier, or any other coded ■■■■■■ stuff that looks pieceful but has hidden these proxy-tunnelfication^^ abilities. Remember how long it took until Radaghast made clear that this hole exists.
In a nutshell, interested people can read that there are desktop firewalls that do not show this issues and are tight. My understanding is that Comodo wants to offer a firewall for Windows 7 it has to change its code.
code to work on a lower level than the desktop firewall even though this is free software 