Viewing blocked incoming attempts

I just switched to Comodo from Zonealarm. In zonealarm, it blocked many things and showed them all in the log. The firewall events only shows the 2 outgoing items that I currently have blocked. I can’t find a way to view the blocked incoming attempts. Is there something that I’m missing?

Are you looking at View Firewall events or View Active Connections? Are you sure all Zone Alarm components are uninstalled? What OS are you on? What other security programs do you have running in the background?

Can you show us a screenshot of the Firewall events and Global Rules (Firewall → Advanced → Network security policy → Global Rules).

Looking at Firewall Events. zonealarm is uninstalled. XP Pro SP3. AVG and PG. Screenshots attached.

Yesterday I know that CIS blocked me from logging in remotely and I don’t see that logged anywhere.

I’m basically seeing the same issue as Knox.


[attachment deleted by admin]

I was afraid you had no traffic logged but that is not the case. What kind of alerts did you get from ZA that you don’t see here? Notice you are behind a router so the bulk of internet traffic will be blocked by the router’s NAT and firewall.

Yesterday I know that CIS blocked me from logging in remotely and I don't see that logged anywhere.
Can you describe the situation? What program are you using? What ports need to be open? What makes you think CIS is blocking?

I was seeing UDP incoming blocks (that’s the main reason why I switched from ZA). Before I added the “allow UDP in” rule, I was not seeing any alerts.

Using a VNC product. I know it was blocking because I forgot to add the incoming rule to allow VNC. Since adding it, now I can get in. But, I never got an alert about my failed incoming attempt.

I don’t see any incoming blocks. That seems strange.

It is kinda odd. Try the following.

We are gonna take a look to see if there are some old drivers of your previous security programs are still around. Go to Device Manager → View → show hidden devices → now look under Non Plug and Play drivers → when you see a driver that belongs to your previous security programs click right → uninstall —> do this for all drivers → reboot your computer.

When the problem persists make sure there are noauto starts from your previous security programs download Autoruns and run it.

This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting go to Options and choose to hide Windows and Microsoft entries and then push F5 to refresh.

Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.

There was one driver still there but it was disabled. Now its uninstalled. I went through some procedures to completely remove ZA from my system.

I intentionally blocked (and checked the log box) some known incoming traffic and it was logged in firewall events.

The only thing different with the VNC test was that it didn’t follow any allow rule or explicit block. Shouldn’t it log an incoming event that does not follow any rule and is therefore blocked? The only place that I see anything about this is MISC…settings…Logging tab.

I must still be in vacation mode as I overlooked something here; thank you Little Mac. The current Global Rules do not have log enabled.

To see all that also gets logged stealth CIS using the Stealth Ports Wizard. Go to Firewall → Common Tasks → Stealth Ports Wizard → Select “Block all incoming connections stealth my ports to everyone else” → Finish. Now look at your new global rules with a new block and log all rule at the bottom.