Web Browser

I have both IE and FF selected as web browsers. But recently I tried to download Dr.Web CureIt just do try it out and do a scan with it but the download never started. Only after I changed IE and FF to custom did it start. Should I leave them this way or keep them as a web browser. I also was thinking should I change the " predefined firewall policies" for web browser. Like change block and log all unmatching requests to “allow”? Here is the Dr.Web CureIt link.


The Web Browser Policy default has an error in the rule for ftp. Edit the ftp rule so the destination port is “any” so it will support passive ftp.

That did it. Thanks. :BNC

It’s too bad it defeats the purpose of the other sub-rules within the predefined rule Web Browser :-. e.g. The HTTP rule allows outgoing TCP connections only specifically on the predfined port HTTP.

The problem is that Comodo never implemented what Egeman calls “Enterprise SPI”. We had a brief discussion, and it wasn’t in the plan; sounded like “Enterprise SPI” is whatever Comodo planned not to do. For FTP, SPI means that when you see a TCP connection to an FTP server (port 21 of any IP) you allow inbound TCP connections from port 20 and outbound TCP connections to any high port from/to the IP that the original connection was made to. In fact, it is a classic example of SPI in places like Wikipedia. And yes, the current approach defeats the other rules, but makes passive FTP work (which is mostly used instead of active FTP) and also causes success for nonstandard ports for http. Passive FTP ws actually invented so that firewalls wouldn’t block the inbound connections to port 20 of normal active FTP, but CFP3 doesn’t support it via SPI. :frowning: