weird FW behaviour - blocking without notice

Finally i get it. The cause of the problem described here;msg571146#msg571146 is really something weird… And this finding make me nervous…

A. Comodo Firewall Blocking network access without notice.

  1. What you did: updated to the latest version (first time over the top, second time clean install)
  2. What actually happened or you actually saw: doubleclicked on O&O Defrag tray icon, Defrag started, but popup with something like “unable to connect to service at port 50300” appeared.
  3. What you expected to happen or see: Normally (as with previous CIS version) working Defrag.
  4. How you tried to fix it & what happened: for the first few days i almost forgot about it, but later, when large amount of data was removed from HDD, i tried to run defrag, but result was the same - unable… As i mentioned in my first post (link at the top), with disabled firewall everything works smooth. Of course next step was backup and reinstall. Uninstalled, cleaned registry (LEGACY_CMDGUARD, etc…), Comodo folders was deleted, fresh version installed. Edited exported default COMODO - Firewall Security config with Notepad to add my tuned Predefined Policies which is looks like:

and, (sic!)
customized Network Zones… My network zones looks like:

, modified configuration file was imported back into CIS with a new name, activated. Nothing changed. The same trouble… You’ll ask - why (sic!) at Network Zones? I’ll answer. The cause of trouble is inside the BLOCKED zone and it’s name is GE.RU… Exactly! No, nothing else does not affect, but GE.RU. FTW. So, if that hostname is inside the BLOCKED zone, FW is blocking some connections without permission and log…
5. If its a software compatibility problem have you tried the compatibility fixes (link in format)?: no
6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): O&O Defrag 15.0 build 107
7. Whether you can make the problem happen again, and if so exact steps to make it happen: easy - just add G****E.RU to BLOCKED zone and voila!
8. Any other information (eg your guess regarding the cause, with reasons): no

B. Files appended. (Please zip unless screenshots).

  1. Screenshots of the Defense plus Active Processes List (Required for all issues):
  1. Screenshots illustrating the bug:
  1. Screenshots of related CIS event logs:
    something like this (please note, that there is no rule for “Windows Operating System” in FW (G****E.RU is in BLOCKED zone) edit: seems 57777 is a torrent related port):

C. Your set-up

  1. CIS version, AV database version & configuration used: 5.9.219863.2196
  2. a) Have you updated (without uninstall) from from a previous version of CIS: first time
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: yes
  3. a) Have you imported a config from a previous version of CIS: partialy
    b) if so, have U tried a standard config (without losing settings - if not please do)?: yes
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): no
  5. Defense+, Sandbox, Firewall & AV security levels: D+= 0, Sandbox= 0, Firewall = 1, AV = 0
  6. OS version, service pack, number of bits, UAC setting, & account type: Win7x64 Pro SP1 UAC=0, Admin
  7. Other security and utility software currently installed: MBAM
  8. Other security software previously installed at any time since Windows was last installed: mostly portable apps, no traces.
  9. Virtual machine used (Please do NOT use Virtual box): no

[attachment deleted by admin]

Thank you for issue report.

Have you tried with the default configuration?

Also your Looback Zone it has been mention that it is a illegal subnet, and could cause all kinds of undesired behavior.

Thank you


Thanks for reply! And excuse my poor English please :-
Yes i tried with default settings (without BLOCKED hostnames) and it works fine.
How everybody knows, default config is a little bit insecure 88)
But, if such names, as in my case, is added to blocked zones, then services are unable to connect.
If another hostname (also .RU dont wanna post now 8)) added to blocked zones, the FW is blocking network totally!
Modifications mentioned in my post does not harm default config as bad as to broke it.
Loopback going to be set now, thanks. Merry Christmas!

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Moved to Verified.

Many thanks again