Finally i get it. The cause of the problem described here https://forums.comodo.com/non-format-issue-reports-cis/known-issues-in-version-59-anybody-t79688.0.html;msg571146#msg571146 is really something weird… And this finding make me nervous…
A. Comodo Firewall Blocking network access without notice.
- What you did: updated to the latest version (first time over the top, second time clean install)
- What actually happened or you actually saw: doubleclicked on O&O Defrag tray icon, Defrag started, but popup with something like “unable to connect to service at port 50300” appeared.
- What you expected to happen or see: Normally (as with previous CIS version) working Defrag.
- How you tried to fix it & what happened: for the first few days i almost forgot about it, but later, when large amount of data was removed from HDD, i tried to run defrag, but result was the same - unable… As i mentioned in my first post (link at the top), with disabled firewall everything works smooth. Of course next step was backup and reinstall. Uninstalled, cleaned registry (LEGACY_CMDGUARD, etc…), Comodo folders was deleted, fresh version installed. Edited exported default COMODO - Firewall Security config with Notepad to add my tuned Predefined Policies which is looks like:
and, (sic!)
customized Network Zones… My network zones looks like:
, modified configuration file was imported back into CIS with a new name, activated. Nothing changed. The same trouble… You’ll ask - why (sic!) at Network Zones? I’ll answer. The cause of trouble is inside the BLOCKED zone and it’s name is GE.RU… Exactly! No, nothing else does not affect, but GE.RU. FTW. So, if that hostname is inside the BLOCKED zone, FW is blocking some connections without permission and log…
5. If its a software compatibility problem have you tried the compatibility fixes (link in format)?: no
6. Details & exact version of any software (execpt CIS) involved (with download link unless malware): O&O Defrag 15.0 build 107
7. Whether you can make the problem happen again, and if so exact steps to make it happen: easy - just add G****E.RU to BLOCKED zone and voila!
8. Any other information (eg your guess regarding the cause, with reasons): no
B. Files appended. (Please zip unless screenshots).
- Screenshots of the Defense plus Active Processes List (Required for all issues):
- Screenshots illustrating the bug:
- Screenshots of related CIS event logs:
something like this (please note, that there is no rule for “Windows Operating System” in FW (G****E.RU is in BLOCKED zone) edit: seems 57777 is a torrent related port):
C. Your set-up
- CIS version, AV database version & configuration used: 5.9.219863.2196
- a) Have you updated (without uninstall) from from a previous version of CIS: first time
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: yes - a) Have you imported a config from a previous version of CIS: partialy
b) if so, have U tried a standard config (without losing settings - if not please do)?: yes - Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): no
- Defense+, Sandbox, Firewall & AV security levels: D+= 0, Sandbox= 0, Firewall = 1, AV = 0
- OS version, service pack, number of bits, UAC setting, & account type: Win7x64 Pro SP1 UAC=0, Admin
- Other security and utility software currently installed: MBAM
- Other security software previously installed at any time since Windows was last installed: mostly portable apps, no traces.
- Virtual machine used (Please do NOT use Virtual box): no
[attachment deleted by admin]