What does this entry in CFP3 Fw events mean ?

Can someone kindly explain what does this entry in CFP3 Fw events mean ?

And if it needs fixing, how to do it ?

Please see the attached screenshot.



System: WinXpPro SP2

[attachment deleted by admin]

Don’t know anything about your network, but this is a DHCP discover broadcast by your computer looking for a DHCP server to give it an IP address. If you get one anyway through other methods, this is redundant. If you need to allow it, you can make an explicit allow rule and put it under WOS in the network policies.

This is exactly what I am getting thousands of, One every 5 seconds and although several people tried to help in the "Help needed for Firewall Rules"thread I started regarding this problem, nothing so far has succeeded in stopping it. If anyone knows how to cure this I would be eternally grateful.

Add the rule to WOS block/udp/out/ if you want t to block it. Don’t log it.
I use allow/udp/out/any/any/any/any and let it go, since it is an outgoing broadcast from my computer.
You may need to create a place in the network policies for WOS if it is not there yet.

If there is no application entry for WOS, shouldn’t the global rule IP OUT any any any allow the broadcast?

Al (Merry Christmas) Adric

Thanks sded,

What is WOS, and how to create a place for it, I understand all the rest of it ?

Thanks again


WOSystem application needs to be added via Add → Select → Running Processes when creating a rule for it for the first time. Select the top entry (Windows Operating System).

Al (Merry Christmas) Adric

Application rules out are done before the global rules. I think it has to be allowed by an application rule first-at least that is the way it works for me. Should work that way so you don’t have an “allow everything I forgot to block”. :wink:

Hmmm, I don’t know what to make of that I do not have WOS defined as an application and I have logging set on for the global outgoing rule. IGMP is allowed but UDP is not. I will add WOS and make a rule to log ans see what happens.


[attachment deleted by admin]

Must be one of the Comodo default rules. Don’t know otherwise why you would allow allow IGMP multicast, block UDP (DHCP) broadcast-unless you have a trusted network?

There is a default Loopback Zone in the network zone definitions. Looks like this and the global rule for outgoing is enough and there is no need for a WOS application entry. At least the log seems to indicate this.

Maybe if I Add and to my network zone definitions, that will also be enough and I won’t need an entry for WOS.

Al (getting more and more confused) Adric

Yeah, I don’t see how defining a zone and not saying anything about it in the rules should do anything. I took it as just a convenience fo the explicit loopback rules. Is your network trusted? I have no problem with Comodo making default rules (Maybe WOS is a safe application with a ruleset somewhere?) but I have ranted (including to Melih) about Comodo doing it and not telling me what they are. And ah, the myseries of SPI!! But I try to make everything explicit (left over from Kerio 2 days) and don’t use global rules, partly because they do stuff like you showed in your log and add to the general confusion.

Maybe if I Add and to my network zone definitions, that will also be enough and I won’t need an entry for WOS.

I have already done the above from advice I received from Zortag in the thread I started on this same problem(Firewall rule help needed) and it didn’t help. Perhaps one of the moderators could merge the two threads and we maybe could get a solution to this annoyance.

bluesjunior, which rule did you atually add and where? The network zones stuff doesn’t do anything until you make a rule about them, and since WOS is being blocked, that is where the rule goes.

I followed the instructions given to me by Zortag on the above mentioned thread started by me. He wrote the following advice but haven’t heard any more from him.

bluesjunior - During the later stages of the Comodo installation process, a query-box poped up announcing that it had “found a new network”, asking if you wanted trust it, name it, etc, etc. This is your Local Network! By default, Comodo chose to name the network, by using the name of the Ethernet card, this is unfortuneate, as they could just as easily (this first time only) defaulted to calling it something like “Local Area Network”. First I would suggest renaming the network, it makes no real difference to Comodo, but you get the “thing” named to what is a common reference.

Firewall → My Network Zones
Hightlight “VIA VT6102 Rhine II fast Ethernet Adapter - Packet scheduler miniport.”
Click Edit
Enter “Local Area Network” (without the quotes)
Click Apply, Apply, etc (however many times it takes to get back to main “Comodo” app)

Then go back in and fix the addresses, by adding /removing (see instructions in my previous post) so that the two zones “Loopback Zone” (automatically created by Comodo), and “Local Area Network” look like:

Loopback Zone
IP IN [ /]

Local Area Network
IP in / (no change)

You should NOT be seeing any traffic blocked that is within the this Local Area Network, that is if the Source Address and Destination Address (look in the log) are BOTH in the Local Area Network (ie 192.168.0.x, where x is any number 0-255, OR OR If you still are getting blocked messages for local traffic, then you’ve got a rule issue.

Yes, I defined my network with the Stealth Ports Wizard (a range of IP Addrs 0-255)


maybe I missed it but I didn’t see anywhere in the procedure where you made it a trusted zone. Do you have global rules to allow all in and allow all out for that zone? If not, go to stealth port wizard and declare it a trusted zone. Again, a zone does nothing until you make rules about it.

Thank you Sded. Would you mind walking me through the procedure?. I am 60 and not very PC technical. I just knew something wasn’t quite right.

TO make sure your network is trusted, go to firewall/common tasks/stealth port wizard. Select “Define a New Trusted Network” and Next and select your zone. This wil allow your LAN to talk internally with no blockage. Even if you have already got the rules in your global rules, won’t hurt to have them again. See if that helps.

Thank you Sded,
I will try that and see how it goes.