Why Comodo FW cannot resolve host name from the IP address???

claudiub · January 20, 2017, 1:50am

Hi,

I tried Comodo FW 10 ;

I got an alert mbam.exe tries to connect to 123.121.231.111. (a fictional example) So, what shall I do? allow, deny???

Now I switch to PC Tools firewall Plus: the alert is : mbam.exe tries to connect to stats.mbamupdates.com ( the same 123.121.231.111)
The decision is much easier to make: is MBAM update so, yes, allow.

So, Why Comodo FW cannot resolve host name from the IP address???

fghcoc · January 20, 2017, 11:21am

That an interesting idea. However by resolving the Host it take longer (albeit usually in miniseconds). Second it making unnecessary connection (User don’t want to even allow any connection). So an add-on option is would. Personally I would like to solve host name sometime too.

However have you use the “Show Activity” button? It call Viruscope I think, that sometime show the website that the program trying to connect to.

claudiub · January 20, 2017, 11:44pm

It is not an idea , is a question.

PC Tools Firewall Plus, not longer maintained since 2012, displays such an alert (and still works fine after so many years) and Comodo Firewall 10 is still stuck showing only the ip.

See the attachment about how a properly designed firewall should alert you.

aim4it · January 23, 2017, 11:31pm

Hostnames are only resolved once per session of the software. Anyway trusting hostnames is very weak filtering and can easily be redirected to 3rd party hosts.

Your better off retrieving the CIDR block and using that to calculate the IP mask. Saddly CIS 10 seems to have removed the option to use the actual CIDR block.

claudiub · January 24, 2017, 1:17am

Thank you for your answer!

Honestly I did not understand even 10% from what were you saying.

The point is my firewall (PC Tools Firewall Plus) is providing me with a host name in any alert which is much easier to understand and decide what to do.
Comodo FW is providing me with an IP address.

What am I supposed to do? Abandon whatever I was doing at that moment and spend 10-15 min to manually try to find out who is behind that IP???
And this for each and every alert?

futuretech · January 24, 2017, 3:08pm

A wish has been made and is submitted to comodo for consideration for this feature see here: https://forums.comodo.com/verified-wish-reports-cis/add-reverse-dns-lookup-for-firewall-alerts-m948-t102663.0.html;msg746323

claudiub · January 24, 2017, 9:20pm

This is a “wish” from 2014 , so 3 years ago.

Most likely is never going to be implemented.