Zero Intrusion Attempts

Hello Everyone

I am using COMODO Firewall v 4.0.135239.742.
My Firewall and Defense+ Security Level is set to Safe Mode.

But, under Summary Option → Network Defense, it shows - “The Firewall has blocked 0 intrusion attempts so far.”

Is this normal?

When i used verison 3, i used to see so many intrusion attempts.

Can anyone tell me why is it showing zero intrusion attempts? Is my firewall working? ???

http://i43.tinypic.com/2pr89s8.jpg

It is most probably due to the fact that the default configuration allows all outgoing traffic. You should try changing CIS to Proactive Security and the firewall to custom policy mode.

Hope this helps

Cheers

Hmm…I did not tinker with any settings while installation and Firewall is running with the default settings as of now.

I have only installed the Firewall Part of CIS. I did not install the Antivirus.

What will COMODO-Proactive Security do? and if I change Firewall settings to Custom Policy mode, won’t there be too many pop-ups?

When I used version 3, my Firewall Security Level was set to Safe Mode and it correctly displayed the number of Intrusion Attempts too.

Why is version 4 not displaying? How will I know what intrusion attempts are going on? ???

Why is my Firewall always showing zero inbound connections ?

I have set Configuration to Proactive Security and Firewall Security Level is set to Custom Policy Mode. Please reply.

Can you just for testing set Alert Settings to high? Does that change the situation or not?

Do you have any other security programs running in the background as well? Or programs that interfere with network access like VPN clients or something like Netlimiter.

After changing the alert setting to “high”, it is showing the number of intrusion attempts and sometimes shows inbound connections. But, why is it not showing when i set the alert to “low”?

Do you have any other security programs running in the background as well? Or programs that interfere with network access like VPN clients or something like Netlimiter.

The only other security program running in the background is Avira Antivir.

It could be a bug.

When using the Low setting do events get logged by the Firewall even though it is not reported in the main screen? Look under Firewall -->Common Tasks → View Firewall Events

The only other security program running in the background is Avira Antivir.
Not a trouble maker usually. Could you for the sake of testing disable it and see if that changes things or not?

After using CIS v4 for 2 days in Custom Policy Mode, it is now showing intrusion attempts in low setting alert too. Sometimes, the intrusion attempts goes upto 3000+. Is it normal?
When i used Firewall Security Level in Safe Mode, it was not showing any intrusion attempts. It always displayed zero intrusion attempts.

Now, about the inbound connections thing, it is always showing as 0 inbound connections. Why?

My Settings are:
COMODO Proactive Security
Firewall Security Level - Custom Policy Mode
Defense+ - Clean PC Mode

I tried disabling Avira, but still inbound connection is shown as zero.

I tested again, now in Safe Mode, it doesn’t show Intrusion Attempts. It is always showing as ZERO intrusion attempts. My Configuration is COMODO Proactive Security and Firewall Security Level in Safe Mode.

When i checked the log it was not updated too from the time i switched to safe mode.

Is this a COMODO bug?
I tried uninstalling and re-installing COMODO, but still no difference.

Also, in Safe Mode, it doesn’t ask for any confirmation when some program connects to the internet - like, if i open Firefox or Messenger, it is not asking to Allow or Block the application. Is this normal too in Safe Mode? ???

[attachment deleted by admin]

Please someone reply :cry:

Was it showing inbound connections when it was showing 3000+ intrusions?

If this is anything like CIS 3, these so-called intrusion attempts is basically a result of a counter that increases each time a connection attempt (legit or not) is blocked and logged by a rule. From your Application Rules screenshot, it looks like a bug. As for your question why some programs connect out without a prompt in Safe Mode - that’s the whole point of Safe Mode; to reduce alert madness. It’s because of the Trusted (Safe) Vendors list. Try launching a program not on the list and see what happens.

No.

Ok…so i guess Firefox, IE, Dragon, Opera are added into the whitelist in CIS v4 internally. Thanks

i think you set the firewall in steath mode in this mode firewall locks but not logs the intrusions
to enale the intrusion just go to global rules and the last option bry defalut block ip to to top whre the destination is any edit it and check the box log
this will strat showin you all the no of intrusions blocked
hope it helps

thank you :slight_smile:

Now wait a second here. Oubound connections are necessary for you to browse and do everything else. The security risk is at INBOUND connections !!! INBOUND connections should never happen, unless you authorize someone to connect to your system, for example to desktop remote assistance procedures.

please take a look at https://forums.comodo.com/firewall-help-cis/cis-4-firewall-definitely-is-not-working-comodo-people-plz-t56358.0.html to see how I solved the same problem, in my case that was the solution.

Hi everyone,

I’ve been using Comodo firewall (only firewall + defense, no AV) for around 2 years now.
Recently I upgraded to the newest version by completely deleting the old one and installing the current one.

However, one thing surprises me a lot - this is what I always see “the firewall has blocked 0 intrusion attempts so far”.

There have been a few threads about this, eg. THIS one, or this one https://forums.comodo.com/firewall-help-cis/cis-4-firewall-definitely-is-not-working-comodo-people-plz-t56358.0.html

or this one:

https://forums.comodo.com/firewall-help-cis/is-my-firewall-working-t55296.0.html

its quite confusing and doesnt put me at ease… always had tens/hundreds of blocked intrusions (yeah, i realize most of that is just “noise” ) and im used to seeing it.

I got a dynamic IP, NO hardware firewall, windows firewall disabled.
In “stealth ports wizard” 3rd option checked, as always.

I realize (well, i hope at least…) that the firewall is fuctioning with these settings just as it should be, but even when im doing the GRC shileds test, i am not getting logged anything.

The GRC test is obviously passed, but in the past when doing the GRC shileds test, i have seen tens of “intrusion attempts” logged, and now I just dont see them.

Hence, just like other people, ive been wondering if the firewall is working. Well, since the test is passed, i assume it is, but im confused on whats the reasoning for disabling logging these ‘intrusions’.

best regards,

Paul

What happens when you move the Firewall Alert Settings slider to High (Firewall → Advanced → Firewall Behaviour Settings)? Do you get to see reports in the logs?

No, it doesn’t change a thing.
I just browsed your forums, I think here lies the answer.

https://forums.comodo.com/firewall-help-cis/stealth-ports-wizard-t56813.0.html

see the 2nd post by Dennis2 in that thread.

In my case, the 4th rule doesn’t contain “and log”
:wink: I wonder why though?
I think it should come with the default settings. :slight_smile:
and how do I change it to enable logging?

The rule at the bottom, I assume that is the one you are referring to, used to be block and log All IP etc… Apparently that changed with v4.1. I had not noticed that myself yet.

Best thing to do is to edit that rule at the bottom and tick “log as a firewall event if this rule is fired”.

thank you, it is working now