Should I worry with this log?

Just trying out Comodo FW and see a long list in the log of Outbound Policy Violations. Does this mean I have a nasty ?

Rats, just noticed the log only shows two... I had FW block all while I was out. The other part of the log shows dozens of Violations

 

Hi Huwge

Outbound ICMP
Source: 192.168.1.100
Destination : 192.168.4.100
Port unreacheable

This ICMP packet = Icmp type 3 code 3 means only this:
a port on the destination Ip Address 192.168.4.100 is unreachable for some reason by the PC corresponding to 192.168.1.100 ...

Please note that these 192.168.*.* IP Addresses are reserved for your local network (or router)
and they are not sent or received over Internet.

The only ICMP type/code allowed over internet are normally:

Type 8 code 0 : Echo outbound only
Type 0 code 0 : Echo reply (to the previous "ping") inbound only
Type 11 code 0 : Timeout (used by Trace route...) inbound only

In a local network, on the client PCs, ICMP type 3 code 4 must be allowed in and out within the network (means "Fragmentation needed but a Don't Fragment flag is set.")

All the other Icmp type/code have to be blocked by the firewall. Blocked and logged to help you to find some events happened in the Network.

That's all. There is no malware here but only a network event blocked and logged. (a so-called "Violation" ...)

This event can happen from time to time in a local network and over internet.
In your example the ICMP warns you that some access was temporarely blocked into the network.
If your network (or router) works, just forget this.

Hope this help. Let us know.

 

Thanks for the reply but it was way over my head !!!!. I do have a Router though

 

Hi Huwge

I'll try to keep things simple:

this is only an ICMP signal happened locally and not between your PC and internet.

May be a temporary timeout in the communications between your PC and the router. That's all.

But your firewall call this a "Violation" ...

Keep smile!

 

I'm guessing that somewhere in your configuration there is a rule (or rules) blocking communications to and/or from certain ports. However, like Climenole said, if you're not having any problems with Internet access, don't worry about it. And, you especially don't want to be altering firewall rules if it is over your head, as that could lead to holes in your protection. If you were to start having problems, then there are plenty of people here at Wilders who can help you configure your firewall rules.

 

Hi KDNeese

I guess it's only a temporary "glitch" between the router and the PC.

I have the same ICMP type/code from my DNS server (max. 10 time per 24 hours)...

Nothings to worry about and it's the same with the Huwge system. If these ICMP warnings becomes too much frequent the best for him is to check the router/PC connection and the firewall setup. (But here we're talking about only a dozen of these Icmp warnings...)

But I'm sure the firewall message is somewhat too "dramatic":

"Access Violation" for this...

Have a nice week end KDNeese

 

pxconsole.exe belongs to Prevx1. for some reason you have it blocked from checking in with the community database or checking for updates.


Mike

 

Like I said, I had the FW to block all while I was away, thats why Prevx is showing as blocked

 

Just curious, is the router or as I call it in ZA Pro the family Lan in the trusted or internet zone. Does Comodo FW assume the router is "trusted"?

 

You need to create a Network Rule "ICMP Message is Port unreachable" Action=Allow | Protocol=ICMP | Direction=Out | Source Ip=192.168.1.100 | Destination IP=your Default Gateway