Why is my COMODO Firewall allowing all connections?

I just recently reinstalled COMODO Firewall on my second computer, and can't figure out why it's allowing all network activity despite the current configuration (see attached). Perhaps I'm blind as a bat right now and can't see the problem. I would ask on the COMODO forums but I already have an account here, so I figured I would ask here first.

*EDIT* COMODO prompts for a users input when launching Internet Explorer, and Steam. However, Google Chrome, Elpis (Pandora client), HitmanPro, Malwarebytes, Firefox, and Skype have all been allowed access despite the fact that there is no rule allowing them.

 

In which configuration are you running CIS?
Try to set it to Proactive.

 

maybe some antivirus is tunneling all data through its protecting kernel service. or you have disabled some important windows service, eg BFE.

 

Outraged

I contacted COMODO support, and was asked to install the GeekBuddy support software on my computer. I installed the software, and was connected to a support agent - who without asking what the issue was - requested permission to check the registry, temp files, and event log. I complied, and let the agent check those areas of my computer. The agent stated that my computer was heavily infected with spyware, and in critical condition.

You must understand at this point that I am no stranger when it comes to the Windows operating system, and proper security practices. I was very "shocked" to know that the Service Control Manager logs contained in my event log are a sign of spyware. These entries are perfectly normal, and state when a system service has started, and stopped. I do not interject with my opinion and instead simply play along.

The agent proceeds to tell me that it’s extremely important that I remove this spyware from my computer as it greatly compromises my system security. I interrupted, and asked the agent about the issues I am having with the COMODO Firewall allowing all in/outbound connections, but he/she could not answer the question, and instead insisted that we should resolve these spyware issues today. I ask the agent how exactly we can do that, and I'm told that the removal service isn't available to me unless I am a premium customer. The agent then told me about a "special promotion" that is available to me today only, how lucky! I respectfully refuse, and thank the agent for the offer but instead insist that I am here to resolve the issues with the firewall, and not the supposed spyware. He/she then offered to connect me to their manager so that I may be given a “special discount”, and I again refused, citing that I was unsure of the amount of available funds in my bank account for the day, and would have to call the bank at a later time. The agent insisted that I do that immediately as this issue puts my data, and private files at great risk.

I am no stranger to these types of technical support services. I often prefer to play stupid so that I may evaluate the knowledge of the person assisting me. I am appalled by what I experienced today, and feel that I was taken advantage of as a customer. My computer is free of malware - this I know for sure. Had someone with little knowledge about their computer been placed in this same position they probably would have spent the money, and purchased the COMODO software.

Forgive me for any hostile undertones detected in my message. I am simply outraged, and disgusted by this business practice.

 

humm...
I am shocked myself
and even reconsidering the use of Comodo...

 

Please understand that I'm not trying to start a revolt by saying this. COMODO Firewall is a great product - one of my favorites - so don't let this impact your opinion on the software itself.

 

I'm familiar with their software and their ways
sometimes I just trust human nature to much

 

Re: Outraged

Yeah. I also find this very shady. I use Comodo on a windows laptop and this makes me think I should reconsider using it.

 

Well I think you need to enable "create rules for safe applications" option.

 

You should have paid to become a premium user and then to get the answer "we don't know sir, please remove your spyware first." Comodo support is really awful.

 

Maybe the services you are seeing connect to the internet are on Comodo firewalls white or approved software list. Doesn't this firewall do that?. Or as suggested your antivirus is allowing all connections. Does it have a web scanner? Most of them do.

As for the treatment you received yes that pretty bad but they are no doubt trying to sell something. Maybe the guy was on some sort of incentive or commission.

I personally switched to using Private Firewall. But, I turned the protection to the highest level. There doesn't seem to be much communication going on at that level. The developer for PFW does answer questions & is willing to help.

 

It won't help.

 

please try to set the firewall as "safe mode" instead of "custom ruleset".Not sure this will help.

 

any logfile present you can show us? (like adwcleaner)

nevertheless if the system is infected anything is possible and any security software like antivirus or firewall can be pretty useless - not only comodo.


@ZeroDay - please only cite what you refer to (or nothing if in common)

 

I ve seen this firewall creating rules to allow everything with an older version as well.

This level of protection can be achieved by uninstalling.

There is no need of a firewall if it allows everything to pass through ,unless the developer intention is that the hard-coded Comodo DNS servers in this software to be used to track your PC web usage habits via DNS records as the calls are made to them.
There seems to be a trend among security software in allowing everything so the user is not disturbed with questions ,denying the very meaning of a 3-rd party security software.

They add all kind of complicated HIPS in this firewalls and at the end ,with their implementations ,they are practically denying the purpose of the software.
Who cares about the HIPS ,if anything gets thru at network level.

 

@Sm3K3R

Did you have create rules for safe applications checked? Also, users need to be careful about the allow and treat as options when they receive pop-ups. Unless you specify a strict profile for things like web-browsers, etc. Companies develop these products for the average consumer. It's suppose to be lent on restrictions so that users don't allow or block an application only to spend the next several hours in forums and support trying to get uTorrent to properly function on their system. Even if you are adept at creating rules, you still have to contend with websites that don't use a static address for pushing out updates, etc. Software is only as effective as its operator as as secure as the system (hardware, kernel, and all) that it is installed. There is plenty of blame to go around, it doesn't all shoulder on the application developer. Even if you stick with a built-in firewall, the burden of responsibility doesn't change much. There are limitations to out-of-the-box security solutions.