Server rights on Comodo

Discussion in 'other firewalls' started by aigle, Jun 14, 2006.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, I am using Comodo firewall. I am not sure when Opera, other web browsers, my download manager, AV and Comodo itself are a sking for permission to act as a server. Any users of Comodo here? Any help will be appreciated?
    My second post on it.
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi aigle,
    Comodo works slightly differently, as this firewall uses 2 rulesets, one for the programs, and one "network" based. When Comodo informs you that "firefox" is requesting "server rights", I highly suspect that it is referring to the "localhost loopback inbound connections" and the server rights are for the "Program rules".
    Allowing the "server rights" for program rules, will in fact, not allow inbound from the internet, to allow inbound from the internet, you would need to change the network rules.
    So allowing "server rights" for the program rules within Comodo, I believe is O.K.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think so as I saw if I deny, the browser will not access the internet.
    It is different from what I saw in ZAP.
    Thanks for ur reply.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes, if loopback for firefox is completely blocked, then there will be a lot of problems.
    In ZAP, you can allow "Server rights" in the "trusted zone" (for loopback), or in the "Internet zone" for inbound connections from the internet.


    Check the rules within Comodo, in the "Network rules". You should see 2 rules, one to allow all outbound, and one to block all inbound.
    The "Program rules" are only filters to these 2 network rules. (or the rules to add/change here)
    You could say that the "Network rules" act like a router.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Yes it is exactly like this. Thanks for the help.

    As I think u are quite expert in firewalls, so I will ask u one more question that is not directly related to the topic.
    In the past I used ZAP, and it will give pop ups like one after every 10 to 15 minutes that will say " an attack to ur PC is diasbled from xyz IP" with the severity of attack as medium or high. Anf if u check its main Overview window after a week it will tell how many Intrusion attempts it has blocked( and how many of them were high risked/ rated).
    Kaspersky anti-haker and Norton firewall also used to do something like that,
    but i have not seen this with Kerio and Comodo. In kerio even after one month if I check the logd, it will show only few intrusions while on ZAP these will be more than 50 or so. Why is like that? Is it just thw bells and whistles or Kerio and Comodo are not detecting these attacks?
    ( Infact in Comodo I don,t find any log for Intrusion attempts.)
    Thanks.
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi aigle,
    It will just be the log settings within the firewall, some firewalls will log ALL, some will just drop the inbound attempt with no notice/log.
    Have a look at the "network rules" within Comodo, the "block inbound" rule, are there any logging options on this rule?

    EDIT:
    open comodo, network monitor and double left click on the "block all inbound" rule. There is an option (tick box) for "create an alert if the rule is fired", select (tick) this box. This should then alert to any inbound that are blocked.(if this is what you want?)

    And Comodo is alerting "Act as server" for firefox for "listen ports". You can allow this. (This is "listen" for loopback)
     
    Last edited: Jun 14, 2006
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks.
    Here logs are separate but only for applications, not network.
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Rule to log All network need to be set in network monitor.
     

    Attached Files:

    • 1.GIF
      1.GIF
      File size:
      109.7 KB
      Views:
      576
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks. I enabled the logging, and will see now.
    Nice help from u.
    Thanks again.
     
  10. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    Technical Question about COMODO. I am going to download a trial of Online Armor (OA). If that goes well, I will buy it.

    Online armor is a HIPS based program. Does Comodo have any HIPS features that might conflict with OA? After my trial of OA I will probably dowemload Comodo and want to make certain that there aren't conflicts.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    No HIPS in Comodo.
    There is an application behaviour analysis part but it is infact related to network activity.
     

    Attached Files:

    Last edited by a moderator: Jun 24, 2006
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Problem with Comodo firewall

    Anybody using Comodo firewall?
    Updated today and comodo is not giving any option to remember about my browser( Opera/ Firefox/ IE) when it tries to connect to internet.
    I get two popups each time i launch Opera or other browser( trying to act as server and trying to connect to internet), but there is no option to remember this action.
     

    Attached Files:

  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Just found out the cause I am running my browsers sandboxed in GesWall.
    If I run the browsers out of sandbox then I do get the option 'Remember this".
    As far as I can remember I did not faced this issue before the update, now I wonder if there is any way to get rid of these pop ups!

    Here is popup when firefox is out of sandbox.
     

    Attached Files:

  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    aigle,
    Post 12:- I highly suspect this is due to the introduction within Comodo of interception of windows "bits" (Background Intelligent Transfer Service). A "remember" rule for an unknown/isolated data transfer would be a little scary.
    Post 13, the alert as changed, but,.. it is hidden/invisible to the user,.. so maybe better info?
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I posted the issue in their forums and thay have promise to look in this issue. Same pronlem is told to me by a BufferZone user as well.
     
Loading...
Thread Status:
Not open for further replies.