Comodo CIS Bug fix policy

[Antig]

I can take the definition of 'irresponsible' for using CF from super Decopi, I wonder how people who took the burden to test Comodo -among other things- will think about you when you imply they are all dishonest :

No honest video can hide Comodo Firewall's flaw

While I am still waiting to read a detailed Containment failure from you, I have to note that people clearly less obsessed than you were in te past banned or threads closed for manifest trollism.

 

[Pico]

It should also be prevented by a path other than C:\Windows\System32. Because in the .cfgx file:

<Rules />
</PolicyItem>
<PolicyItem UID="{63870DEE-7851-4E34-A024-59F76402B328}" Flags="0" Filename="C:\Windows\System32\svchost.exe"

Is that rule included in one of the default Comodo CIS configs or was it added by user afterwards?

 

[Pico]

As for ipv6, this is not applicable for either video as neither shows a RCE attack from outside (fun fact- seems MSFT fixed the buffer overflow vulnerability last month with the 38063 patch).

Can't svchost be used by legit apps or abused by malware to connect out on IPv6?

 

[wat0114]

Just a side note. CF has IPv6 filtering disabled by default. If you enable it, you need to re-run the Stealth Ports Wizard under Tasks>>Firewall. I

Thanks Erz, I will try this later after re-installing CFW.

@rashmi

yes, no alerts for IPv6 and connections also were established. I will try what @ErzCrz mentioned above.

@Decopi

I only ran CFW in safe mode temporarily, then I would delete the safe list and use my own customized containment and firewall rules. Some similarities in the containment setup to cruel's, and the firewall setup as being very restrictive, alerting to everything and requiring me to setup customized rules. Just how I wanted it.

@Pico

no that rule is just a snippet of the entire rule set for svchost.exe after I created my own customized firewall rules for it. It was taken from opening one of my *.cfgx backup rule sets using notepad.

 

[Chuck57]

I can take the definition of 'irresponsible' for using CF from super Decopi, I wonder how people who took the burden to test Comodo -among other things- will think about you when you imply they are all dishonest :


While I am still waiting to read a detailed Containment failure from you, I have to note that people clearly less obsessed than you were in te past banned or threads closed for manifest trollism.

Well, i, too, am one of the irresponsible, dishonest, manipulative non-experts. I just put the new CF back on this computer. I like Portmaster, found that it did work well, but I feel better with Comodo Firewall protecting me. So, henceforth I'll answer to liar, dishonest and being a manipulative knuckle dragger

 

[rashmi]

@rashmi

yes, no alerts for IPv6 and connections also were established. I will try what @ErzCrz mentioned above.

My ISP offers native IPv6 and prioritizes it over IPv4.

I use Comodo Firewall Proactive Security: default containment settings, disabled HIPS, and enabled firewall safe mode and IPv6 filtering. Also, I block incoming connections. I have disabled Windows Firewall and Defender through Group Policy, and I don't use any other security software.

Comodo Firewall's safe mode allows connections for trusted programs. I have HideAway VPN, which uses IPv6 to check for updates. I marked HideAway and Chrome as unrecognized in CF File List and ran both, with CF containment enabled and disabled. In both cases, Comodo Firewall showed alerts for IPv6 connections. I tested with both stealth mode settings: blocking incoming connections and alerting incoming connections. I didn't create any rules in Comodo Firewall's global rules.

 

[ErzCrz]

If youo enable logging in the global rule you'll see the IPv6 blocks in the case below, blocking neighbourhood solicitation and a second image of some start=up blocks while CF was loading.

If your running full stealth you'll need to create allow rules for ICMPv6 - Packet too big, time exceeded, ICMPv6 type 135 type 0 & 136 type 0 for router advertisement and neighbour solicitation for IPv6 to work properly but that's from old notes.

Spoiler: IPv6 blocks

Anyway,, use what works for you. Time to go and see if I can identify the apparent 500 accumulated bugs.

 

[Pico]

The question still is why does Comodo CIS not enable IPv6 filtering when it detects native IPv6 network. Average users are not aware that IPv6 is disabled by default and go with this default setting. Any attempt by malware to connect out on IPv6 will be silently allowed.
Also if legit apps can use svchost on native IPv6 to connect out so can malware and again the connection will be silently allowed (no IPv6 FW alert) which is very unsecure (and bad).

 

[wat0114]

Re-installed free version of cfw and now, surprisingly, it alerts to IPv6 attempts. Unfortunately, it is either allow all or block all from initial connection alerts. No easy way to create specific IPv6 rule set from attempts to connect to remote IPv6 address. Gone back to Linux and UFW (Uncomplicated firewall) which is so much easier than Windows. An uninitiated user with no experience will inadvertently blow a wide open hole through the Comodo firewall to allow an application through it.

 

[bazang]

But then (if that's the case) - it doesn't belong among all the other "FREE" Active Firewall projects "WHERE ACTIONS SPEAK FOR THEMSELVES (Fixed Bugs, New Features Added, etc)". Just because it's free - does not mean it's worth treated with same respect (like all the other alternatives which are truly active projects) - just because it comes with a 2025 label (playing pretend) - so that alone should make it worth a new topic (or multiple in across the year in question).

Anybody that publishes free software can do whatever they want. All software is sold "As Is." The product owner is obligated to nothing more than what they are willing to do, regardless of what anybody thinks. That is just how it is.

Nobody here is insisting that everybody should use Comodo. That it is unbeatable. Nobody here is attempting to "mislead readers." Furthermore, nobody here is denying that CIS\CFW don't have bugs and usability issues. People can claim that @cruelsister 's videos are overt manipulation and thereby those vids are harming people by presenting Comodo in a false light.

As far as Comodo's ability to protect, which is an entirely different matter, the detractors only offer words. They do not supply any reliable evidence of protection flaws.

Although, none of this is the core issue here at MT in Comodo thread after Comodo thread. There are @cruelsister haters here. If they could, they would stop her from posting any videos. This is an irrefutable fact. The haters just don't have the courage to say it. So they troll and poison every single Comodo discussion.

I could care less about Comodo, what Melih does or does not do, or what anyone else thinks. What I do care about is @cruelsister 's right to post her videos. I do not always agree with things she says, but nevertheless I shall always defend her right to promote her own points of view - as well as her detractors' right not to agree with her. However, I also believe that people who believe in a product have the right to have discussions without the trolls and haters showing up to spread their toxicity and provoke others all because their objective is to create a flame war and have staff lock the thread.

 

[bazang]

He knows for sure that people working with the CEO in reality hate the guy.

@Decopi is quoting Glassdoor reviews.

Working for Melih is not easy. The typical person cannot effectively cope with it. So when they either quit or get fired they run to Glassdoor and basically do what @Decopi does here rage-ranting against Comodo. I guess employee feels compelled to warn the world that working for Comodo is so awful. They'll get back at Melih by posting as-bad-as-possible reviews on Glassdoor.

Something happened to really upset the Decopi to the point of cultivating a huge grudge towards the CEO and his associates and products?

The amount of resentment is rather alarming. The only thing greater is their hatred of @cruelsister .

 

[bazang]

I'm only saying that what's good for you might be bad, wrong and dangerous for 99,99% of the users.

OK. You've stated your point. Now leave everybody that likes Comodo alone. Stop trolling every Comodo discussion at MT.

You have the right to state what you believe to be true. But you are deliberately interfering with the Comodo enthusiasts here - which is one of the reasons the MT forum exists - which is for like-minded people to commune.

Stop with the whole "I am the strawman for the 99.99%. I am here to protect them against @cruelsister 's false and manipulating videos."

You've posted the same things over-and-over ad nauseum. The 99.99% that participate on this forum know full-well what your position is. You do not need to post anymore.

That means you can stop spamming Comodo discussions with your hatred. Beyond this point if you keep doing it, then it is for only one reason - because your intent is to harass every single CIS\CFW thread.

 

[rashmi]

If youo enable logging in the global rule you'll see the IPv6 blocks in the case below, blocking neighbourhood solicitation and a second image of some start=up blocks while CF was loading.

If your running full stealth you'll need to create allow rules for ICMPv6 - Packet too big, time exceeded, ICMPv6 type 135 type 0 & 136 type 0 for router advertisement and neighbour solicitation for IPv6 to work properly but that's from old notes.

View attachment 285448

Spoiler: IPv6 blocks

View attachment 285449
View attachment 285447

Anyway,, use what works for you. Time to go and see if I can identify the apparent 500 accumulated bugs.

I have read the IPv6 info on Comodo Forums but didn't try it.

With logs enabled for global rules, I tested with both stealth mode settings: blocking incoming connections and alerting incoming connections. Restarted the system for each test. I didn't create any rules in Comodo Firewall's global rules.

With Block Incoming Connections, logs showed neighbor solicitation and neighbor advertisement entries.
Windows Operating System | Action - Blocked | Direction - In | Neighbor Solicitation
Windows Operating System | Action - Blocked | Direction - In | Neighbor Advertisement
System | Action - Allowed | Direction - Out | Neighbor Solicitation
System | Action - Allowed | Direction - Out | Neighbor Advertisement

With Alert Incoming Connections, logs showed only neighbor solicitation entries.
Windows Operating System | Action - Blocked | Direction - In | Neighbor Solicitation

 

[wat0114]

There are no longer any decent application firewalls for Windows OS being actively developed. For Windows I would just stick with the built-in firewall augmented with Andy Ful's tools, or maybe WFC. For Linux, either UFW (Uncomplicated Firewall) or IP Tables if one is comfortable with it. For Linux there are no application firewalls available that I'm aware of.

 

[bazang]

There are no longer any decent application firewalls for Windows OS being actively developed.

Nobody does it because it just ain't profitable and, most importantly, it requires an extensive sacrifice of time. The ones that remain - BiniSoft WFC, SimpleWall, TinyWall, and there is one other - IIRC Windows 10 Firewall Control with limited features (Sphinx, looks as if its user forum is still active) - they are all one-person shops. The TinyWall developer refactored the code base, but by the time he did that he had already moved-on from TinyWall years earlier as his main gig is creating and selling niche hardware. The BiniSoft WFC is still active over at Wilders. I suppose it is the same for henrypp+ for SimpleWall. Not sure if he is still at it.

The era of freeware is over. The developers that created those projects and maintained them are all aging and moving on. That decades-old "free software for all" ideology is slowly dying off along with the project developers. The list of dead freeware security software is a long one. The only ones that remain reasonably maintained are those that are subsidized by paying subscribers.

 

[Pico]

There are no longer any decent application firewalls for Windows OS being actively developed. For Windows I would just stick with the built-in firewall augmented with Andy Ful's tools, or maybe WFC. For Linux, either UFW (Uncomplicated Firewall) or IP Tables if one is comfortable with it. For Linux there are no application firewalls available that I'm aware of.

How about Simplewall firewall or Fort firewall just to name a few?
These firewalls support FW rules for services and IPv6 filtering is implemented as well.

 

[Antig]

OK. You've stated your point. Now leave everybody that likes Comodo alone. Stop trolling every Comodo discussion at MT.

You have the right to state what you believe to be true. But you are deliberately interfering with the Comodo enthusiasts here - which is one of the reasons the MT forum exists - which is for like-minded people to commune.

Stop with the whole "I am the strawman for the 99.99%. I am here to protect them against @cruelsister 's false and manipulating videos."

You've posted the same things over-and-over ad nauseum. The 99.99% that participate on this forum know full-well what your position is. You do not need to post anymore.

That means you can stop spamming Comodo discussions with your hatred. Beyond this point if you keep doing it, then it is for only one reason - because your intent is to harass every single CIS\CFW thread.

I fully agree with what you said bazang! Let's see now the next opera buffa from the prolix man and his (few) followers.

 

[Chuck57]

OK. You've stated your point. Now leave everybody that likes Comodo alone. Stop trolling every Comodo discussion at MT.

You have the right to state what you believe to be true. But you are deliberately interfering with the Comodo enthusiasts here - which is one of the reasons the MT forum exists - which is for like-minded people to commune.

Stop with the whole "I am the strawman for the 99.99%. I am here to protect them against @cruelsister 's false and manipulating videos."

You've posted the same things over-and-over ad nauseum. The 99.99% that participate on this forum know full-well what your position is. You do not need to post anymore.

That means you can stop spamming Comodo discussions with your hatred. Beyond this point if you keep doing it, then it is for only one reason - because your intent is to harass every single CIS\CFW thread.

He won't. Because of his statement that "what's right for you might be wrong for 99.9% of users." That's saying we shouldn't post anything favorable because our posts may damage other computer users. We should not voice our experiences for the good of the rest. Sounds almost communist.

He doesn't like Cruelsister, a female. Females should not be posting videos, or have such knowledge of computer software. They belong at home in the kitchen.

 

[simmerskool]

Nobody does it because it just ain't profitable and, most importantly, it requires an extensive sacrifice of time. The ones that remain - BiniSoft WFC, SimpleWall, TinyWall, and there is one other - IIRC Windows 10 Firewall Control with limited features (Sphinx, looks as if its user forum is still active) - they are all one-person shops. The TinyWall developer refactored the code base, but by the time he did that he had already moved-on from TinyWall years earlier as his main gig is creating and selling niche hardware. The BiniSoft WFC is still active over at Wilders. I suppose it is the same for henrypp+ for SimpleWall. Not sure if he is still at it.

The era of freeware is over. The developers that created those projects and maintained them are all aging and moving on. That decades-old "free software for all" ideology is slowly dying off along with the project developers. The list of dead freeware security software is a long one. The only ones that remain reasonably maintained are those that are subsidized by paying subscribers.

There is some relationship between Malwarebytes and WFC (& Binisoft), correct? I have the impression that Malwarebytes is continuing the development of WFC, but I'm clueless & could be wrong about that. I started using WFC again about a month ago, 6.11.0.0, and seems to work well. It updates every so often. A nice addition for the OS Windows Firewall.

 

[wat0114]

The era of freeware is over.

I have no problem paying for an actively developed application Windows firewall. I bought a license for Sphinx firewall some years ago, and I was very impressed with it, but they seem to have stopped development on it.

@Pico

I overlooked Simplewall and Fort Firewall. I will maybe check these out. Either that, or just stay with Linux and keep it simple. Thanks!

@Decopi

Yes, Windows firewall has some strengths, but the interface to create rules is cumbersome and time consuming, and the lack of support for wildcards in path rules is problematic. This is also something WFC can't address.

My Linux UFW ruleset:



Ports 465 and 995 for email client, some remote specific IP's to insecure port 80 for Linux repositories, Cloudflare DNS to remote port 53, time updates to tcp 123, and the rest quite obvious, especially remote TCP 443. I also denied in to 0.0.0.0 because of some recent malicious attack on this IP from the browser. These rules, of course, apply to all applications requesting outbound comms.

Finally, and because this thread is about Comodo, the firewall can be elevated to greatness, best of the best, if the developers can iron out some long reported bugs and make the firewall gui much easier to configure rules as per end user requirements. The documentation is, imho, excellent as well. An example of this:

General Settings | Comodo Firewall, Computer Security|Comodo Internet Security v5.9 /5.10

Customize firewall security by using Comodo Firewall Security lever slider to change preset security levels. Read more here...

help.comodo.com

Obviously a lot of time and effort went into this documentation, it is some of the best I've seen for a Windows security application.