I checked my Comodo Firewall log today and found that there was one entry of Ashwebsv.exe and Messenger saying it had been blocked yet I have them set to permit, I have made a topic on there forums but I was wondering whether anyone else has had this issue?
ps it said outgoing tcp on port 1181 to ip 127.0.0.1
Hi, I also use Comodo Firewall and it is not an easy software, yo have to know more about computer communications than with other firewall software. IP address 127.0.0.1 is known as system or loop IP address, that means your own PC.
You can authorize this connections. Firewalls use to be very restrictive with connections to the loop address, but if you know the applications and if you consider them safe, there won´t be any problem.
Why would Ashwebsv.exe be using the loop back address when it has never done that before?
You may just not have seen it before but it uses a localhost proxy to be able to scan the ‘HTTP’ content of the web pages you browse before they are saved to your browser cache and displayed by your browser.
It normally redirect to port 12080.
I have always checked my firewall logs and never ever seen this before, it has only started showing up (rarely) after I set my wireless router up and the port it said it was connecting to was port 1181 not 12080 plus it doesnt account for Messenger being blocked and logged although it still works.
ps another thing was logged it was application: system with parent: system and that was blocked from sending something to my routers ip address
I have no idea on the changes that have been brought in with comodo 3.0 but the webshield hasn’t changed how it uses the localhost proxy.
Check my image and you will see that outbound connections use 12080, that is the redirection port for the webshield, but you will see in my image inbound localhost port of 1231 and 1234 for the webshield and that is outside the control of avast it doesn’t set inbound ports.
Sorry I have no experience of comodo but rather than being blocked automatically ‘you’ are the one who should decide if it is a legit use, using the other information that should be available in the comodo pop-ups.
Comodo never notified me and automatically blocked these data transfers even though I had allowed the applications in application control, the funny thing is even though it blocked that service/program (and logged it) the program that was blocked still works as normal, so it must have had an issue with that specific request at that time, I still use Comodo Firewall V2.4 as V3 is still unstable.
It has all happened after I setup my wireless router so that may be a factor, plus I dont know whether something the routers firewall did has had an impact on it
thanks for your help anyway, I would like to leave this topic active a while longer just to see if anyone else has experienced this
Allowing an application won’t overide any use by a different application/process as in the Parent program (the one that launches it) to use that legit program (Child). That is the whole anti-leak idea so a legit processes can’t be used by another process to bypass outbound checks.
Wow it is taking some time to get comodo 3.0 running then. I really think you should check this out on the comodo firewall forums where they will have a greater insight into the technicalities/settings (it may be set by default to block rather than ask) of the firewall