Comodo Help
Find the desired product help
Comodo Internet Security

Comodo Internet Security

Version 5.9/5.10

English

Print Help Download Help
Firewall Tasks-Introduction > View Firewall Events
  • Introduction To Comodo Internet Security
    • Special Features
    • System Requirements
    • Installation
      • CIS Premium Installation
      • CIS Pro-Installation And Activation
      • CIS Complete-Installation And Activation
        • Installing Comodo Internet Security 2012 Complete
        • Activating Online Backup, TrustConnect And Guarantee
        • Installing Comodo Backup
        • Installing Comodo TrustConnect
      • Activating Pro/ Complete Services After Installation
        • Activating Your License
        • Activating Your Guarantee Coverage
        • Renewal Of Your License
    • Starting Comodo Internet Security
    • Comodo Internet Security - Overview Of Summary Screens
      • Comodo Internet Security – Summary
      • Comodo Antivirus – Summary
      • Comodo Firewall – Summary
    • Comodo Internet Security - Navigation
    • Understanding Alerts
  • Antivirus Tasks-Introduction
    • Run A Scan
    • Update Virus Database
    • Quarantined Items
    • View Antivirus Events
    • Submit Files To Comodo For Analysis
    • Scheduled Scans
    • Scan Profiles
    • Scanner Settings
      • Real Time Scanning
      • Manual Scanning
      • Scheduled Scanning
      • Exclusions
  • Firewall Tasks-Introduction
    • View Firewall Events
    • Define A New Trusted Application
    • Define A New Blocked Application
    • Network Security Policy
      • General Navigation
      • Application Rules
      • Global Rules
      • Predefined Policies
      • Network Zones
      • Blocked Zones
      • Port Sets
    • View Active Connections
    • Stealth Ports Wizard
    • Firewall Behavior Settings
      • General Settings
      • Alert Settings
      • Advanced Settings
  • Defense+ Tasks - Introduction
    • View Defense+ Events
    • Trusted Files
    • Unrecognized Files
      • Unrecognized Files
      • Submitted Files
    • Computer Security Policy
      • Defense+ Rules
      • Predefined Policies
      • Always Sandbox
      • Blocked Files
      • Protected Files And Folders
      • Protected Registry Keys
      • Protected COM Interfaces
      • Trusted Software Vendors
    • The Sandbox - An Introduction
      • Unknown Files - The Sand-boxing And Scanning Processes
    • View Active Process List
    • Run A Program In The Sandbox
    • Defense+ Settings
      • General Settings
      • Execution Control Settings
      • Sandbox Settings
      • Monitoring Settings
  • More Options-Introduction
    • Preferences
      • General Settings
      • Parental Control Settings
      • Appearance
      • Log Settings
      • Connection Settings
      • Update Settings
    • Manage My Configurations
      • Comodo Preset Configurations
      • Importing/Exporting And Managing Personal Configurations
    • Diagnostics
    • Check For Updates
    • Manage This Endpoint
    • Browse Support Forums
    • Help
    • About
  • Comodo GeekBuddy
    • Overview Of Services
    • Launching The Client And Using The Service
    • Accepting Remote Desktop Requests
    • Registration
    • Activation Of Service
    • Uninstalling Comodo GeekBuddy
  • TrustConnect Overview
    • Microsoft Windows - Configuration And Connection
    • Mac OS X - Configuration And Connection
    • Linux / OpenVPN - Configuration And Connection
    • Apple IPhone / IPod Touch - Configuration And Connection
    • TrustConnect FAQ
  • Comodo Dragon
  • Appendix 1 CIS - How To... Tutorials
    • Setting Up Security Levels Easily
    • Setting Up The Firewall For Maximum Security And Usability
    • Blocking Internet Access While Allowing Local Area Network (LAN) Access
    • Setting Up Defense+ For Maximum Security And Usability
    • How To Password Protect Your CIS Settings
    • How To Reset Forgotten Password (Advanced)
    • Running An Instant Antivirus Scan On Selected Items
    • Creating An Antivirus Scanning Schedule
    • Running An Untrusted Program Inside Sandbox
    • Restoring Incorrectly Quarantined Item(s)
    • Submitting Quarantined Items To Comodo For Analysis
    • Enabling File Sharing Applications Like BitTorrent And Emule
    • Blocking Any Downloads Of A Specific File Type
    • Disabling Defense+ And Sandboxing For Specific Files Selectively
    • Switching Between Complete CIS Suite And Individual Components (just AV Or FW)
    • Switch Off Automatic Antivirus And Software Updates
    • Suppressing CIS Alerts Temporarily While Playing Games
  • Appendix 2 Comodo Secure DNS Service
    • Router - Manually Enabling Or Disabling Comodo Secure DNS Service
    • Windows XP - Manually Enabling Or Disabling Comodo Secure DNS Service
    • Windows 7 / Vista - Manually Enabling Or Disabling Comodo Secure DNS Service
  • Appendix 3 CIS Versions
  • About Comodo Security Solutions

View Firewall Events

 

Comodo Internet Security records a history of all actions taken by the Firewall. These can be viewed by clicking 'View Firewall Events' from the ' Firewall Tasks' area. Firewall ‘Events’ are generated and recorded for various reasons - including whenever an application or process makes a connection attempt that contravenes a rule in your Network Security Policy,   or whenever there is a change in Firewall settings.

 

 By default, CIS stores the log file in Support DataBase (SDB) format as cislogs.sdb file which is located in C:\Documents and Settings\All Users\Application Data\Comodo\Firewall Pro. Logs stored in this file can be extracted by using a suitable application. Logs can also be exported to html by clicking ‘More.. > File > Export’.


To view Firewall events

  • Click 'View Firewall Events' in the common tasks of Firewall task center.




Column Descriptions

  1. Application - Indicates which application or process propagated the event. If the application has no icon, the default system icon for executable files are used;

  2. Action - Indicates how the firewall has reacted to the connection attempt.

  3. Protocol - Represents the Protocol application attempted to use to create the connection. This is usually TCP/IP or UDP - which are the most heavily used networking protocols.

  4. Source IP - States the IP address of the host that made the connection attempt. This is usually the IP address of your computer for outbound connections.

  5. Source Port - States the port number on the host at the source IP which was used to make this connection attempt.

  6. Destination IP - States the IP address of the host to which the connection attempt was made. This is usually the IP address of your computer for inbound connections.

  7. Destination Port - States the port number on the host at the destination IP to which the connection attempt was made.

  8. Date/Time - Contains precise details of the date and time of the connection attempt.

  • Click 'Refresh'to reload and update the displayed list, to include all events generated since the time you first accessed the 'Firewall Events' area.

  • Click 'More ...' to load the full, Comodo Internet Security Log Viewer module. See below for more details on this module.



Log Viewer Module

 

Click 'More' to load the full, Comodo Internet Security Log Viewer module. Alternatively, this module can be opened by double-clicking the 'cfplogvw' exe file that is stored in the installation path of the CIS application. Usually the path is C:\Program Files\COMODO\COMODO Internet Security.

 

This window contains a full history of logged events in two categories: Logs per Module and Other Logs.

 

It also allows you to build custom log files based on specific filters and to export log files for archiving or troubleshooting purposes.

 



The Log Viewer Module is divided into three sections. The top panel displays a set of handy, predefined time Filters. The left panel the types of Logs. The right hand side panel displays the actual events that were logged for the time period you selected in the top panel and the type of log selected in the left panel (or the events that correspond to the filtering criteria you selected).

 

The Logs per Module option contains the logged events of Firewall, Defense+ and Antivirus modules and Other Logs options contains logged events of the following:

  • Alerts Displayed: Displays the list of various alerts that were displayed to the user, the response given by the user to those alerts and other related details of the alert.

  • Tasks Launched: Displays the various Antivirus tasks such as updates and scans that have taken place. This area will contain a log of all on demand and scheduled AV scans and the result of that scan.

  • Configuration Changes: Displays a log of all configuration changes made by the user in the CIS application.

Filtering Log Files

 

Comodo Internet Security allows you to create custom views of all logged events according to user defined criteria.

 

Preset Time Filters:

 

Clicking on any of the preset filters in the top panel alters the display in the right hand panel in the following ways:

  • Today - Displays all logged events for today.

  • Current Week - Displays all logged events during the current week. (The current week is calculated from the Sunday to Saturday that holds the current date.)

  • Current Month - Displays all logged events during the month that holds the current date.

  • Entire Period - Displays every event logged since Comodo Internet Security was installed. (If you have cleared the log history since installation, this option shows all logs created since that clearance).


The example below shows an example display when the Firewall Events for 'Today' are displayed.





 

Note: The type of events logged by the Antivirus, Firewall and Defense+ modules of Comodo Internet Security differ from each other. This means that the information and the columns displayed in the right hand side panel change depending on which type of log you have selected in the top and left hand side panel. For more details on the data shown in the columns, see View Antivirus Events or View Defense+ Events.



User Defined Filters:

 

Having chosen a preset time filter from the top panel, you can further refine the displayed events according to specific filters. The type of filters available for Firewall logs differ to those available for Defense+ logs. The table below provides a summary of available filters and their meanings:

 

 

Available Filters – Logs per Module

 

Antivirus Filter

 

Firewall Filters

 

Defense+ Filters

 

Action - Displays events according to the response (or action taken) by the Antivirus

 

Action - Displays events according to the response (or action taken) by the firewall

 

Application - Displays only the events propagated by a specific application

 

Location - Displays only the events logged from a specific location

 

Application - Displays only the events propagated by a specific application

 

Flags- Displays events according to the response (or action taken) by Defense+

 

Malware Name - Displays only the events logged corresponding to a specific malware

 

Destination IP - Displays only the events with a specific target IP address

 

Target - Displays only the events that involved a specified target application

 

Status - Displays the events according to the status after the action taken. It can be either 'Success' or 'Fail'

 

Destination Port - Displays only the events with a specific target port number

 

 

 

Direction - Indicates if the event was an Inbound or Outbound connection

 

 

Protocol - Displays only the events that involved a specific protocol

 

 

 

Source IP  - Displays only the events that originated from a specific IP address

 

 

 

Source Port - Displays only the events that originated from a specific port number

 



Creating Custom Filters

 

Custom Filters can be created through the Advanced Filter Interface. You can open the Advanced Filter interface either by using the View option in the menu bar or using the context sensitive menu.

  • Click View > Advanced Filter to open the ‘Advanced Filter’ configuration area.

Or

  • Right click on any event and select 'Advanced Filter' option to open the corresponding configuration area.

The ‘Advanced Filter’ configuration area is displayed in the top half of the interface whilst the lower half displays the Events, Alerts, Tasks or Configuration Changes that the user has selected from the upper left pane. If you wish to view and filter event logs for other modules then simply click log name in the tree on the upper left hand pane.

 

The Advanced Log filter displays different fields and options depending on the log type chosen from the left hand pane (Antivirus, Defense+, Firewall).

 

This section will deal with Advanced Event Filters related to ‘Firewall Events’ and will also cover the custom filtering that can be applied to the ‘Other Logs’ (namely ‘Alerts Displayed’, ‘Tasks’ Launched’ and ‘Configuration Changes’). The Antivirus and Defense+ Advanced Event Filters are dealt with in their respective sections.

 

Firewall Events – Advanced Filters

 

To configure Advanced Filters for Firewall events

  1. Select ‘View > Advanced Filter’

  2. Select ‘Firewall Events’ under ‘Logs Per Module’

You have 8 categories of filter that you can add. Each of these categories can be further refined by either selecting or deselecting specific filter parameters or by the user typing a filter string in the field provided.

  1. Click the ‘Add’ button when you have chosen the category upon which you wish to filter.





Following are the options available in the 'Add' drop-down:

  1. Action: Selecting the 'Action' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.


     



  1. Select 'Equal' or 'Not Equal' option from the drop-down box. ‘Not Equal’ will invert your selected choice.

  2. Now select the checkboxes of the specific filter parameters to refine your search. The parameter available are:

  • Blocked: Displays list of events that were blocked

  • Allowed: Displays list of events that were allowed

  • Asked: Displays list of events that were asked to the user

  • Suppressed: Displays list of events that were suppressed by the user

The filtered entries are shown directly underneath.

  1. Application: Selecting the 'Application' option displays a drop-down box and text entry field.




  1. Select 'Contains' or 'Does Not Contain' option from the drop-down box.

  2. Enter the text or word that needs to be filtered.

The filtered entries are shown directly underneath.

  1. Destination IP: Selecting the 'Destination IP' option displays two drop-down boxes and a text entry field.




  1. Select 'Equal' or 'Not Equal' option from the drop-down box. ‘Not Equal’ will invert your selected choice.

  2. Select 'IPv4'  or 'IPv6'  from the drop-down box.

  3. Enter the destination system's IP address that needs to be filtered.

The filtered entries are shown directly underneath.

  1. Destination Port: Selecting the 'Destination Port' option displays a drop-down box and text entry field.




  1. Select any one of the following option the drop-down box.

  • Equal 

  • Greater than

  • Greater than or Equal

  • Less than

  • Less than or Equal

  • Not Equal

  1. Now enter the destination port number in the text entry field.

The filtered entries are shown directly underneath.

  1. Direction: Selecting the 'Direction' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.




  1. Select 'Equal'  or 'Not Equal' option from the drop-down box. ‘Not Equal’ will invert your selected choice.

  2. Now select the check box of the specific filter parameters to refine your search. The parameter available are:

  • In: Displays a list of events that were directed into the system

  • Out: Displays a list of events that were directed out of the system

The filtered entries are shown directly underneath.

  1. Protocol: Selecting the 'Protocol option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.




  1. Select 'Equal' or 'Not Equal' option from the drop-down box. ‘Not Equal’ will invert your selected choice.

  2. Now select the checkboxes of the specific filter parameters to refine your search. The parameters available are:

  • TCP

  • UDP

  • ICMP

  • IPV4

  • IGMP

  • GGP

  • PUP

  • IDP

  • IPV6

  • ICMPV6

  • ND

The filtered entries are shown directly underneath.

  1. Source IP: Selecting the 'Source IP' option displays two drop-down boxes and a set specific filter parameters that can be selected or deselected.




  1. Select 'Equal' or 'Not Equal' option from the drop-down box. ‘Not Equal’ will invert your selected choice.

  2. Select 'IPv4'  or 'IPv6'  from the drop-down box.

  3. Enter the source system's IP address that needs to be filtered.

The filtered entries are shown directly underneath.

  1. Source Port: Selecting the 'Status' option displays a drop-down box and a set specific filter parameters that can be selected or deselected.




  1. Select any one of the following option the drop-down box.

  • Equal

  • Greater than

  • Greater than or Equal

  • Less than

  • Less than or Equal

  • Not Equal

  1. Now enter the source port number in the text entry field.

The filtered entries are shown directly underneath.

 

 

Note: More than one filters can be added in the ‘Advanced Filter’ pane. After adding one filter type, the option to select the next filter type automatically appears. You can also remove a filter type by clicking the 'Remove' option at the end of every filter option.



Other Logs – Advanced Filters

 

Refer to Antivirus Tasks-Introduction > View Antivirus Events > Log Viewer > Creating Custom Filters > Other Logs – Advanced Filters for the process of Creating Custom Filters for Alerts Displayed, Task Launched and Configuration Changes.

 

Date Filter

 

Click here to know more about Date Filter functionality.

 

Exporting Log Files to HTML

 

Exporting log files is useful for archiving and troubleshooting purposes. There are two ways to export log files in the Log Viewer interface - using the context sensitive menu and via the 'File' menu option. After making your choice, you are asked to specify a name for the exported HTML file and the location you wish to save it to.

  1. File Menu

  1. Select the event for which the log report is to be taken.

  2. Click 'Export' from the File menu.

  3. Select the location where the log report has to be saved, provide a file name and click 'Save'.


  1. Context Sensitive Menu

  1. Right click in the log display window to export the currently displayed log file to HTML.

You can export a custom view that you created using the available Filters by right clicking and selecting 'Export' from the context sensitive menu. You will be asked to provide a file name and save location for the file.

Comodo Internet Security User Guide | © 2012 Comodo Security Solutions Inc. | All rights reserved
Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2023. All rights reserved.