Comodo Firewall Wishlist V6

[Guest]

[LirvA]

"It would be great if Comodo had a "Bandwidth management" plugin (or may be some special tab in application monitor properties), that could allow to limit the bandwidth for different applications. For example, P2P applications take all the bandwidth when they are started and because of that I can't surf the internet and check my mail... If I could limit them somehow (for example, limit % of used bandwidth or give them lower priority than for browser and e-mail client), that would be great"


I was going to say this exact same thing.

A way to manage your bandwidth.

Say you have two apps, both using 50% bandwidth. It would be great if you could get one to use 25% and the other to use 75%

I use crappy AOL dial up internet, their web browser is IE. I use Firefox as it blows IE out of the water. Well, sometimes I'll look at my traffic under "summary" while using firefox and it will say "firefox 80 % waol.exe 20%" 
But right now its saying "waol.exe 90% firefox 10%" This is making web browsing EXTREMELY SLOW and it drives me crazy.

A way to manage the bandwidth would be awesome.

[Comofo]

All I want is alphabetized (or categorical) rules and files (safe, pending, etc). 

 

[dLeon]

A bit of suggestions:

- More robust Logging; I really miss the "AtGuard" (now dead) logging feature.
- Sort method for policies and of course the log.
- Some settings are too scatter. Can we fix it to only in one place or at least have junction to them.

Thanks.

AND BIG THANKS FOR COMODO FIREWALL.

[memo1337]

A simply copy from my other thread:
1. Option to resolve hostnames in "Firewall Events" window. This way one can quickly tell where the connection is coming from. (ex. Source: JANE to Dest: BOB or ns1.abc.com to abc.dsl.xyz.net)
2. A clear button in the Firewall Events dialog. (It is quite annoying to have to click More, then File, then Clear, then All just to clear the clutter off the log.
3. Add option for "Gateway Address", "Broadcast Address", "DNS Addresses", etc.. in the Address Selection Dialogs (This way users do not have to manually define the fixed gateway address in various rules)
4. Option to turn on logging for connections to non-existent ports. (Currently Comodo only logs events in which an application is attached to the particular port. If no application is attached, Comodo will not log the event despite that it has blocked an ICMP message from going out to the destination computer)
5. Option to protect the "gateway's" ARP table - In case of an ARP poisoning attack, usually the router/gateway is poisoned with a spoofed MAC address. An option to protect such tables would be appreciated. (Maybe have Comodo monitor incoming ARP replies, and if a remote computer sends an ARP reply with a spoofed MAC corresponding to any of Comodo's protected IPs, send a ARP reply back to the router/main gateway with the corrected MAC so that the attacker will not capture confidential data that may be coming through the router - Tested with Cain)
6. Ability to log possible ARP poisoning attacks

[Comofo]

"5. Option to protect the "gateway's" ARP table - In case of an ARP poisoning attack, usually the router/gateway is poisoned with a spoofed MAC address. An option to protect such tables would be appreciated."

Forgive me if I'm mistaken - but don't the 'Protect ARP Cache' and 'Block Gratuitous ARP Frames' options (in Firewall>Advanced>Attack Detection Settings>Intrusion Detection) offer what is essentially tantamount to this type of protection (though perhaps not as intricate as what you've described)?

[memo1337]

"5. Option to protect the "gateway's" ARP table - In case of an ARP poisoning attack, usually the router/gateway is poisoned with a spoofed MAC address. An option to protect such tables would be appreciated."

Forgive me if I'm mistaken - but don't the 'Protect ARP Cache' and 'Block Gratuitous ARP Frames' options (in Firewall>Advanced>Attack Detection Settings>Intrusion Detection) offer what is essentially tantamount to this type of protection?

Not that I know of, this prevent your local computer's ARP table from being changed, but it does not prevent the remote's ARP table from being changed.
If the attacker were to target your IP to a spoofed MAC and send it to the gateway, Comodo has no way in blocking that as your router is the one processing such requests and Comodo cannot intercept it. However, Comodo can detect this via the wire and send a corrected ARP reply to the remote/router/gateway so that the attacker cannot continue getting redirected packets that can potentially contain confidential information.

[Comofo]

Ahh, I see. Thank you for the clarification (I had wondered) .

[raynor]

I posted this in a separate thread, but I also want to add this
"officially" to the wishlist:

Well, (only for testing purposes) I have Installed the Firewall without Defense+
(I selected only Firewall without leak protection in the installer).

I find it confusing that there is no obvious visual indiaction that D+ is disabled.

It would be nice to make it nocticable at first sight that D+ is disabled.
For example, the D+ GUI could be "greyed out", A message like
"Defence+ is disabled" together with an "Enable Defense+" Button could be displayed
in the D+ Window.

That would make things much clearer.

And while we're at it It should also be indicated if D+ is in "optimum protection"
or "network protection" (=Leakproof Firewall) mode.

So we would have three status messages in the D+ main window:

1) Defense+ is enabled and in Optimum Protecton mode
2) Defense+ is enabled and in Network Protection mode
3) Defense+ is currently disabled.

As I said, the way it is now without any information being displayed is quite
confusing. 

Best regards.
raynor

[raynor]

And my second suggestion (also posted before in a separate thread):

Hi,

After enabling the Parental Control (=Password Protection) Option in CPF,
I was shocked and very annoyed  that I have to enter the password
each and every time I click on an item under Firewall or Defense+.

Such an annoyance.

IHMO it would be heaps better If one would only have to enter the password
once when displaying the main window.

Please change the password behaviour, or make it at least configurable
(choose between "ask when displaying main GUI only" or "ask when clicking on every sub-item")

ATM, the password protection is sooooo useless (because annoying) to me     
And I guess there must be others who also feel like that as well ? Who's with me  ?

Don't get me wrong, I like CPF, but this nagging password behaviour is a STRANGE design decision.

Best regards,
raynor

[foxx]

When there is a popup infoming about new alication connecting to net, I'd like to have a "create rule" button inside that poppup window, so I can create custom rule at once.
Now I need to create "generic" rule and then go to firewall settings and customize the rule manually...

[zvaragabor]

  An earlier wish of mine.
http://forums.comodo.com/feedbackcommentsannouncementsnews/comodo_firewall_wishlist_v6-t15557.0.html;msg130519#msg130519

  A discussed thing:
http://forums.comodo.com/help_for_v3/firewall_logging-t19508.0.html
Make Firewall Log to log all blocked requests.

  CFP (both firewall and defense+) should log all events that were alerted to the user.

[memo1337]

A discussed thing:
http://forums.comodo.com/help_for_v3/firewall_logging-t19508.0.html
Make Firewall Log to log all blocked requests.

Got the same request here, although mine is such that the requests are passed onto the Program Rules, rather than stealthing all ports on the global level. The reason for this is so that I can run server based programs. Like your situation, I am unable to configure Comodo in a way such that it will log all dropped packets/connections. In my case, only connections explicitly dropped by a program rule will be logged, but connections not matching to a rule and therefore to a server linked program will not show up.

[sovereignty68]

I would like to see a policy or feature that is similar to McAfee VirusScan Enterprise 8.5's Access Protection. Meaning allow user to set Comodo's Defense+ to lock down whole computer, and without annoying Alerts but prevents and log all malicious modification attempts to the system. It should be used with My Protected Registry Keys, My Protected Files, etc. It will be great for users who only surf on web and doesn't install application very often or only run portable applications from flash drive. If the system is in locked down mode, it sure will be very helpful to prevent worms or viruses infection from removable disk like usb flash drive without being bombard by confusing alerts.

[MrBrian]

I would like to see a policy or feature that is similar to McAfee VirusScan Enterprise 8.5's Access Protection. Meaning allow user to set Comodo's Defense+ to lock down whole computer, and without annoying Alerts but prevents and log all malicious modification attempts to the system. It should be used with My Protected Registry Keys, My Protected Files, etc. It will be great for users who only surf on web and doesn't install application very often or only run portable applications from flash drive. If the system is in locked down mode, it sure will be very helpful to prevent worms or viruses infection from removable disk like usb flash drive without being bombard by confusing alerts.

You might be able to achieve some or all of this already, but it's not necessarily obvious how.  After your system is set up the way you want it as far as allowing desired actions to happen, move the policy for the 'All Applications' entry in Defense+ to the bottom of the list and then set the policy for it to 'Isolated Application'.  Also move the policy for the 'All Applications' entry in Firewall tab to the bottom of the list and then set the policy for it to 'Blocked Application'.  Also, to prevent autoplay infection from flash drives, turn off autoplay as mentioned in http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/UserTips/Customization/DisableCDautoplayinWindowsXPPro.html.  Note: I haven't tested this configuration, but it's just an idea for you to consider.

[sovereignty68]

You might be able to achieve some or all of this already, but it's not necessarily obvious how.  After your system is set up the way you want it as far as allowing desired actions to happen, move the policy for the 'All Applications' entry in Defense+ to the bottom of the list and then set the policy for it to 'Isolated Application'.  Also move the policy for the 'All Applications' entry in Firewall tab to the bottom of the list and then set the policy for it to 'Blocked Application'.  Also, to prevent autoplay infection from flash drives, turn off autoplay as mentioned in http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/UserTips/Customization/DisableCDautoplayinWindowsXPPro.html.  Note: I haven't tested this configuration, but it's just an idea for you to consider.

I tried that configuration. It kinda works but I have to add %windir%\* as Window system applications, otherwise it will cause serious problem, or if Comodo would add the ability to use My Safe Files as a group in Computer Security Policy then it will be very helpful. Also an option to exclude certain file types or folder in Groups would be great, for example, I want to create a group called "Windows Folder" and set to %windir%\* but exclude %windir%\temp or *.chm files. Another include and exclude option should be added in Computer Security Policy's rule, say if I want to denied all access to certain folder except firefox.exe, or allow only firefox.exe to access to certain folder.

Features that I would like to add in Comodo
- Ability to use My Safe Files as Group in Computer Security Policy
- An option to Exclude file name/types/path in custom Groups
- An option to Include and Exclude file name/types/path in Computer Seurity Policy rule
- Allow users to add their own customized security level
- Add action permissions like Read/Write/Modify/Delete/List in Policy rule for certain files or folders similar to NT domain permissions

It should looks like this
[Target Path or File]
Action: Read/Write/Modify/Delete/List/Execute
Include Process: xxxx1.exe;xxxx2.exe;abc.exe
Exclude process: -blank- (treat as *.*)

[Tags:]