Remembering my decisions... but where?

[Guest]

[gandalf94305]

There are popups asking me about whether program such-and-such should be allowed to run as a server or whatever... I have the option to let Comodo PFW remember my response. However, I could not find any place in the firewall where I may inspect or modify such settings. I strongly recommend putting in a tab that permits that.

--gandalf.

[tompretto]

I concur!
It would be nice to be able to change a setting if you accidentally set the wrong option, or to audit/review your choices.

And this forum only allows one posting every 90 seconds...it seems that if you are denied a posting due to time constraints that you must wait another 90 seconds from the denied posting before posting again?

Yep.  No wonder noone hangs out in the forums.  you are not allowed to post to separate subjects without waiting 90 seconds in between...who has this much time to waste?

I can see that it might be possible that if you posted more than once per subject there might be a problem, but even yahoo! allows ten posts within five minutes before booting you...

[AOwL]

gandalf, i'm not sure that i know what you mean, but if you want to change a programs internet access, you just go to Application monitor.

tompretto, i get annoyed sometimes on that 90 sec rule, but it's there for a good purpose...
to stop spammers...
I'm not sure if the 90 sec rule start all over, if you post to quickly... but it feels like it sometimes...

[Commando]

Where to change the Rules associated with "OLE Automation" alerts after select the always remember option.
I have an alert on a program (eg. BitSpirit.exe) is trying to access the ip(xxx.xx..xxx) through services.exe.
But I  can't find the services.exe at the Application monitor.

[kail]

Hi & welcome to the forums.

Since you do not run SERVICES.EXE directly (it is run in the background by Windows), you will find it the Component Monitor.

[gandalf94305]

[ at ]Commando: this is called thread hijacking. You ask a totally unrelated question that should be a new thread 

Back to the original topic: if a popup tells me a program wants to act as a server, it's the LISTENing of the process on some port, no traffic yet. Consequently, if I say YES to the question and ask to remember, is the Application Monitor the only place where I can find this decision, i.e., is the rule created the only persistent information? Why can't I distinguish between LISTENing and actually receiving traffic? There are many cases in which I want to allow a server to LISTEN, but not to receive traffic ;-)

There are other popup questions related to certain traffic or invisible communication... do I really find all such decisions in the available Application Monitor rules? How does this map? You use different terms in both places, so it is not quite clear what belongs to what.

Personally, I used to work with Kerio PFW and I am actually considering going back to that firewall, as Comodo has a rather obscure separation between Network and Application Monitoring. The decision which application should be allowed what, is at the application level. Consequently, if I have applications using UDP (e.g., for VoIP) and TCP (e.g., for HTTP, FTP), my network rules will either take the trivial form of allowing all UDP/TCP traffic, anyway, (making them obsolete), or restricting traffic to only the ports needed by the applications. That, however, is already defined in the applications, so a redundant definition would not make sense.

The architecture of the firewall may be such that there are cases in which a basic network security should be applied, on top of which application security may be set... however, this does not make everything very transparent.

Further, the automatic rule generation ("remembering") does not generate specific rules to allow traffic to a certain port, but rather very generic rules, possibly opening more than desired.

The Comodo firewall is nice but I still see the Kerio PFW superior in transparency and flexibility, not to mention the automatic rule generation feature there.

--gandalf.

[comicfan2000]

There are popups asking me about whether program such-and-such should be allowed to run as a server or whatever... I have the option to let Comodo PFW remember my response. However, I could not find any place in the firewall where I may inspect or modify such settings. I strongly recommend putting in a tab that permits that.

--gandalf.

Hi , If you mean the OLE automation popups where something is using IE to connect to server, perhaps try this..

go to > advanced , advanced attack detection and prevention, configure, uncheck the box> monitor com\OLE attempts.

 hope this helps,

 Paul

 Just a note, even setting rules for OLE doesn't always matter as they do change and so it looks as if a firewall isn't remembering them, and this setting above will allow you to avoid these pesky notices.

[gandalf94305]

Sure I can disable this... but what is it good for then  :

--gandalf.

[comicfan2000]

Sure I can disable this... but what is it good for then  :

--gandalf.

 Hi gandalf, first let me say that I too like to monitor my OLEs . They do change signatures as well and some say for safety reasons when they do connect so they are not picked up on and used\something on that order. Most <if you know what's on your system>are safe to allow. A firewall can't determine the same application changing when using OLE so it alerts the user. ZoneAlarm and Kerio both did this as well when I used them. Actually Kerio didn't block these at all, rather, let them go even if I set it not to. I don't think there is a perfect resolution for this but there is a way to disable OLE automation but not recommended.

  Paul

[Tags:]