Application Monitor Rules Hierarchy

[Guest]

[OD]

You are Right just checked it out and I´ve got I backwards By double clicking on the top Set of Rules and clicking OK it will move that set of rules to the bottom it also seems to group the allow and block rules together  Note I have not experimented with More than 4 rules 2 to allow and 2 to block

I will correct my rules above though.

Thanks for catchin that
Opus

Maybe it was Toggie and I that discussed it, I don't remember.  But I do remember going over app rules with someone, and reading an entry in the Help files that stated there was a hierarchy.  It seems kinda buggy the way it works.  There was some rule, we found, that when edited did not move up in its section, but the rest would move to the top of that application when edited.  Thus, it would come first, and the user could find themselves being blocked for an allowed application...

LM

PS:  SearchMaestro Soya, do your thing... 

[Toggie]

You'll find it also groups rules by parent too...

[Little Mac]

I did.  Was there enough links in that one above?

Nope, or at least not what I'm remembering.  I guess it doesn't really matter.  I just thought you could pull it up...    But then again, if it was Toggie and I, it might've been thru PM, and I purge those periodically...

LM

[Soyabeaner]

Sigh.  Here it is: http://forums.comodo.com/index.php/topic,8804.0.html

Actually, this is the one you're really looking for as it has you in it.  I didn't want you to start believing you had amnesia or something:
http://forums.comodo.com/index.php/topic,7235.0.html

Did you realize you typed "In order to" 73 times in this forum?  You can just cross out "in order" part because it'll shorten your sentence.  No need to present things in a sophisticated manner.

[Toggie]

The logic used to rearrange rules in AM, is, sometimes, beyond me 

1. Overall, rules are arranged alphabetically
2. Within application groups, arrangement is by parent
3. within parent groups, arrangement seems to be IN rules first, followed by OUT rules.
4. After that, it appears to place BLOCK rules Before ALLOW rules. (sometimes)

The rearrangement of the rules isn't completely automatic. In fact it's possible to force a rearrangement of the rules so that the BLOCK rule is placed last, simply by opening an ALLOW rule, clicking OK and closing the rule.

[Little Mac]

Well golly gee, Soya!  That there's the exact one about which I thought.    Thanks for providing that in order to keep my sanity.

My apologies for using proper grammar.  The current generation of American public school grads won't present you with that issue, that's for certain. 

LM

[Soyabeaner]

The rearrangement of the rules isn't completely automatic. In fact it's possible to force a rearrangement of the rules so that the BLOCK rule is placed last, simply by opening an ALLOW rule, clicking OK and closing the rule.

I just tried it and it's as you posted.  It if it's to be uniformly sorted in alphabetical order, then this is a bug because Allow should be before Block. 

If I already have a blocked rule on an app and create another rule to allow that same app, there won't be 2 app rules; it'll just replace the current one.  Another inconsistency.

[Toggie]

AM is a joy

[Little Mac]

Another twitchy glitchy with it that I have noticed is that when (for instance) AF is at High (which would require Port/Protocol/Direction in the details), that if you have a rule that stipulates a port, and another rule that is "Any" port, it will create a prompt.  In order for it to work, each port has to have its own rule (or be included in a "range" on one rule). 

I first really noticed this because of BOC using an FTP server for updates.  I created a rule to allow the port 21 connect, and let it popup for the other two, which I allowed without remember.  That kept failing if I wasn't at the machine, so I finally made a second rule (below the port 21 rule) to allow Any port for the FTP site.  Doesn't work.  It still alerts on each additional port.  Maybe that's because I included too much detail (the IP address) for the AF level; I really dont' want to go to Very High to include the IP though, as I don't want 5000 popups a day (number used for effect only; not an indication of reality).

LM

[Toggie]

My BOC rules currently are:

port 21 TCP OUT
Port 51000 - 55000 TCP OUT
Port 80 TCP OUT

Plus DNS entries. This seems to work ok, I've not received  any additional prompts for quite a while. However, I don't know for sure what the port range is exactly.

[Little Mac]

I've never seen it do port 80 out.  Although it does do a DNS connect on 53.  But that's enough about BOC; that's not the topic of this thread.  How's that, Soya?  Proud of me for steering the topic back? 

LM

[Soyabeaner]

How's that, Soya?  Proud of me for steering the topic back? 

That was such a shocking development that I almost had a heart attack there.

So what's there more to type?  Who's going to file a http://support.comodo.com ticket on this?

[Toggie]

Which bit ;P

[Soyabeaner]

Why there are so many bugs mysteries on AM rules?

[Toggie]

In all seriousness, I agree a ticket should be raised, but I think a definitive list of issues should be included as part of the request. We could just ask something like, why does AM rearrange rules, but it's a bit woolly.

What I'd like, is a solid explanation from one of the devs, about how AM is supposed to work...

[Tags:]