Application Monitor Rules Hierarchy

[Guest]

[Little Mac]

How about, "Please see this thread, and respond..." ?

[Toggie]

That might work

[Toggie]

Hey Opus, sorry we hijacked your thread

[OD]

No problem
I,ve found it interesting
and almost impossible to get AM to do exactly What I wanted

What I would like is an expert mode in AM that would dissable auto sorting within Rule sets.
Rule sets being defind as a group of rules where the "Path" Application and the "Parent" application are all the same.

Also I would like An option to log all traffic allowed or blocked or better yet an option to Select loging for specific rules Like Net Mon

Programs that auto arange things are always great for beginer users but it always seams tyo be a pain for the advanced uses if you cant turn off the auto arrange features

Hey Opus, sorry we hijacked your thread

[Toggie]

I seem to remember requesting something similar myself, can't remember which wishlist...Oh well V3 comes soon...

[Toggie]

One I forgot

If one has a application with several parents, and one of the parents gets wiped (yes it does happen) AM leaves all the other parents alone...

As an example (this has happened to me several times with both fx and tb) Take firefox

It has several parents and each parent has several rules. For one reason or another, yet to be established, I find that one set of rules, related to a single parent has been set to 'skip the parent' all other rules for each or the other parents are fine, that is, they retain their respective parents.

[Little Mac]

My ticket to support reads as follows:

Will you please review this thread and comment on Application rules and why they don't function as it seems they should?

http://forums.comodo.com/index.php/topic,8863.0/topicseen.html

Thanks, we'd really like a concise answer on this confusing issue.

LM

[OD]

I think it is a good plan to file the ticket.
I doubt they will do anything about it in version 2 but with this and if it is not improved in V3, We should keep afte them in the beta program.
Enough Voices will probably eventualy be heard.  

If this was fixed I believe Comodo would have a world class Firewall Comprable with most of the ones out on the Commercial Market

I have not worked with Checkpoint in years but I'd like to hear of Some opinions of people who have worked with some of the commecial enterprise firewall and get their opinions of Comodo

If this applies to anyone out there if it does Please post your opinion of the two in comparison.  maybe I will post a poll.

My ticket to support reads as follows:

LM

[Toggie]

Hey Opus, it might be worth pursuing that conversation in the Computer Firewalls forum. It's likely you'll get a better response

LM, do you want me to file a ticket too?

[Little Mac]

LM, do you want me to file a ticket too?

I think that'd be good.  Not to overwhelm, but to make sure they realize it's not a random issue or question.

LM

[Toggie]

Done

[gibran]

Ok I think Ive got it figured out for CPF version 2.4.18.184 this may change completely for  CPF V3
Note Application rules Are very complicated and some of the auto configuration features in COMODO may cause problems in manually configured Application rule Sets

I really had problem understanding this thread...
Why don't you use Not in range (or zone)?
It would be interesting to export cpf setting before and after rules sorting (maybe the rules are saved the same way but displayed differently)

[Toggie]

You've lost me gibran

[gibran]

Yeah gibran.  What do you mean "zone"?  The define a network one or the twilight version?  I thought this was about Application Monitor

Well... you can use block not in zone in app monitor too...
Hmmm... I assumed that Appmon rules were not hierarchical so I would have used allow zone and deny not in zone instead of

      Path- C:\windows\ Explorer.exe
      Parent- C:\windows\System32\Userinit.exe 
      Destination- [LAN]
      Port- [ANY]
      Protocol- TCP/UDP In
      Permission- Allow

      Path- C:\windows\ Explorer.exe
      Parent- C:\windows\System32\Userinit.exe 
      Destination- [LAN]
      Port- [ANY]
      Protocol- TCP/UDP Out
      Permission- Allow

      Path- C:\windows\ Explorer.exe
      Parent- C:\windows\System32\Userinit.exe 
      Destination- [ANY]
      Port- [ANY]
      Protocol- TCP/UDP In
      Permission- Block

      Path- C:\windows\ Explorer.exe
      Parent- C:\windows\System32\Userinit.exe 
      Destination- [ANY]
      Port- [ANY]
      Protocol- TCP/UDP Out
      Permission- Block

[pacificwing]

I can also confirm the speculation on this thread that the AM works in an entirely non-sensible way.

Ideally, I would love to have absolute control over application access rights. If I want my webbrower to access only outbound port 80, and block everything else, then I should be able to do this.

Currently, this is only intermittently possible. AM is not supposed to have a hierarchy, according to what I've read. The problem is, is that it DOES have a hierarchy. The rule order DOES effect how the AM behaves. The problem is, the user has no reliable way to control what this hierarchy is.

The AM should have a fully functional hierarchy. This is the way most other firewalls behave. I say, in V3, hierarchy control should be added to AM (similar to what is in NM). Furthermore, it would simplify things immensely if it were possible to "group" applications, to prevent a tediously long AM list from forming.

If those two features were added in V3, all of the major AM problems would go away.

My two cents,
-PW

[Tags:]