It just doesn't make sense to me if you set an app to allow all access, that it's still possible for the access to be blocked. There's almost no point to the app monitor if you can control everything through the net monitor.
It's not quite exactly like that.... Think of it this way:
NetMon controls
traffic (similar to a router, but with a different purpose)
AppMon controls
applications (this is all the "ordinary" firewall is)
ABA + CompMon controls
interprocess relations (the way things work behind the scene)
Your normal firewall controls an application's ability to connect In or Out. And that's pretty much where it stops. It doesn't care how to any extent. Is the app allowed? Ok, that's all we need to know. Don't care how the app was run, where it's connecting to, what it's doing, etc. Only if that application has been allowed.
CFP has added two layers to that, to increase the security and level of user control.
Let's use a river scenario (maybe not the best, but it illustrates my point). The river itself is NetMon. The canoe on it is AppMon. The two guys in the canoe are ABA+CompMon. The canoe can only go in the direction NetMon points it. If the Canoe (or the two guys in it) want to go upriver, that's just not going to happen.
If you take NetMon out of the picture, you don't have a river, you have a lake. The canoe (or the two guys in it) can go wherever they like, whenever they like, for any purpose they like. No "external" control.
All firewalls have a form of NetMon, so it can to some degree stop unsolicited inbound traffic. The problem is, the user has little or no control over this. CFP's setup is very different, I agree, and takes some getting used to. And yes, I support the way it works, because I think it is the best there is right now. If you want a demonstration of why this layered defense is so crucial, check out Matousec Security's leaktest results. Comodo firewall is far and away at the top of the list...
If you give it some time and make a serious effort to understand it rather than wanting it to be something it's not, you may come to appreciate it as well. That's not meant as a derogatory comment in any way; a lot of people new to Comodo have said very similar things to what you're saying, but I think those that chose to stick it out have largely changed their opinions.
Hope you enjoy it!
LM
PS: In v3, you can create custom rulesets (of multiple rules) for either application or network, name them, and do so in such a way that they're kind of linked together. Probably more like what you're looking for, as far as the "advisor to the king" scenario
Author