CIS Charrette - Firewall Alert

[Guest]

[Rave Kool]

I think there will be more ways comodo can suppress the alerts....

Comodo could give a recommended action to every pop up... so the user might not get confused

[Sagenth]

Perfect, this right here is just the kind of individualized controls for an application I was recently complaining about the lack of. I hate having to have all applications have the same level of detail intercepted.

I don't want to allow connections on a port by port basis or socket by socket basis for ALL applications.. only some.

By the looks of that precision tab this is intended to offer just that kind of control over each application, via security dialogue pop up windows.

[glifford]

So my More tab creates some problems...

How should I deal with rules that nullify the current alert?

[jay2007tech]

Damm, that looks pretty good.

I accept your logic  behind it.  While I like the current comodo style, it wouldn't hurt to use some of these in it

Good job
 

[k_ok_o_s]

Please, add this feature - https://forums.comodo.com/wishlist-cis/reverse-dns-lookup-and-whois-for-ip-in-alert-windows-t69214.0.html

[jovan111p]

I like idea very much! +1   

[disPPlay]

Please, add this feature - https://forums.comodo.com/wishlist-cis/reverse-dns-lookup-and-whois-for-ip-in-alert-windows-t69214.0.html

glifford  is just creating the best possible experience for the user and take these concepts and give it to the developers, he can't create what you have requested in fact this was nothing to do with the UI itself.

[laprad]

+1

[Viper94]

I want it! 
+1

[petr0id]

IMHO there is no need in those fancy green and red Allow/Block buttons. Grey buttons with circles with green and red signs is enough. I like idea with IP copying 

 +1

[Focuscar]

I personally like those fancy green & red Allow/Block buttons. It reduces complexity for beginners by focusing their attention to those buttons.

Adding options add complexity, and thus more simplicity is needed with clear design, and more eye-catching methods.

------------------------
But that's my opinion..

[Mohan]

Hi Glifford,

The protocol field should be a dropdown with one of the options being Unknown

Regards
Mohan

[roadrun777]

Hello Gifford,
Looking at image 1 Considerations:
-----------------------------------------------
Time stamp should be right above "Application:" So you know when the alert occurred exactly.
Application should have the icon right next to the name along with PID and originating executor (also with icon). The originating executor should have some form of arrow to indicate one process executing another which should also have a PID.

I would completely do away with risk. Its a generality that is just too vague. I love the explanation part, it is what really lets someone decide the true risk. I realize you are probably going to leave it in there as a bridge for those that don't understand what they are looking at, but it would be more helpful to just decide for them based on that assumption rather than present the assumption as the intent with the "Risk" is to ease decision making.

Also would like to see a countdown timer somewhere on this page to indicate how much time is left before auto decision occurs (if it is selected)

Image 2: Details
----------------------
Would like to see a family tree type protocol display, like
Related: "IPV4" Protocol: "TCP"
On "Direction" I would love to see a pic of a PC (arrow ->) (net cloud) or something
On the "Local Port" can you show the icon of the program that owns the port
Is it really hard to show netmasks on the addresses too?
I would like to see some kind of symbol next to each word, it would make it so much quicker to pick up.

Image 3: Precision
------------------------
This tab is VERY confusing. Am I setting global settings here or setting options for a rule that is about to be made by my choice? Or is this the options concerning the logging level?
It looks like this is supposed to be a quick way to set rules concerning general usage? In which case why would you not just put "ask" "ask" "ask" or just save it for the rule editing page rather than a firewall alert.
Little confused about the ICS option. Can you change that every time you get an alert? Wouldn't that be a system wide functionality change? How would that apply to a single firewall alert?
Honestly I don't see anything on "Precision" that makes any sense at all.

Image 4: More
----------------------
 I somewhat understand the first two options, but wouldn't it be better to set a FLAG so you can go edit it later? Imagine being bombarded by alerts and a nice default options of "FLAG for fine grain editing later?".
Or "Place in que for editing later", etc... Yes my English is horrible, haha but you understand.
I don't understand "View this alert as a logged event" at all. As it should be logged anyway. Why would you want to break into your logs right at the moment of decision for an alert?
You should be able to generate HTML reports from the logs later, as in when you don't have a pressing decision to make about the firewall alert.
The last option is very confusing. Maybe what you meant to say is "Pause this alert so it does not expire or is auto decided?"

You probably should only put the "predefined policy" option on the first tab because it seems that once you have gone through the other tabs you shouldn't need a predefined policy because you just made one,
or at least the beginnings of one.

---------------------
I hope my ideas help.

[ounch]

 :)I liked the new concept very much but i think there must be a little tweak in the window.
The check box for Remember this rule must be unchecked in default that way we should not make some accidental rules.This can be called in the "default deny" rule of comodo.
The second recommendation is to prevent "non administrative" users from making a change in the rules.Now comodo does provide a password protection feature but it is ignored when a user check the Remember this rule option.

[Tags:]