2 suggestions for firewall (Security Policy)

rejzor · September 19, 2010, 10:14am

http://www.shrani.si/f/2I/FV/1uzZhnFH/cis5mac.png

Why is there MAC instead IP ? IP like it used to be makes more sense than MAC (unless you use MAC address rules)

http://www.shrani.si/f/L/kC/2l3Nnewp/cis5apprules.png

What it says in the picture. I think separating Default app rules and user made rules would be a good idea.
Easier to view and manage, plus less chance of erasing default rules by mistake and then having problems setting them back as they were before.

rhgtyink · September 19, 2010, 11:12am

MAC is there in preparation to IPv6 support…

khanyash · September 19, 2010, 11:45am

+1

Same should be for Computer Security Policy

Some rules are created above the default & some are created below the default. I think the rules which are allowed by the user are created above & which are created automatically are below, m I right???

Coz the applications which I allowed are above the default rules & dragon.exe & explorer.exe were created automatically & are below the default rules. (create rules for safe app is disabled)

explorer.exe in Network Security Policy is normal??

CIS Suite with Default Settings.

Plzz give info on the above.

I think there should be

Default Rules (for default rules)

User Rules (created by users)

Automatic Rules (created automatically)

Thanxx
Naren

xRogue · September 19, 2010, 12:02pm

RejZoR
" I think separating Default app rules and user made rules would be a good idea.
Easier to view and manage, plus less chance of erasing default rules by mistake and then having problems setting them back as they were before."
+1

naren
“Same should be for Computer Security Policy”
+1

Whoop-dee-doo · September 19, 2010, 1:03pm

I agree, Comodo should distinguish the default entries from the user entries.

Another way of clearly distinguishing the default entries from the user entries was posted in the usability thread:

Whoop-dee-doo post:1:

Defense+ Security policy & Firewall Policy Windows

It may be helpful to list who authorized each item in the Defense+ policy window. See 1st pic.
For example, a given entry in the security policy window may have been authorized by:

The user via an alert (by clicking “allow” or “treat application as”)

The user by manual entry (the rule was entered manually using the “add” button in the custom policy window)

Trusted software vendor list

Whitelist (maybe some applications from a vendor are allowed, but not all applications from a vendor?)

Learned in Clean PC mode

Learned in Training mode

This would help the novice a lot. For example, a novice looking at the current policy list would not know anything about this entry: “C:\Windows\System32\rundll32.exe” However, if you include the information that I suggested above, then the user would see that this was allowed by “Trusted Vendor - Microsoft Corporation.” This will definitely make the listings more meaningful and more understandable to all users. A similar addition can be made to the firewall security policy window (except the “authorized by” category would include “Safe mode” rather than “clean PC mode”).

The suggestion above would help usability and understandability by clearly distinguishing the default entries from the user entries and by explaining the entries in an intuitive manner. It could be implemented under one tab (as CIS has now) or under 2 tabs (as suggested Rejzor). In fact, it may complement Rejzor’s idea quite nicely.

WHoop

[attachment deleted by admin]

rejzor · September 19, 2010, 3:32pm

Or at least add button to simply restore default rules. That would also be useful.

knk2006 · September 19, 2010, 8:23pm

+1000000000 :-TU

Maxxwire · September 19, 2010, 8:34pm

This is encouraging to hear!

~Maxx~

khanyash · September 20, 2010, 11:21am

May be an option to hide default & automatic rules or show only user created rules.