activity log classification (high severity events???)

don’t know if anyone ever noticed, but I always found the way comodo firewall classifies the events a bit strange… :THNK l

for instance if, due to a new extension installation, Firefox 2 has to restart itself, you first get an alert, well ok for the alert, you allow the event to happen, but then in the activity log it appears as a “high severity” event! And there are loads of supposed “high severity” events like this, marked in red in the log that are no threats at all! On the other hand you get “medium severity” events, related to an application/access denied, or an incoming tcp connection thru port 443, with access denied too (and that’s good), but this should be considered as “high”. I’m sorry but the way this log has been designed should be entirely reviewed and redesigned cause it just does not tell the truth about the degree of jeopardy your system is or has been when any internet connection occured on your system.

hope someone can give me some comments on this issue.

                           regards,
                           apache

p.s. I should have added that these false “high severity” events are most of the time related to application behaviour events, that are for me not suspicious at all. One last thing, Sygate Firewall used to be able to send an email to an address of your choice when there was a real threat; that would be a nice feature to integrate to cfp.

G’day,

Speaking for myself, if I have an known, trusted application stored locally on my PC and it changes sufficiently, for whatever reason, for CPF to notice the difference, I really, really want a change to a local file bought to my attention!

I agree with the “High” ranking for a change to a local file, but I agree with you about incoming threats being ranked as medium. These also should be “High”.

cheers,
Ewen :slight_smile:

don’t get me wrong, I was only talking about a log issue in my last post, as I otherwise think that the way comodo firewall protects a system in real time is absolutely amazing. In term of security this firewall seems to outperform most other free or paid software on the market. (:CLP)

(I had not yet read your post as I wrote this one Ewen, I just wanted to quote myself here)

hi ewen,

glad to hear your comments. To my mind, the ranking in activity log should be definitely considered as a priority feature of cfp. It is the very first thing that you wanna watch whenever you open a firewall control panel. And when the ranking doesn’t make sens…well imagine that you have to take immediate action to prevent a real threat to hit again your system, like create a new network rule, then the least you can expect from a firewall is to give right indications!

cheers
apache