Add an advanced option when alert shows up

Hi,

When I have an alert of a program trying to send/received a packet you have the option to allow/deny globally or pick a predefined rule. I don’t find this very usefull because I don’t usually like to allow/deny globally and predefined rules such as “Web browser” is not very usable these days. The days where only standard ports 80/443 where used are gone (there are many web applications that work on very different ports, e.g sometimes you have IIS, Apache and many other “http” servers that can’t share the same port, I could give you a lot of examples). I know you can set the “alert frequency levels” to high or very high but I dont like these options either because sometimes I would like the IP were in the new rule that is going to be created, and sometimes the port, but not always both of them.

So, my suggestion is to add an “advanced” option in the alert dialog box that showed the same “Network control rule” dialog box that shows up when adding a rule in the network security policies. This dialog box should show the settings detected in the alert, but allow you to change them. For example I migh want to allow communication through a port or a predefined network range…

For more information just install Sunbelt Personal Firewall, their firewall have this feature and also the concept of “trusted network” / “untrusted network”, which I find very useful. You can enable/disable access to your allegedly trusted networks; this is particularly useful when you are connecting your laptop to another networks with the same IP ranges as your usually “trusted network”.

Regards,

Alberto.

:-TU

Oh geez. I just posted in a thread similar to this with this very idea. In any case. Yes. This is sorely needed.

(Hopefully the mods will show mercy in my supporting this thread too, as it is the feature I actually want.)

Glad to hear I am not alone, we can make a facebook group about this :smiley: :smiley: :smiley: :smiley:

As a workaround you can add an ask rule right above the basic block rule of the predefined browser policy.

Why do you say “add” the rule before the block policy? I would say “replace” the block policy with an ask policy. As far as I know, If you and the ask policy before the block policy, the block policy will never be reached, right? Is there any difference between “add” and “replace”

Well, that just gives me another idea. If you do that, add an ask rule to the predefined policy, and the alert shows up, if I use the default option “Allow this request” (and “Remember my answer”), the application policy will be detached from the predefined policy. When an application policy is attached to a predefined policy and you are about to add a rule, Comodo could also ask whether you want to add the rule to the predefined policy or detach the app policy from the predefined rule(i.e. what is currently doing)

The only reason to keep the block rule would be in case of future changes where one might forget to reinstate the basic block rule(s).

I wanna add a very small and useful addition which can be done quickly. A message about a program which wants to access the internet. But it doesn’t show whether it was an input or output request. I’d like to see it immediately, to make a decision.

Also not very usable rules list. It’s very easy to get lost in all the definitions. Even a simple line between the program’s rulesets will do. A bold program name will do better :wink:

And of course I agree to the above.

Thanks.

+1 for advanced options on alert.

i made a similar request for more features on alert
https://forums.comodo.com/firewall-wishlist/block-ip-option-in-alert-box-when-not-alerting-for-ip-t50651.0.html

i have it set to alert for port numbers, but i can only block the port and not the ip. the problems is, it is normally just a random port, and the same ip will try and connect with just another random port number.

if i choose to block this request, it only blocks the port number. but i would like the option to block the port number and/or IP address

i have to go to the network policy and block the ip manually.

an advanced option to do it from the alert would save alot of time.