When an ASK rule set to log is fired, the logging is inconsistent and does not reflect the answered Alerts. The logging does not always show the correct action taken or port used and often has more entries in the log than the number of Alerts asked. It may be correct that multiple connections are logged for a single alert, but the action column needs to show the correct actions taken (i.e. Block or Allow) and the destination port needs to show the correct port. Repeated update tests show different results. In one case only 2 DNS connections with the action “Asked” are shown with nothing for port 80. One cannot rely on the validity of the log which complicates problem resolution.
To recreate the symptoms:
Change the Comodo Firewall Pro network application rules to a single rule to
Ask and Log All Unmatching Requests
Set F+ Alert frequency to High
Run Check for Updates via Miscellaneous section
Run repeated tests and take note of logging details and inconsistencies.
IBM T41 Laptop
Intel(R) Pentium(R) M processor 1700MHz
Windows XP + SP2 + WUS security Fixes
Symantec Antivirus Corporate Edition 18.104.22.1680
[attachment deleted by admin]