I couldn’t find another post with the same issue, so here is my problem:
I am using a java application (app is the parent, java is the application), and have set two application control rules to limit the app to localhost and one internet IP. However, security alerts for those IPs still appear. This would not be so bad but the security alert is allways 1 of (some #). If I say allow, it allows all the security alerts (all 1 of whatever). I switched to comodo in hopes of having ip filtering options, any help in getting this functionality to work would be greatly appreciated.
Creating an applicatin monitor rule is only half the story.
Application Monitor rules determine WHAT is trying to get out (and its preferred connections).
Network Monitor rules determine HOW something can get out or in.
Were you clicking “Remember” when you clicked “Allow”. Providing the communication parameters are unchanged, you shouldn’t see further alerts for this app.
Re. the “1 of 2”, “1 of 3” etc. alert numbers, this is caused by the named application repeatedly trying to gain access. CFP has blocked the original and subsequent request, pending user input, but the application just knows it didn’t get a response in its expected timeframe, so it asked again. The frequency and quantity of these subsidiary alerts will vary from app to app, some only asks once, some chatter away madly.
What I am trying to do is limit the application to certain IPs (I don’t want to restrict all apps to those IPs). Should I be doing something different in network monitoring? The app just needs to make TCP connections to the IPs.
I first set up two application control rules to allow the two IPs I wanted to allow for that app. Is it a problem that I have multiple application control rules for the same application (I was not sure how to allow more than one ip when they are not part of a specific IP range)?
I was not checking “remember my answer” when I clicked allow because some of the messages (of the 1 of 20) were allowing access to IPs I did not want the app to connect to in the long run, while some of the messages were asking for access to the IPs I had already allowed in the application control rules.
I am using a java application (app is the parent, java is the application),
If you create an application monitor rule for the application “java”, then all java apps are only going to be able to reach the nominated IP address (not 100% certain of this, but the logic looks right). I think the application monitor rule should apply to “app”, not to java".
Try creating an application monitor rule for “app” using the following parameters;
GENERAL TAB
Action : Allow
Protocol : TCP
Direction : Out
DESTINATION IP TAB
Single IP : whatever.address.you.want
DESTINATION PORT TAB
Any (Unless you know the correct ports)
MISCELLANEOUS TAB
Leave these options unchecked unless you specifically need to set them.
