Hi Just started testing CPF. Long long time user of KPF 2.1.5 which I am very sure fails hundreds of leak tests but I can’t find a firewall that gives me the control that does that I can live with.
Comodo is looking very promising but I have just one issue. Looked every where in the UI and searched through the forums but can’t find where you turn on logging for application monitor. The network monitor logs great but can’t get the application blocking to log at all.
In Logs window, right click to enable Application Monitor. However, it doesn’t log allowed app rules. Power users consider that a deficiency. Common users consider it a blessing or they simply don’t care. There is a wishlist thread: https://forums.comodo.com/index.php/topic,6883.0.html
Assuming you haven’t changed any of the default settings, Application Monitoring is on by default. To check, go to logs and right click anywhere in the log window. From the context menu select ‘Log Events From’ and make sure all four options are ticked.
By the way, in my experience, Application logging, only logs ‘problem’ events as opposed to everything related to an app.
Thanks. More I see the more potential this has, the more I like it.
In Logs window, right click to enable Application Monitor. However, it doesn't log allowed app rules. Power users consider that a deficiency. Common users consider it a blessing or they simply don't care. There is a wishlist thread: https://forums.comodo.com/index.php/topic,6883.0.html
Ahhhh. Right click [me gnashes teeth]. Didn’t think of that. Will go try it now but if as you say it doesn’t log allowed app rules that would not be nice. Does that make me a power user? The ability to turn that on an off when dubugging sure would be helpful.
Thanks Toggie, glad to have found a possible replacement for KPF at last.
Assuming you haven't changed any of the default settings, Application Monitoring is on by default. To check, go to logs and right click anywhere in the log window. From the context menu select 'Log Events From' and make sure all four options are ticked.
By the way, in my experience, Application logging, only logs ‘problem’ events as opposed to everything related to an app.
Yes it is on as you said. Doesn’t appear to be logging allowed rules as you again said.
So if you can’t log apps and you don’t appear to be able to add a global deny every other app not already mentioned (or can you?) how do you stop any popups appearing while being able to tell what needs access to where?
I run KPF with a last deny everything to anywere on any port rule so I don’t get asked about things that need access. Mainly so I don’t get constantly annoyed but also so I can run a firewall on a PC that the family use and it doesn’t ask them what to do and thus they make a bad decision. I would sooner an app fail to access the net than an inexperienced user compromise the security. It’s anecessary small price to pay to keep a clean machine IMO.
So what do others do in this instance? How do you stop all popups?
Anything that isn’t in AppMon is denied access. This is an implicit (unless the manual has something else) fact based on the default options. So it has to go through AppMon before reaching NetMon (the “final say”, so to speak). Actually, there’s an important option enabled by default to minimize alerts (Security > Advanced > Miscellaneous > Configure > 2nd option - …apps certified by comodo…). The next version 3 (beta supposedly due out tomorrow) will have a grand leap when not only will it introduce HIPS, but also the safelist will be bigger.
Hi, Thanks for the info. I read those FAQ’s before I posted this topic. They deffinitely helped with how things worked differently to KPF. The network rules were not a problem the application rules divorced from the network rules threw me for a bit though.
No. It’s intentionally hidden for security like malware tampering, etc.
As it appears that the main question on application logging is answered, this thread is closed. If there other questions, feel free to open appropriate threads. If you ever need to open this just contact and mod/admin.
