Application Monitor rules problem

Touche · November 18, 2007, 1:24pm

I’m using CF 2.4.18.184 and have the same problems as pacificwing described here:
http://tinyurl.com/289chl
http://tinyurl.com/ytq238

It seems that Application Monitor indeed uses hierarchy (as it really should), but it wasn’t designed with that in mind hence the problems.

Is this issue going to be resolved in v3 and how?

The solution given for the current cumbersome way of handling the AM rules in 2.4, is to use exclude rules. But it doesn’t work for me. Here’s what I’m trying to accomplish:

Allow TCP/UDP Out to ANY, except UDP Out to a specific IP

The only way to do it is to make a rule to block UDP to the specific IP, and then make a rule to allow all. The problem is that it only works if the Block rule is set before the Allow rule, but the order is often changed while working with rules in AM.

I’ve then tried this:

Allow UDP Out for everything except “specific IP”
Block UDP Out for “specific IP”

But Comodo merges them together into 1. and then shows a popup every time the application tries to contact the specific IP via UDP.

Is it possible in any way to solve this in 2.4 without manually checking if the block rule is above the allow rule every time I make changes to AM?

system · November 18, 2007, 1:36pm

Welcome to the forum Touche.

This was discussed in depth a few months ago. Take a look at this post, it may help:

Application Monitor Rules Hierarchy

Toggie

Touche · November 24, 2007, 2:18am

Anything?

Touche · November 27, 2007, 3:36am

I’ve read the topic before posting, but didn’t help. v2 has this bug in application rules hierarchy. v3 officially uses hierarchy so the problem is solved…although a couple of new ones appeared