application rules keeps changing

I have a predefined policy that allows outbound connections only to the local network and the loopback network.

The firewall is in safe mode, and is learning application behavior. I apply this “Local Only” policy to every application that tries to connect to the internet except the few I really want to connect.

There is one application under which, after every boot, the rules of the predefined policy appear changed to custom rules, and a new rule, allow any from any to any, appears before them.

How is that happening? Is Comodo overruling my policy? Is the application changing the rules? This feels malwarish, and even though the application is legit, does it suggest a security hole?

Hello Capitanfracassa,

Could you please tell us what version of Firewall you are using
CIS/CFW > More/About/Misc > About

If you are in safe mode CFW will continue to make changes based on few variables (Whether if that application is safe or not)

Safe Mode:

Safe Mode (Default): While filtering network traffic, the firewall automatically creates rules that allow all traffic for the components of applications certified as 'Safe' by Comodo, if the checkbox Create rules for safe applications is selected. For non-certified new applications, you will receive an alert whenever that application attempts to access the network. Should you choose, you can grant that application Internet access by choosing 'Treat this application as a Trusted Application' at the alert. This deploys the predefined firewall policy 'Trusted Application' onto the application.

Thanks


Jacob

Thanks for the explanation. I am on CIS 5.3.

So it seems I do not understand the workflow.

When I apply another “predefined policy” to an application, doesn’t it by definition make it no longer a “trusted application,” given that this appellation is a different predefined policy?

I want to define more restrictive policies based on the permissive policies the Comodo generates automatically as it learns the applications. once I set these policies, I don’t want them to be overruled. How do I do that?

hello capitanfracassa,

set the firewall Security Level to Custom Policy Mode and uncheck “create rules for safe applications” under Firewall Behavior Settings, General Settings.

This way CIS firewall will apply your own rules.