Application rules referring to hosts by name don't work

A. THE BUG/ISSUE (Varies from issue to issue)
Can you reproduce the problem & if so how reliably?: Yes, 100% of the time
If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: create an application ruleset for your browser that blocks and logs all connection attempts
2: add a rule at the top of the ruleset to allow outgoing TCP connections to hostname, port group HTTP
3: open your browser and enter in the address line

One or two sentences explaining what actually happened:
The browser can’t reliably access It may show the page on the first try but then stop showing it after you restart the browser. In Comodo log you can see blocked attempts to access Google servers.

One or two sentences explaining what you expected to happen:
The browser should be able to reliably open Google’s search page.

If a software compatibility problem have you tried the advice to make programs work with CIS?: N/A

Any software except CIS/OS involved? If so - name, & exact version: N/A

Any other information, eg your guess at the cause, how you tried to fix it etc:
As a part of load balancing, Google can return different subsets of “A” records in response to identical DNS queries (e.g. for Same is true for other large-scale services such as Amazon’s AWS. Comodo likely memorizes one subset (or even just one address), but then the application is retrieving another subset and Comodo blocks access because these IPs look unfamiliar.

There’s no easy fix. Comodo will need to sniff for DNS packets and maintain a “hosts file” in memory.

Exact CIS version & configuration: CIS premium

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: Only firewall and antivirus.

Have you made any other changes to the default config? (egs here.): Yes, but that doesn’t matter.

Have you updated (without uninstall) from CIS 5, 6 or 7?: No
if so, have you tried a clean reinstall - if not please do?: N/A

Have you imported a config from a previous version of CIS: Yes
if so, have you tried a standard config - if not please do: Not feasible.

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Win 7 SP1 64 bit, UAC on, admin account, not virtual

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
a=none b=none

C. ATTACH REQUIRED FILES (delete this section (section C) after attaching required files)
Not feasible.

Firewall rules have always been flaky when specifying by name it has been like this for a long time. To overcome this its easiest to just use website filtering which works all the time.