CIS Charrette - Application Network Activity Control


A charrette (pronounced [shuh-ret], often Anglicized to charette and sometimes called a design charrette) consists of an intense period of design activity. The word charrette may refer to any collaborative session in which a group of designers drafts a solution to a design problem.

This is one of a series of charrette threads that I will be making to try and create an inclusive, consistent, and polished prototype for future versions of Comodo Internet Security. I am here to fulfill your wishes! - and some of mine - in the form of jpgs and pngs - to eventually be submitted in the secret (gasp!) usability sub-forum for review by developers.

I’ll be looking over the wishlist for features and suggestions to incorporate in our designs, but don’t hesitate to suggest ideas here. In fact, I encourage you to suggest ideas here - otherwise it’s not a charrette. Sometimes I have specific questions. To see them scroll down to the “Current Dilemmas” section. I also encourage you to check out the related threads listed below and support our resident wishers. Just make sure that, if your suggestion warrants its own thread, that you do make a thread for it. I am not replacing the wish list.

[b]~ APPLICATION NETWORK ACTIVITY CONTROL ~[/b] Login to view the image. ( Scroll further down to see rule creation)

^All optional features turned off.

^All optional features turned on.


  • The window has been renamed to be more consistent with Defense+.
  • The help button has been moved to the standard and efficient location.
  • The application path can be changed on the fly.
  • The Zones and Port Sets buttons allows the user to quickly access (add and edit) Network Zones and Port Sets. The user no longer has to backtrack through the interface.
  • Import/Export buttons replace the Copy From button.
  • The Import button opens an additional window from which the user can specify a file, existing individual rule, or existing predefined policy to append or overwrite the current application policy.
  • The Export button allows the user to export the current policy or a rule-in-the-current-policy to a file - so that it may be individually imported at another time.
  • The rule table can now be sorted according to its headers.
  • The rule table Headers can be reordered left-to-right however the user wants them to be.
  • With the exception of the Priority header and Description header, all Headers can be hidden.
  • Header view settings are persistent across Application Network Activity Control windows for any application/policy.
  • Quick toggles allow the user to quickly change basic rule settings.
  • Users can scroll horizontally, so they don’t have to rely on tooltips or window resizing to see the entirety of a rule.
  • Rules are rewritten in a more valid syntax.
  • Filter and search functions are located below the table. They are activated with ctrl+f.
  • A link to the application’s System Activity Controls (Defense+) window has replaced the help link.
  • The window now sports an APPLY button, so the user doesn’t have to close the window mid work-flow to apply changes.
  • The window can be resized.
  • Minor graphical tweaks have been implemented in window elements and style.


  • The rule table contains five quick toggles and one priority marker. Quick toggles allow the user to quickly change basic settings for a particular rule (or set of rules if multiple are selected). They are used simply with a single left click.
  • The Priority marker lets the user know the priority of the rule even if the list is sorted in such a way that the rules are not in priority sequence. The Basic Rule is always rank 00. The Advanced Default is always rank ZZ. This naming convention allows over 1200 rules.
  • The Priority marker does not react to a single left click like the other quick toggles. Instead, it acts as a grip with which the user can drag the rule.
  • Upon clicking and holding the mouse over the Priority marker, a red sorting-divider will appear beneath the associated rule, and the table will sort itself automatically by priority (and scroll if necessary to the associated rule).
  • The first quick toggle enables or disables the rule. It is the check mark.
  • The second quick toggle cycles through Allow-Ask-Block and controls whether the rule allows, asks, or blocks.
  • The third quick toggle activates/ deactivates logging.
  • The fourth and fifth quick toggles allow the user to quickly change the maximum allowable traffic for a particular rule. Left clicking on the specified speed will open a small window in which the user can manually enter the preferred speed.
  • The description updates live as the user toggles, providing intuitive feedback, and a smaller learning curve for new users.
  • If the user is using custom descriptions, only the “Disabled” and Traffic Shaping markers will append/alter it.
  • Quick toggles can be shown/hidden, sorted, or re-orded left-to-right like anything else with a header.
  • The Show Custom toggle allows the user to quickly switch between custom rule descriptions and raw generated descriptions.




  • Right clicking on a table header will give you the following options: Sort 0-Z, Sort Z-0, Do not Sort, Columns >
  • The Columns sub menu allows users to show or hide certain columns.
  • Right clicking on a specific rule will give you the following options: Add a new rule, Edit this rule, Remove this rule, Move up, Move down, Purge this rule (only shows if the rule is invalid), Log this rule, Enable/Disable this rule.
  • The Select menu, next to the Application Path field, contains an additional option to manage file groups under Select > File Groups > Edit/ New…
  • The Select menu, next to the Application Path field, contains two additional options: to add folders recursively and non-recursively. This functionality can also be achieved by manually text-editing the path, following it with “(recursive)” or “(non-recursive)” neither of which are case sensitive.
  • The Predefined Policy drop-down, next to the Predefined Policy radio selection, contains an additional option to manage Predefined Policies at the bottom of the list called “Edit/ New…”
  • The Copy From menu, next to the Custom Policy radio selection, contains an additional options to manage Predefined Policies under Copy From > Predefined Policies > Edit/ New…


[b]~ NETWORK ACTIVITY CONTROL RULE (CREATION) ~[/b] Login to view the image.

^Adaptive Address Feedback.


  • The help button has been relocated.
  • Import and Export buttons have been added to allow the user to import and export individual rules from the rule creation window (i.e. without backtracking).
  • User can disable the rule with a quick toggle.
  • A Preview button allows the user to force CIS to generate a rule description on demand.
  • Rule creation uses the more common and versatile ‘Local-Remote’ system.
  • Rule creation is organized into an intuitive matrix, which organizes the rule in a logical fashion and does not hide vital details like the current UI does.
  • The arrow at the center of the matrix changes direction and color according to whether the user chooses the outgoing/incoming/outgoing or incoming direction.
  • The IP field does not supply its own punctuation anymore.
  • The IP field understands abbreviated IPv6 notation.
  • The IP field can distinguish between IPv4, IPv6, and MAC addresses, and subsequently, redundant options for IP type have been removed.
  • Traffic shaping options allow the user to define the maximum allowable speed for ingoing and/or outgoing traffic according to the rule.

[li]Entering in a 0 will automatically show an infinity sign instead.


  • The window now as proper apply button.
  • The window has undergone several other visual tweaks.


  • CIS determines whether an address is IPv6, IPv4, or Mac by what is entered into the field by the user.

[li]Four sets (up to 3 digits), separated by three periods, constitutes an IPv4 address.

  • Eight hex sets (up to 4 digits), separated by seven colons, constitutes an IPv6 address.

  • An IPv6 address may have less than seven colons (and less than eight sets) as long as there is a pair of colons, or an Ipv4 address included.

  • If an Ipv4 address is included, there must be at most six sets and six colons preceding it (less if a pair of colons is present).

  • Six pairs of hex, separated by five colons, constitutes a mac address.

  • Six pairs of hex, separated by five hyphens, also constitutes a mac address.

  • There is no mac address drop down.[/li]

  • As the user types in the address a small marker displays on the right end of the field to give live feedback.
    [li]“v4” shows: if the address is recognized as a complete IPv4 address.

  • “v6” shows: if the address is recognized as a complete IPv6 address.

  • “Mac” shows: if the address is recognized as a complete MAC address.

  • “?” shows: if the address is not recognized as a complete address.

  • “?” shows: in blank fields that need yet to be completed.

  • “!” shows: if dependent fields (Start:End) do not match IP type.[/li]

  • Changes cannot be applied if fields are incomplete or incorrect.

  • Attempting to apply changes with incomplete or incorrect fields will trigger an error message.

  • What happens if CIS needs to learn a rule, but all 00 through ZZ are taken?

  • Rule creation window.
  • Traffic shaping functionality.


[attachment deleted by admin]

Hi there mr.‘some of it’ voter. What don’t you like? Have you read the “What is this” section of my original post?

this is good for advanced users.

Yup. And hopefully intermediate users too. Do you foresee the changes I’ve made being a challenge for intermediate users?

Novice features (Basic Switches) will be the next chunk I work on, then traffic shaping!

I think so. my motto has helped me a lot which is learning by doing. Through reading and a bit knowledge you will come quite far, at least in the home/business security software.

Valentin N

Hmmm… is it the filter? I hope it’s not the quick toggles.

People need to have patience and the curiosity. If people have that then knowledge will come.

Valentin N

Pretty simple to use and understand. Nice work glifford.

Yeah. I figure people won’t deal with the activity rules tab if they don’t have the patience or curiosity for it. I’ll be implementing a simple switch to block/allow all traffic for the application under the basic switches tab, for those people.

Thank you :slight_smile:

;D Now with traffic shaping! PER RULE! ;D

  • The ability to quickly turn off custom rule descriptions.

Before anyone gets worried, there will be options to implement traffic shaping per application in the basic switches tab, and globally in the network security policy window.

Rule creation is up!

EDIT: Decided to stay up a bit more to fix some things. :stuck_out_tongue:

Oh, and I’m totally taking credit for the drop downs instead of radio buttons that we have now. Cause I suggested that a while ago. :stuck_out_tongue:

Figured I’d bump this and see what people think these days.

i think all your charrette concepts are excellent and would be a great addition to cis. it will really allow people to take control of everything they want.

just like your other 2 charrette this one should also be stickied


so long i wished to get an ability to limit traffic for each process separately!. and these concepts are real well thought and easy understandable :wink:
i see there words of “simple switch” -wish it be like an option =so people like me(or better to say - like most in this thread, at least) will have only once to check smt like “use advanced user mode”.

Lot of effort gone into this, well done.


I really need this feature, an internet traffic control, set upload and download speed for each application.

Traffic shaping per rule would only apply to rules that control net traffic right?
It is confusing how it is showing traffic shapping on blocking/logging rules, unless you are thinking the shaping is saying “this is the maximum amount of incoming traffic you can block”, but that is still confusing.

I don’t understand why you have the application path on the top part and the bottom part. I would rather see one box with more information, like attributes, owner, date, signed by, etc…

This is different… I am assuming there is some king of groupings overview page that leads into this when you want to make a new rule?
Like a master list that groups applications by system/os , user installed?

On the last image, I would completely separate traffic shaping to its own tab, and then make it so you have to turn it on intentionally.
Also, I do like logic games but the (NOT) Remote Address (X)Exclude, lol… Well that is confusing to say the least.
So a double negative makes a positive? :stuck_out_tongue:

Ok, I have to say this is very confusing. The way I am thinking through this last image is:
I am allowing UDP (of IPv4) outgoing from any IP that matches my subnet mask of IPv6 with the port set of DHCP (dhcp port set of IPv4 or v6?) (which still should show the ports somewhere on this page, not just the descriptive word) — arbitrary arrow which I assume is flow — To (Not) Remote Adress which is excluded of the Zone DHCP Server and has the remote port rang 67-68 with unlimited UP? (outgoing?) and 200 Kb/s (or KB?) down or incoming.

Yeah, I am still confused. Hahaha… Sorry I can’t be of more help with suggestions as I am not quite following what you are trying to do here. Maybe if you added a few simple color coded icons to ease the flow and the thought?

wow that would be nice :slight_smile: