Heya.
So, this was originally a post in another thread that got moved here. Having noticed that, I reformatted it to fit the wishlist format.

1. What actually happened or you saw:
Upon setting the firewall to custom mode I got network traffic alerts for the following two executables: iseserv.exe and vkise.exe

2. What you wanted to happen or see:
Since these two files are part of the COMODO installation, they should have a default “Outgoing Only” rule already present in the firewall.

3. Why you think it is desirable:
Just a minor suggestion.

4. Any other information:
See original post below.

Original post:

Okay, so every once in a while I will come face to face with this task of having to format and reinstall Windows on one of my machines or simply buying a new machine and doing the setup from scratch. Of course, since I am a big fan of CIS I will install it on every system that I use. Yeah, so, here we are. I’ve just finished the installation of the basic software on my new W10 laptop and now it was time to configure CIS. Anyhow, I was configuring the advanced settings when I set the Firewall to custom ruleset and enabled incoming/outgoing alerts. There were two alerts in particular that caught my attention. The first one was from iseserv.exe that wanted to connect to a remote IP address, the other one was vkise.exe. Upon further inspection I noticed that these two executables belong to a Comodo product called Comodo Internet Security Essentials which were automatically installed as part of the CIS installation.

My question (feedback) is that if these two are part of the Comodo installation, why are they not automatically included in the list of firewall allowed applications? As I understand, the CIS has a “Advanced Settings => File rating => File groups => COMODO Internet Security” group which is already present in the “Advanced settings => Firewall => Application rules” list and its policy is set to “Outgoing only”. Do you think these two executables should also be present by default somewhere in the firewall outgoing-only list?

Best regards!

this executables is part of comodo see in Вefinition of Comodo Internet Security Essentials, Network Security, SSL Certificate
you can allow acess in network

sorry my english

I am aware that the executables are part of comodo, and I’ve already set them to outgoing only.
My comment was that this behavior should have been the default.

With Custom Ruleset policy CIS will not use the white list. It is expected behaviour and you will have to make rules for applications that ask for internet access.

Whitelist does not matter because custom policy still adheres to existing rules in the “Firewall => Application Rules” list. There is an existing entry called “COMODO Internet Security” and it is set to “Outgoing Only” by default. When inspecting the entries in this group in the “File Rating => File Groups” page, I can see 4 executables from the "C:\Program Files\COMODO\COMODO Internet Security" folder and they are: cis.exe, cmdagent.exe, cmdvirth.exe and cavwp.exe. The files iseserv.exe and vkise.exe are not among them. They are located in the "C:\Program Files (x86)\COMODO\Internet Security Essentials" folder.

So in case I’m not being clear: My feedback is that these two files should be included in the firewall “Outgoing Only” list. Either in the “COMODO Internet Security” file group or some other group. I have already manually added them to outgoing only policy, but they should be present by default.

Regards,
-C

I agree they should be added to the “COMODO Internet Security” file group.