CIS version 8012 is skipping my rules in Safe Mode

In CIS versions 6882 and 7062 I created an application firewall rule as follows:

Name: All Applications
Use a Custom Ruleset: Action [Ask], Protocol [TCP or UDP], Direction [In Or Out]

As position in the chain I placed it after System and COMODO Internet Security rules. Based on this new rule all applications ask before going in or out. If I change the firewall setting from Custom Ruleset to Safe Mode or back CIS continues to ask me every time an application which doesn’t have a ruleset what to do.

I created the same rule in version 8012 but it works only if firewall is set to Custom Ruleset. If the firewall is set to Safe Mode the rule I created is skipped, CIS is not asking me anything. CIS creates new rules if “Create rules for safe applications” is checked.

I would like to know why the behavior from previous versions was removed in this new version. I don’t like my custom rules being skipped. All those who use this new version in production should be warned about this change.

An interesting bug as I can’t reproduce this behavior on my end.
With the rule in place CIS does ask me every time when an application with no rule wants to connect.

@CISfan - a little patience until I get back to the machine to get screenshots to prove to you that the issue is a real one. I have been testing software for almost 25 years, being paid by companies for this job. I said to see on the surface what issues I find in the CIS before making a major upgrade and look that I found.

I have attached three images that prove Comodo version 8012 is skipping my custom rule. On the left side I opened Google Chrome then I loaded the update page. On the right side there are opened Comodo windows. There is a custom rule named All Applications that asks for all In/Out connections.

If firewall is set to Custom Ruleset when I load the update page in Chrome the firewall alert asks me for Allow/Block/Treat for GoogleUpdate.exe. This is a correct behavior.

If firewall is set to Safe Mode when I load the update page in Chrome the firewall alert doesn’t appear and Chrome displays is up to date. This is a wrong behavior.

Let’s see the last image which is a screenshot from other physically machine. Firewall is set to Safe Mode, CIS version 6882, the same custom rule named All Applications. Firewall alert window appears once I reload the update page in Chrome.

This wrong behavior is obviously a bug introduced in the variants after 6882.

First Image

Second Image

Third Image

I’ve tried to reproduce the issue again multiple times and even tried multiple times with placing the rule at the same position on the FW rule list as shown in your screenshot but still the rule keeps (asking) working for me.
Even tried with Protocol [TCP or UDP] and Protocol [IP], no difference both rules do work on my end.
I can send screenshots if desired.

@CISfan

Seeing your message I considered the scenario that I may be wrong:

  1. on the same physical machine I uninstalled COMODO, then I used the Clean Tool program. I cleaned all the orphaned files and records from the disk and from the windows registry. I reinstalled COMODO. I did not change any settings. I created a rule to ask me when a program that wants In/Out and I opened Chrome. COMODO did not display the popup window and Chrome connected to the Google search engine. So the bug could be reproduced again.

  2. I created a virtual machine on another computer. I installed windows 21H1. I did not change any settings and installed COMODO. I created the same rule, firewall set to Safe Mode, I started Chrome. Again I was not asked to be able to access the Internet.

  3. I created a new virtual machine on the same computer. I installed windows 21H1. I didn’t change anything in the settings and installed COMODO 6882. I created the same rule, firewall set to Safe Mode. I started Chrome, immediately COMODO displayed the window. The bug couldn’t be reproduced.

I understand that you are probably a fan of the product that you want to prove to me at any cost that I am wrong but I proved to you that the issue reported is not from me but from the product. Our conversation ends here.

If the development/maintenance team from COMODO wants to go further with the investigation I am at their disposal.

ADDENDUM

I’m sorry that I omitted from the report the fact that I made some convenient settings in the firewall section. I unchecked not to display popup alerts, I set the alerts to the highest frequency.

Hi cata_solomon,

We will check this and get back to you.

Thanks
C.O.M.O.D.O RT

@cata_solomon - By no means I’m trying to say or suggest that you are wrong or that I don’t believe you. It just sounds so odd that such a simple rule doesn’t work on your end.
I have the impression that you don’t like to get my help on this and so I hope that Staff or someone else can help you with this issue.
Sorry for causing any troubles to you.

Sorry but once you answer an alert it will remember the answer for the duration of the process lifetime, and if remember my answer is selected a new rule will be added to the application rules at the top of the list. These rules are processed from top to bottom so those on top take a higher priority than those below it.

@futuretech - This is a bug report based on an intensive testing. I appreciate the fact that you explain to me how the Comodo firewall should work but it has an important issue in 8012. Yesterday I created a virtual machine from scratch that has only Windows 10 21H1 installed with all the updates up to date. I cloned this machine for each version of CIS starting with 6882. I created a rule for all applications to ask In/Out access. In Safe Mode all applications ask for any application which requests Internet access except 8012. In this version my rules work in Custom Ruleset mode only. Virtually everything I created as a rule is skipped by COMODO in Safe Mode which is obviously a bug.