I really want only allow some executeables to access some destinations, other executeables should be blocked and I do not like any automatic learning of rules. For new executeables Comodo should always ask what to do.
But it is not possible to set destination IP, destionation ports when a new executeables wants to connect to the internet.
This only can be made manually after the executeable is added.
This was very fine with ATGuard or old Norton Internet Security.
I do not understand why this concept was dropped for Windows firewalls in the last years.
A kind of iptables with layer 7 features and a good adding-tool (assistent) would be a nice solution I am missing on Windows OS.
Firewalls are permissive by default;
“Kaper, nort”, external connections executed by malware, for example, regardless of the configurations;
Comodo in its initial versions (2.xx.xx) was pemissivo. But we will still be alerted to the unknown and known app.
But just with the firewall of all the paid and good suites as long as you do not disable one of its modules. It’s as if we have just one database antivirus without any heuristics; >:-D
The best thing to do is to test the software to see if the features you want are there. I have already tested comodo, kaspersky and norton (based on a basic knowledge or null) … and have the same “vices”. That’s why I use the comodo
Yes, but Norton Personal Firewall 2006 or AtGuard 3.22 had a mode that executeables only could access to the allowed destination IP addresses/ports, when there was a new executeable which wanted to access any destination and it was not in the list, an assistenst asked for allow/block/custom rule.
I am aware that these features are more interessting for the professional users but why no layer 7 firewall offers these features any longer.
I do not want that svchost.exe or other of the countless Windows services can access to my network or internet without having control about it.
I tried Comodo free firewall but the assistent for new executable files was not reliable.
And most suites come with A/V software which I also do not need.