Hi,
I am looking for such features like Norton Personal Firewall or AtGuard 3.22.
There it was possible to block every connection except the rules which the user could add (manually or via the assistent when an executeable wanted to create a network connection for first time).
The rules should be able to set protocol and destination IP and destination ports.
Does Comodo Firewall offer these features?
I really want only allow some executeables to access some destinations, other executeables should be blocked and I do not like any automatic learning of rules. For new executeables Comodo should always ask what to do.
No Alas
too permissive
pity - why there are no such features for Windows-based firewalls.
Norton Personal Firewall which was based on AtGuard 3.22 was quite good. Since Norton has merged the firewall and antivirus everything got worse. 
Do anyone know any other good Layer 7 firewall for Windows which offers the same features like Norton Personal Firewall?
Hi,
Yes of course
I think if you switch firewall to custom rule set, instead of safe mode, it will use only existing rules, and ask what to do for new connections \ programs.
Ok, thanks, I will retry it.
But it is not possible to set destination IP, destionation ports when a new executeables wants to connect to the internet.
This only can be made manually after the executeable is added.
This was very fine with ATGuard or old Norton Internet Security.
I do not understand why this concept was dropped for Windows firewalls in the last years. 
A kind of iptables with layer 7 features and a good adding-tool (assistent) would be a nice solution I am missing on Windows OS.
Firewalls are permissive by default;
“Kaper, nort”, external connections executed by malware, for example, regardless of the configurations;
Comodo in its initial versions (2.xx.xx) was pemissivo. But we will still be alerted to the unknown and known app.
But just with the firewall of all the paid and good suites as long as you do not disable one of its modules. It’s as if we have just one database antivirus without any heuristics; >:-D
The best thing to do is to test the software to see if the features you want are there. I have already tested comodo, kaspersky and norton (based on a basic knowledge or null) … and have the same “vices”. That’s why I use the comodo
Yes, but Norton Personal Firewall 2006 or AtGuard 3.22 had a mode that executeables only could access to the allowed destination IP addresses/ports, when there was a new executeable which wanted to access any destination and it was not in the list, an assistenst asked for allow/block/custom rule.
I am aware that these features are more interessting for the professional users but why no layer 7 firewall offers these features any longer.
I do not want that svchost.exe or other of the countless Windows services can access to my network or internet without having control about it.
I tried Comodo free firewall but the assistent for new executable files was not reliable.
And most suites come with A/V software which I also do not need.