LOG improvements:
I’d like more info in the log. I miss the info about the rule which created the entry (the rule which caused to block a communication request).
And I’d like that I can scroll in the log by using the arrow keys.
A on off game option because the firewall has so much lag when playing internet games
I read somewhere that some firewalls are having this option.
I have to turn off comodo and use windows firewall when playing on the net
Would be great to have this feature
Tomski (:KWL)
I’d like to reformulate a previous wish, even if already suggested:
Local is our pc, Remote is other. No source or destination. If it’s already going to be implemented, please correct me.
Hello!
First of all, thanks for developing a very decent product! I don’t have a long practice in firewalls (except the XP SP2 default one), but I hope my suggestions will help you to make CPF the best. I haven’t read this forum very deeply and apologise if any suggestions were already placed here before.
-
After installing, I was slightly disappointed with default security level “Custom”. I would like to see its name like “Normal”, “Optimal”, “Recommended”, “Default”, “Standard” etc. Hope you can understand me: “Custom” sounds as “user-selected” instead of “optimal” of “developers-selected” and normally user should avoid custom settings, at least, first time.
-
When CPF shows warning or request that some component tries to connect to someone IP, I would like to check this IP. Unfortunately, there is lack of DNS in Comodo. Well, I can run the lookup or traceroute utility, but I can’t copy the destination IP from the window and instead I have to see and enter it manually! The built-in reverse DNS or at least an option to copy IP to clipboard (also in the current connections list) would be very helpful.
-
Answer “yes” in the warning window saves the new enable rule for an application, but with any destination and any port. Could it be possible to add the checkbox here that I wish to store the rule with destination IP and port only?
-
Minor, but somewhat annoying. Currently is impossible to move the marker up/down in all monitor lists using the keyboard arrows up/down, only mouse clicks and wheel works. But using arrows will be normal (expected) interface behaviour.
-
There is no option to clean the component control list and delete the obsolete and no more existed DLLs after uninstalling some programs or updating the DLLs. User has to check all list and delete the old components manually (or let such garbage to remain forever). Could you add an option to check the list for actual components?
-
The text descriptions for “Alert frequency level” in advanced settings are not easy to understand.
-
Last but not least. There are no any predefined zones in the original (out-of-the-box) program, nor any zone templates. I suggest to add some predefined zones (templates) to make the initial tuning much easier. Something like:
- Multicast (224.0.0.0 - 239.255.255.255)
- ADSL LAN (192.168.1.0 - 192.168.1.255)
- Office LAN (192.168.0.0 - 192.168.255.255)
- maybe also 10.x.x.x. or 172.16.x.x
Hey guys, I switched to this firewall earlier today… My request is: an option to use the native Windows GUI/MS Visual Style.
Hi,
In application monitor under details, it would be nice if the text can be copied. So that it’s much easier to Google about these applications.
G’day,
Two wishes that other users have raised elsewhere in the forums;
-
A “google this” button for researching the items that cause pop-ups
-
Rather than log directly to disk, log to RAM and flush the accumulated logs to disk once a threshold has been reached.
Ewen 
Hw about a cleanup utility to get rid of rules set for uninstalled software and rules created by setup files.
there you go Ewen. Added it (:WIN)
I would like to second panics suggestion. I like to google unknown modules in component monitor as a learning exercise. A “google this” button or right click menu option would be an asset. Save me having to switch between firefox and cpf when I forget how to spell the dll.
Hallo,
I know maybe this will not gain the “in progress” status but I wish to suggest this.
UPNP poses some security risks as outlined in the article named UPNP Flawed application.
But Comodo provide an additional layer of security which could prevent most of them.
As far I know Comodo network monitor shapes the inbound and outbound traffic
whereas the application monitor is used to finetune the traffic.
Upnp can open inbound ports over the wan as the need arise.
Combining these features with the Application behaviour Analisys it is possible to open on the wan only really needed inbound ports and enforce the use of opened inbound port on a per application basis preventing hijacking and making possible to use application which make use of random inbound ports without creating an [any] rule or a range of allowed ports in the Networking monitor.
In his current status comodo can block upnp services on a per application basis (if upnp network rules are present) but, using upnp, comodo could enforce the use of temporary inbound ports on a per apllication basis. Also application hijacking detection could be used to alert the user of attempts to create UPNP rules (also if the application is set to use any ports).
This way Comodo can automatically create and delete network rules (because it knows when an UPNP rule is created or deleted) and delete network rules and undeleted upnp rules if the application is unloaded.
The only flaw in this design is presented by services because actually is not possible to know svchost.exe loaded services and is not possible to distinguish between any instance of svchost.exe (well… not using comodo)
EDIT: oh my!!! switching component monitor from learn to on give more control on svchost loaded services (dll) as well as other apps loaded dll.
using simple queries is possible to obtain something like this:
<?xml version="1.0"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<m:GetSpecificPortMappingEntryResponse xmlns:m="urn:schemas-upnp-org:service:WANPPPConnection:1">
<NewInternalPort>80</NewInternalPort>
<NewInternalClient>10.0.0.1</NewInternalClient>
<NewEnabled>1</NewEnabled>
<NewPortMappingDescription>Server HTTP</NewPortMappingDescription>
<NewLeaseDuration>0</NewLeaseDuration>
</m:GetSpecificPortMappingEntryResponse>
</s:Body>
</s:Envelope>
So NewPortMappingDescription can be used to check which application is bound to the rule or to trigger an alert if empty (this field could be trapped and rewritten if the upnp rule is legit adding a hash derived from a list of the dll loaded by the application or an optional user-defined string) and the other fields could be used to create on the fly network rules.
Using a similiar approach is possible to limit the number of rules created by an application (an application that usually creates two rules could trigger an alert if creates one more rule)
Also is possible to prevent some malicious port mappings and detect for example upnp rules assigned to the current host made by rogue clients on wifi lan.
Basically it could be possible to intercept the upnp rules and apply some user defined check on them on a per application basis.
Well maybe is not user friendly but it’ll add a lot of flexibility…
(L)
Regards,
gibran
The alert window buttons need to be a little responsive. They seem to get stuck when a rule is being created by the remember option.
How about option to define list of applications which are allowed to modify user interface of other applications, and of course if they or their components change firewall alerts you.
I am in this mode with maximum security enabled and all warning messages, and getting this alerts “Parent.exe has modifies the User Interface of Application.exe by sending window messages.” pretty often especially about explorer.exe, not like i want to disable this feature, just define applications that are safe to do it.
Also you can improve Network Monitor > Network Control Rules by allowing you to define names or comments for rules, i got like 10 rules there and after month or so when i look there again i cant remember what certain rule is for, so comments or names for rules or both will help.
Great firewall by the way.
What I would like to see is the the option for the “Application Monitor” to individually be able to disable for a particular application the following options which currently have to be disabled for the whole system, they are the “Block fragmented IP Datagrams” and “Do protocol analysis” options.
I thought that was what “Skip advanced security checks” but unfortunately obviously not that. I don’t know what this feature actually does.
I need this for the new Netgear SC101 Utility Ver 2.0.23. With this and Comodo Firewall Pro in custom mode I was getting a lot of “Fragmented IP Packet” and “Fake or Malformed UDP Packet” messages.
Also would it be possible to add “Source IP” and “Source Port” options to “Application Monitor” as is currently available to “Network Monitor”
Thank you very much.
The Fly
Comodo Firewall Pro needs an improved “Block/Ban IP Option” it is somwehat confusing for me to block an attacker ip! (inbound, outboung TCP,UDP,ICMP all comunications etc…)So why not have a simplier solution to block the ip address,something similar to ZoneAlarm,NortonPF,McAfee firewall!?
It’s not that hard to block an IP. Attackers are always INBOUND, unless you are attacking yourself in a circuituous manner. 
In network monitor, set up a rule with the following parameters
Protocol : IP
Action : BLOCK
Direction : IN
Source IP : The IP you want to ban
Destination IP : ANY (This is your PC)
Source Port : Any
Destination Port : ANY
Three selections and an IP address - that’s all it takes.
Cheers,
Ewen
P.S. Re. your other post - CFP V3 will have password protection, hopefully this will make it into the first cut ofhte beta, due April 16th.
Wish 1:
Start Comodo Firewall Wishlist v6 with a list of all the wishes from Wishlist v1-5 so we don’t need to read over a hundred pages from the old wishlist before posting a new feature request.
Wishes 2, 3, 4, …:
Lock the firewall down with a password, make all text in the GUI selectable, make it easy to export and import settings, block domains by name (including wildcards in domain names), let me scroll thru log entries with the arrow keys, etcetera.
What, did people already ask for these features a million times before?
Have a look at Wish 1 ; )
Nah…you just want others to do the dirty work for you
No, just thousand times
Anyway…they are good wishes…hopefully we will see them in in the FW in the future
Unfortunately, even if someone did compile previous wishlist’s wishes it won’t prevent members from posting duplicate ones. Just look at what we did to the FAQ’s thread. There’s always people who can’t effectively utilize the search function or not willing to spend the time to read the whole list.
Search function? :o
I searched for
Orwell “Animal Farm” -moviebut I found nothing…
What about FSAs (Frequently Searched Answer) in the search page?
A list of click and go examples could help…
Newbies are just newbies ;D
Maybe they should be sandboxed into a a specific section of the forum
But the elders used to say: Repetitia iuvant (repetition help onself)
We could consider repetition like an indirect poll (e.g. in wishlistes).
Whereas a paq (Previously Asked Question) becomes a FAQ after repetition and a faq becomes a MFAQ (Most FAQ) after a certain number of repetitions.
MFAQs could be sent to the inbox of new entries upon subscription.
In order to train new subscribers, they could undergo a training phase of ten forum posts.
Trainers could be high posts volunteers which review new users’ posts before they are published on the board.
If a post is not reviewed after 24h it gets automatically posted.
(PM are not to be reviewed)
This way it could be possible to enforce the use of search function.
Forum rule breakers could be filed for a new training phase
gibran, I think those requests would be more suitable for a forum wishlist, but there’s no such section built yet
The search function was just an example. Of course we can’t restrict members to post the same questions because that would be limiting their freedom and it isn’t against forum policy. Besides, I can’t blame them since the search hasn’t been working 100% for a long time now.