I switch from paid Kaspersky (Bloatware, unreliable) to Comodo because it liked its settings and - it’s free
I configured the HIPS and Firewall rules to my needs but there are some questions left:
Firewall rule for SYSTEM
What file or set of files does “System” in the default firewall rules address? (Sese attached image System.png)
Popup for svchost.exe although I have existing rule
On startup I always get prompted to allow incoming traffic for svchost from my lan. But in my global rules I have a default rule saying “Allow all incoming requests if the sender is in MyLan” (default rule). Why isn’t this rule used? I have no blocking rule for svchost or system files. If I create a corresponding rule for svchost (allow all incoming traffic from MyLan) it works, but I don’t understand why I need a separate rule.
Are you using a profile from v5.x? I guess not as you as you are stating you freshly changed from Kaspersky. Version 5 could create a rule with name System in the Firewall application rules when using the Stealth Ports Wizard to make the local network trusted. In that context System would encompass svchost.exe and other processes involved with local networking. However this option is no longer in the Stealth Port Wizard of v6. I have not seen it show up with users here (I block all unsolicited incoming traffic as I share my connection with others).
Can you open the System rule (push the + sign in front of it) and post a screenshot?
You need a rule for svchost.exe because traffic goes through two sets of rules. Incoming traffic first goes through Global Rules and then trough Application Rules.
