CPF Wishlist Rev 3

Comodo Wishlist Rev 2 Document Finished on July 23, 2006 Total Wishes: 70

Note: Only the requests from the posts were put in this document, nothing else, also the username of the person who posted it is below each post in bold.

1. CPF communicating with CAV and used its signatures to look for viruses etc in internet traffic and alert the user before the malware is downloaded. Kind of like an Intrusion Detection System.
   Posted by: mike6688
   Status : Pending

2. CPF’s popup notifications to be able to draw infront of Fullscreen applications. This would be very useful for gaming. Indications of why the current behaviour is problematic here:
   http://forums.comodo.com/index.php/topic,194.0.html
   Posted by: antiKK
   Status : Pending

3. It would be nice for there to be a wizard as part of the installation process to set the network settings according to how to connect to the internet. Working from a home wireless network, I’ve had to add the rule to allow traffic from 192.168.1.1 to 192.168.1.255 which I had to do manually. Just a thought…
   Posted by: EricEgan
   Status : Pending

4. A downloadable installation guide and/or FAQ available on the web site and included in the application download. This should apply to all Comodo applications, not just the CPF.
   Posted by: panic
   Status : In Progress

5. Could you please implement the “start with Windows” option.

Posted by: mad
Status : Pending

6. it would be nice instead of having all the rules show up for an application, to have the application listed once and a plus sign next to it to display all the rules for that application. Also, it would be nice that where it has Permission list, if you clicked on the permission, you could change the permession instead of having to select the rule then select edit.
   Posted by: gwheaton
   Status : In Progress

7. A standalone un-installer that can be downloaded from the comodo site.
   Posted by: pandlouk
   Status : Implemented since 2.3.0.19 BETA

8. Firstly, would it be possible in the Description to have the Source IP on the main display instead of the remote IP which is obviously my router Internet IP Address (The 172…) it would be easier to keep track of the source IP’s that try to intrude my system. Secondly, under the same bit, it would be cool if you could sort the log (ie) by clicking on the word Description (For example) or Severity. All else is very very cool! So happy I switched to Comodo!
   Posted by: EricEgan
   Status : Pending

9. I wish that comodo could remember what it has already downloaded when it’s updating it’s programming so that in the event that the user’s internet connection is severed for any reason the download ( update) could resume where it left off… Just like windows update does now…
   Posted by: Jason.b.c
   Status : Pending

10. I would like to be able to define a zone with a list of IPs, rather than a single range. For example, I would like to treat a list of DNS servers as a zone. I can set them up one at a time, but this would be much more convenient.
    Posted by: sded
    Status : Pending

11. I would like that the Comodo Personal Firewall have a module to protect us from the wireless threats, like the AirDefense Personal can protect. Products | Extreme Networks
    Posted by: VaMPiRiC_CRoW
    Status : Pending

12. A product to enhance a wireless home network setup. Although setting and changing security settings is ok it still is a real pain to do. A good product that automates a lot of effort would be great. To expand I see this product be able to: Fully integrated with CPF. Be able to be user friendly for the setting up of security password/s and WEP or WPA encryption. To warn you of any attempted access to your wireless network.
    Posted by: davidpr
    Status : Pending

13. My biggest problem with CPF as it stands now is that anyone who uses the computer can change the settings. That includes my son who runs as a non-administrator level user. That's clearly a problem as I want to restrict the programs my son might want to run (e.g. IM applications or Bittorent).
    

Basically I would like to be able to control who can change the firewall configuration or be allowed to answer a popup such as “allow application X to access port Y.” Initially, that could be controlled by the level of user that is using the computer. Probably a good default would be to allow users who are “Power Users” or “Administrator” users to do this and not allow limited users to do this. You should allow this to be configurable (e.g. so someone could allow a different User Group to configure the firewall).

A more elaborate feature would be to allow for per-user security policies for both network-level stuff and the applications that can be run. For example, I could specify that my user login could run putty, but not my son. Or if I’m logged in, I could access a certain subnet on my network, but my son could not.

In another thread, there was talk of “centrally managing this stuff.” The realm of centralized management clearly puts you in the “pay feature” category. I’m not looking for centralized management, just trying to secure a single computer. All my other computers run other OSes.
Posted by: phoneboy
Status : Pending

14. There was a very useful feature in Black ICE (the FW i was using before Sygate and before Comodo), it allowed to easily define a black list of IPs (including ranges) to be banned on a certain port or range of ports. I was even able to import lists of IPs and IP ranges from TXT files … (like those created by the Mail Server log, a bit revised.
    In my case this was extremely useful since I used it to ban Spamming IPs from accessing my Port 25 (SMTP server).
    Posted by: lorenzopar
    Status : Pending

15. The ability to specify more than one parent application for each application rule.I currently have multiple rules for firefox i.e. Parent == Outlook, FeedDemon, Explorer etc… This clutters the application rules up a lot.
    Posted by: antiKK
    Status : In Progress

16. I have a minor request, it's the little tick box when you get a pop up.  I have to extremely accurate and click right in the middle. Could the box be made bigger or the clickable area bigger? 
    

Posted by: JolietJake
Status : Pending

17. In the Network Control Rule dialogue box, CPF refers to a Source IP and a Remote IP.  Could you consider renaming the "Remote" field to "Destination"?  I believe that having a Source / Destination pair makes more sense to the user than having a Source / Remote pair - particularly when dealing with inbound connections.
    

Posted by: dooplex
Status : In Progress

18. • sorting by columns. eg application, permission etc in the application monitor view

• resizing of the description view at the bottom of the app. monitor view, resizing of views in general

• http links in launchpad and firewall view should launch a default browser, not IE

• combining of rules that have been set, eg tcp+udp in with tcp+udp out, for the same IP regions, I can see that currently this is done only for tcp/udp combo
  Posted by: drmjx
  Status : Pending

19. Is it possible to integrate something like peerguardian2 to CPF? IP protection for p2p.
    		Posted by: mad
    

Status : Pending

20. I’d strongly like the ability to customize a rule at the rule creation prompt. You should be able to choose a specific port, inbound/outbound, and TCP/UDP at the prompt instead of having to go into the configuration and write a rule.
    Posted by: mvdu
    Status : In Progress

21. The features that should be improved are so far from what I noticed:

1. Must protect all users that log in at one pc. (Enable protection for fast switching)
2. Set Password to keep settings. (already mentioned in previous post)
3. Have a better log (as already mentioned in previous post)
4. Feature to submit new application info to comodo as a tool of the launchpanel (eg. product name, company, version, download website) or maybe have a userating feature for that specific application that has not been rated yet, giving at least some info to decide on before applicationname is integrated into official database.
5. Default browser should be able to switch to Firefox.
6. Easier setup on trusted/non trusted network. (seems rather raw right now)

By the way, in the Japanese childboard(thanks for moving it!), Hiro_H who is testing out CPF on a Japanese XP, mentioned that:

1. Would be nice to have the option to use the keyboard to check or select on the popups.
2. There is a problem when “Secure the host while booting” is checked. He mentions that an event error occurs when being a member of a domain, and he cannot access certain resources within the domain. Looking into the event viewer, it says “failed to set up the group policy” (content unknown). Also when trying to access mapped folders and their files, using the “net use” command, an error occurs mentioning:“Network name not found. Content unknown”, one cannot access.

Has this problem also occured with other language XP’s?
Whatever the case is, maybe this “secure the host…” option may need a closer look.
I also attached a little file on the network suggestion. (Some have already been mentioned in previous posts…)
Posted by: V4V
Status : Pending

21. I would like to see a firewall specific tray icon instead of the Launch Pad. Showing bar graph for incoming and outgoing info, That will tell me that CPF is working and protecting computer.
    

Posted by: ap22
Status : In Progress

22. I think there should be 4 pre-made rules (presets if you want) for Network Monitor:
    

OFF (Network Monitor disabled)
Stealth (Blocked all inbound ICMP Echo Requests)
Super Stealth (Block all inbound IP requests & allow only outbound IP requests, basically default settings which are enabled out of the box when you install CPF at the moment v2.1.1.1)
Custom (leaves user a full control over rules).

Settings for Custom should be saved separately so that they remain even if you switch to Stealth in between and then back to Custom.

These 4 options should be placed in simple dropdown menu under Network Monitor, so users can change it easily.

I’ve checked the machine and got a green status for stealthing (based on GRC.com).
So i think it’s ok. Plus it appears to work just fine with eMule (which doesn’t get HighID if i leave default Network Monitor settings aka Super Stealth).

Just a hint and i hope you’ll impliment this soon. If you need more info on what i meant about something specifically, feel free to ask me via mail or PM.
Posted by: RejZoR
Status : Obsolete

23. I would like to be able to save the current configuration. This way I could make changes and if I want to go back to what I had I can do so, easily. Jetico has the ability to save and reload any saved configuration.
    Posted by: XpPaul

24. Would like to see an option to save specific networks with presets: local network, trusted, internet, block, etc. When I installed CPF, a network dialogue popped up, but it was blank. I had to enter the IP address and subnet mask. I connect to many different (mainly wireless) networks in my travels, and being able to detect, configure options and save info for each network would be a time saver. The saved preferences would be applied each time a network was detected. I am not competent to advise of all the possibilites, but file and printer sharing would be one option; and others could be incorporated into local, trusted, and internet categories; with an option to override and configure options within each category.

Add a panic button to stop all traffic on the task bar.

Have CPF accurately show system adapers. The application shows my marvell adapter as an ethernet adapter. It also shows my Intel wireless 2915 ABG adpter as an ethernet adapter.

Incorporate the network adapter, the network name and type (as suggested above); and the configuration on its own page (eg "current network). This would show the adapter being used, the network name, the IP address and subnet mask; the category (trusted, local, internet, etc), and any custom rules for the network. While global rules are important, those of us who roam (and our numbers are increasing), are primarily concerned with the security and performance of the network we are currently connected to.

Don’t see a stealth option for the network. Possibly I am blind, or its on by default.
Posted by: gderreck
Status : Pending

25. I'd also like to see option to switch between advanced (current program control) and simplified where you have just 1 Allow/Deny dialog for each program (like ZoneAlarm does for example). Usually if program connects outbound it also requires inbound or vice versa. So in simplified mode if i allow some program it's allowed for all ports inbound and outbound. Some of us don't need so verbose and thorough program control.
    

But simple control whether one program can connect or not connect at all would be enough.
Posted by: RejZoR
Status : Implemented since 2.3.0.19 BETA

26. Please add an explorer “shell integration” for CPF like the one of CAV.

This integration should have at least the features:

“Comodo firewall” → “add to trusted applications”
→ “block this application”

and it should appear when clicking with the right button of the mouse over an application.

It will be an enormous help for reducing pop-ups and will help with full screen applications.

Also it will prevent untrusted-suspicious programs from connecting at the internet before they run for the first time.
Posted by: pandlouk
Status : Pending

27. What do you think of the idea for when a user ‘allows’ a program to access the internet etc the program is sent to Comodo to automatically be checked by Comodo and added to the ‘safe’ list or ‘block’ list depending on Comodo’s analysis of the program. Similar to how Windows Defender works with the SpyNet community.

This feature can be turned off if users worry about their privacy.
Posted by: mike6688
Status : Implemented since 2.3.0.19 BETA

28. It is just a cosmetic thing, but could be the hardware page in CPF changed/reworked? Well, I dont exactly work on a Pentium or Pentium II Tongue (it is AMD Athlon 2600+ XP). I know this isnt an important feature of a firewall, but it annoys me sometimes. Or maybe this hardware page could be removed completely.

Just my thoughts…
And thats the thing I like about Comodo - the great team listens to their software users (customers).
Posted by: mad
Status : In Progress

29. Please ad an option like the one nod32 has to automatically upload suspicious files. It should be added in both CPF and CAV.
    

Posted by: pandlouk
Status : Implemented since 2.3.0.19 BETA

30. I was wondering if you can add an option to change the default blue color of the CPF and the other programs. something like the "nero startsmart" or the "windows media player" ability. Blue is my favorite color but I like to change every now and then.
    

Posted by: pandlouk
Status : Pending

31. I'd like to know if it is possible to unlock automatically blocked IPs (during the time of blocking) after a suspicious activity. This because the IP could be a good one, making authorized "suspicious activity". Sygate was able to unlock blocked IPs ... I'm just comparying what I knew with the new one.
    

The fact that I can contact it after blocked may not be sufficient since I might need him to contact me or answer to some requests coming from me.
Posted by: lorenzopar
Status : Pending

32. 1. When an application tries to connect to the internet, it would be useful to know the destination ip in some cases.

2. I also like mike6688’s idea of the community network for application asessment.

3. It would be nice to block the referrer for internet browsing. Or is there a feature that does so already?
   Posted by: V4V
   Status : Pending

33. I’m a laptop user and a longtime user of Tiny PF(r.i.p.). One of the nicest features of Tiny is the ability to move a network adapter into different zones. So, e.g., if I’m home connected to my home LAN via ethernet, I can put the Ethernet adapter into the trusted zone. On the road or using hot spots, I could put the WiFi adapter into the untrusted (Internet) Zone.

This is particularly effective when using a VPN. One can put the physical adapter in the untrusted zone, but the VPN virtual adapter into the trusted zone.
Posted by: lhb
Status : Pending

34. Network Monitor

35. Give a name for a rule, to easy identify it.

36. An option to enable/disable a rule from the list

37. Instead of the Criteria column, add the source/destination port columns.
    Rules

38. Add support for more protocols (IGMP, ARP, RARP)

39. Add the feature to indicate the source/destination MAC Address, if wanted.

40. Add the feature to choose the TCP flags…

41. An option to associate the rule with all the network adapters, or only one!

42. For easy understand and rule create, put all the definitions in one window, instead of have tab for source/remote ip and source/remote port. Something like this will be excellent ():
    Logs

43. Selecting one log entry, add an option to the context menu, to open the dialog to create a rule with log details.
    Posted by: VaMPiRiC_CRoW
    Status : Pending

44. I have a couple more wishes...
    

the ability to select , block , allow , → ASK ← in the component monitor.

along with destination ip’s, a tcp log would be great to.
Posted by: Scott B.
Status : Obsolete

36. I wish to have a very basic HIPS like function in Comodo fireawall like OS firewall in ZoneZlarm Pro or at least like  Application Execution Control in Kerio.
    

I know it will be an extra add-on and basically is not a function of firewall but it will give an extra edge to this nice firewall( like ZoneAlarm Pro, Kerio and Outpost are having).
As it might need a lot extra work, it can be planned for furure versions if mot now.
Posted by: aigle
Status : In Progress

37. Some more suggestions,
    

1-Pop ups for incoming attack blocked from right lower corner of screen( with the option to disable them) like in Zone Alatm Pro.

2-Option to refresh the application list, so that the uninstalled applocations will be removed from the list automatically.

3-Comodo firewall should be resistant to be disabled by any malware(option of protecting self 3-termination). BTW, I don,t know how resistant it is at the moment in this regard( ZoneAlarm is said to be resistant while Kerio is not as I know)
Posted by: aigle
Status : Pending (3 is implemented since 2.3.0.20 BETA)

38. I personally would like a feature that allows me to use block lists…
    Such as those used for example by Peer Guardian ( http://phoenixlabs.org/ )

Another nice feature would be making the firewall modular, although the protection is free, you could also make revenue by selling these modules such as an advanced VNC with authentication and logging

Timed services would also be a useful feature, I sometimes require use of a VNC in the evenings however not during working hours, being able to have features such as this only available between specific hours would reduce security risks and be useful.
Posted by: UnseenMenace
Status : Pending

39. I would also like the option to scan during bootup as ‘some’ virus, malware and trojans can be trickey to remove once windows has booted.

It would also be nice to have a screensaver that runs the antivirus while the system is idle (This post is off topic so you may wish to disreguard this post)

Status : Obsolete

40. Just one item right now, because I haven’t had a chance to really kick any tires yet. Smiley

In the CPF log, please add all actions taken when replying to alerts.
I.e. Alert - Allowed - Denied and if Remember Answer (Y/N)

Right now, if I allow an alert or select remember answer, the log does not clearly show this.

Example : I allowed some alerts and see multiple entries like below.

High Application Monitor Suspicious Behaviour (iexplore.exe)

There is no indication in the entry that the user allowed the alert.
Posted by: adric
Status : Pending

41. Would it be possible to change the internal font used in CPF from non-serif to serif?

There are several trojans that use the fact that an upper case non-serif " I" and the number ONE (1) look the same as a non-serif lower case “l”, particularly with the Windows system default non-serif font. This can make it much harder to spot the difference between mongrel.dll (MONGREL.DLL - a valid file) and mongrel .dl1 or mongrel.dlI.

A small point I know, but the small points still count.
Posted by: panic
Status : Pending

42. In Network Monitor, add an option that allows the user to specify description for the rules. (If they allow IP in packets for an IP for example, they could then know what machine it is for instead of remembering which IP is which) Add checkboxes in Network Monitor that allows the rules to be easily enabled/disabled without having the move rules all the way to the bottom (below the block rule - this is useful since users could then test rules or turn a trusted zone into an internet zone fairly quickly) Possbily add “grouped rules” if a rule matches some packet description. (An example of a firewall that uses this structure is Jetico, which makes the firewall extremely powerful). Allow drag-and-drop of rules in Network Monitor. (it’s a hassle if you have a fairly long ruleset and you have to click a hundred times Move down to get the rule down where you want it if you are testing rules) For application monitor, add an option for “Listening/Binding”, and also give an option so that the user could customize what Zone(s) the application could bind/listen to. (Allow the application to listen/bind regardless but block incoming connections from zones that are not “trusted” for the application). Add a description for outbound DNS? Outbound DNS is so common so a description should be added?
    In my opinion, I think the Comodo Launch Pad is extremely annoying. I found it a big hassle to have to click Show Application Window after clicking the Launch Pad icon. (This is one big reason why I stopped using McAfee after they introduced their McAfee SecurityCenter feature. I found it annoying and “bloaty”) I would recommend Comodo combine these “recommdations” in the firewall interface by adding an extra tab in the firewall’s GUI. (It would save ~20MB of RAM, anyways) Although not important, maybe add a Comodo Lite version which will feature less-intensive GUI and graphics designed for people who are RAM-concious. (A lot of people wants an application that works well & fast, and the looks are not important to them.) (ex. RealPlayer - Real Alternative, QuickTime - QuickTime Alternative, Windows Media Player - Windows Media Lite)
    For the final version of Comodo, would offline activation be possible? (Some computers use Comodo to protect their LANs, yet they don’t have Internet access) In Activity → Logs, add columns to each entry so that the user could locate events more easily and not have to click on each one to look at the details. (For example, add SRCPORT, DESPORT, SRC, DES, PROTCOL etc).
    Elaborate on the “Flood Detection” feature in Comodo. Could it be disabled? Does it only apply to inbound connections & established connections? What if the firewall is configured as a “stealth” firewall?
    Activity Icon (and lights) as some might have already suggested - I loved how Jetico shown green up and down arrows when there were traffic and red up and down arrows when some/all traffic are blocked. ARP Poison Prevention and Detection (prevent spoofed ARP packets and middleman attacks). Password Protection. And Custom/Internal International Language Support (.LNG file support or built in internal languages).
    (I did make some edits to the information in this post)
    Posted by: memo1337
    Status : Pending

43. Firstly and Foremost. The one most annoying thing about this otherwise excellent Firewall.
    

Are the warnings about “Refuses to communicate with Comodo Personal Firewall”.

All my other security apps. As soon as I boot bring this message up in Comodo. And allowing it just ensures it will come back on the next boot. However with KAV v5 Personal. Everytime it wants to do a definitions update (which is once every 3 hours for me) it cant do it as it brings up this warning.

Second suggestion. Is because i just wanted the Firewall running to save on system resources. I disabled the Comodo Launch Pad from my start up registry. So just the firewall loads on boot up.

However the problem with this. Is that there is no icon for the firewall now in the running task bar.

And if i want to view logs or make any changes to CPF i have to load and run up the Launch Pad to make any changes. This then brings the icon in the task bar. But greatly! increases system resources because more processes are running.

So as a suggestion would you consider releasing a Comodo Firewall lite version that does not have the Launch Pad. Or a smaller on resources Launch Pad perhaps
Posted by: Anthony1uk
Status : In Progress, Pending

44. -add an ok button to close the details page of a popup.

-update the applicatin information so that it correctly identifies an adapter. cpf identifies my intel 2915 abg wireless adpater as ethernet.

-add a link to google that would do a search for an application in a popup. hard to allow or deny an action if the user doesn’t know what the file is (or isn’t).

-add options in create a zone to stealth the connection, disable file and printer sharing, etc. this would save creating additional rules.

-create an option to save the firewall configuration to a folder of the users’ choice. would be handy if the application is uninstalled then reinstalled eg after a reinstall of the operating system.

-add a wireless intrusion module that would scan for all networks or computers attempting to, or available to connect to the users’ machine. this would allow the user to allow or ban locations. perhaps the mac address would be a good criterial to use.

-allow the user to allow or ban applicatins based on a zone. this would be useful where a user disconnects from their home interent connection and goes to a public wireless hopspot where there is no encryption of transmissions. maybe a user would allow an application to connect through an ethernet connection, but not in a wireless environment where their info could be intercepted. this assumes that cpf save zone configurations for use whenever a user connects to a particular network.
Posted by: gderreck
Status : Pending

45. 1) dump the launchpad and make a tray icon for cpf. I feel the launchpad is unneccessary bloat.
    

2. The ability to do an unattended install from a slipstreamed install cd. w/ regsitration code held in .ini file or something.

3. Activation possible without inet connection.
   Posted by: Scott B.
   Status : Pending, In Progress

46. How 'bout from the Connections pane, having the ability to Right-click on an entry and select the creation of a new rule or outright deny or allow?
    

Posted by: dougxd
Status : Pending

47. I wish that I could right-click any entry on either the Connections or Logs screens and be able to copy the remote IP address to the clipboard. And lots of the other right-click wishes mentioned above.. whois, temp ban/unban, perm ban/unban, etc.. sound great! But, I wish that I could have right-click access to ALL of them on either the Connections or Logs screens.
    

I’m not keen on using XP’s checkpoints to backup the current settings and rules. I wish CPF would do it. Well… mainly because I use Windows 2000
Posted by: kail
Status : Pending

48. I wish that when viewing the Application Monitor Page it was easier to distinguish which applications I had blocked and which I had allowed. The little stop light icons all look pretty much alike at a screen resolution of 1920x1200 and of course, even the text isn’t all that large on a high resolution screen. Maybe text for the worlds Allow / Block could be Green / Red respectively so one could tell at a glance.
    Posted by: kda
    Status : In Progress

49. I would like to see the new fast user switching compatibility have the capability of being turned off.
    

The setting would be on by default but could be disabled for users that want to keep one administrator account always logged in while not letting other users change the settings in CPF.
Posted by: TheFireKnight
Status : Pending( Fast user switching is implemented since 2.3.0.19 BETA)

50. 1. Kill the launchpad

2. Use your new installer

3. Reduce the resources (especially the memory footprint should be lower).

4. I would prefer native windows widgets. Or a more neutral design. Your blueish one doesn’t fit to a lot of xp themes (eg. try some vista themes). Perhaps using just windows widgets would also decrease resource usage.

5.) Make the launchpad (if it is not killed completely) and the firewall GUI be handled by the firewall driver as well. I don’t like the fact that they can access the internet without a firewall warning (eg. when checking the activation code). I think that look n stop would be a good example of a resourcefriendly, easy firewall that is windows themed.
Posted by: amino
Status : Pending, In Progress

51. I would like to see a Program Setting in the Advanced Security Configuration section that allows those of us with multiple monitors to set which monitor the popups/prompts appear on.
    

This feature would be excellent for full screen games that refuse to minimize (sometimes only because they are “paused” until the firewall prompt is answered).
Posted by: m0ng0d
Status : In Progress

52. I'll try to make a suggestion that could solve the problem with online gaming applications.
    

Please add an option like “Intelligent learning mode” or “Automatic learning mode”.

How should work:

1. In this mode CPF should add all programs and their components that are lanched in “Allow” permission.And for these applications should be also activated, by default, the features “Allow invisible connection attemps” and “Skip advanced security checks”

2. A popup must ask confirmation by the user to let CPF go in “Intelligent learning mode” for security reasons.

3. The user should choose for how much time CPF should be in this mode ( a time from a minimum of 1 minute to maximum of 5 minutes)

4. In this mode pop-ups must be disabled because of #1

5. The line of the application and the components that are added as allowed by this feature should be colored (maybe in pink) to let user check them afterwards

6. Maybe integrate this on the shell of the explorer to make our life easier
   Posted by: pandlouk
   Status : In Progress

7. - A setting that let's me allow all applications do whatever they want without interfering but creating a logfile of everything that happens concerning the connection to the net. So that I can manually add all necessary rules.
   

OR

• “Learning” mode for applications that automatically generates an ALLOW rule and notifies me in a logfile what it created and when.

• Compatibility with full screen games, right now CPF tends to freeze my OS in a lot of these. That makes it so hard to troubleshoot. I’d like to give you a lot more details about what happens exactly, but I have to reboot after these freezes and after the reboot the CPF logfile is completely empty. Since the games don’t “crash”, but only freeze, I don’t have any crash logfiles or coredumps.

• A setting for no popups, more logging. I’d really prefer to let my PC run for a while in a standard “block” mode, and then have a nice logfile that exactly tells me what was blocked, when it was blocked and why, so I can add my rules manually.

• Overall more logging. CPF tells me about security risks, fine, I’d also appreciate a logfile that just tells me which programm connected itself when, where to, and for how long. Imagine I catch a virus that infects one of my “trusted” programs that is allowed to connect and do as it pleases. With a detailed log of its activity it would be possible to find out if a programm is acting suspiciously and react to it.
  Posted by: Chrono
  Status : Pending

54. I would suggest to make the whole text clickable instead of just the checkbox when popup dialogs appear.

On certain monitors it becomes quite frustrating to have to aim perfectly on the checkbox just to get CPF to remember if I allowed or denied the event in question.

Please make the text clickable along with the checkbox. It’s just basic ergonomics.
Posted by: TheFireKnight
Status : Obsolete(Feature already exists)

55. Another thing that i think it's VERY useful: please, add in the traybar an icon for AV and an icon for Firewall, to be sure that both programs are running well. I think it's useful that the user can right-click on these icons, and have a menu with the choice "Temporary disable Antivirus" or "Temporary disable Firewall".
    

Posted by: lordlance
Status : Pending

56. A minor issue: the two links in the CPF “About” window launch Internet Explorer instead of the default browser. That’s not the way it should be.
    Posted by: user4
    Status : In Progress

57. I wish the main CPF screen would remember it’s size/position between reboots/restarts.
    Posted by: kail
    Status : Pending

58. I think it would be good if you made it where you can see what program is moving data how fast. Like in Kerio PF you can see that say FireFox.exe is moving 30 kbs. I know you already show how much data it has moved now you just need to show how fast.
    

Posted by: siryak
Status : Pending

59. This can help to avoid plenty of work at little companies, schools and at small home networks. I'd also suggest to create the possibilites to share a directory and modify it's security settings (or at least some tips).
    

Examples:
\computerone\comodorules
\safeserver\rulesets\comodo\firewall

Does it sounds good? When you ever invent a silent setup - with all the settings we’d like -, please, include the possibility to specify ruleset location(s) as well.

I wonder whether it’s possible later to specify more ruleset locations: in case of vis major.
Posted by: Arkangyal
Status : Pending

60. I wonder if you could import rulesets from other firewalls (like Kerio, BlackICE, etc.): just before they are uninstalled.
    

I also wonder whether you could detect the other firewalls automaticly by service names or something(i still remember my case with the disabled and forgot Sygate).
Posted by: Arkangyal
Status : Pending(1 is obsolete)

61. How about adding a "Scan This" button on the firewall pop up if CPF suspects it's a trojan and it could then call a CAV scan (providing of course that CAV is installed)? This would alllow the user to make a much more informed decision. Further, if the object is not identified, how about an option to submit it to Comodo for analysis?
    

Posted by: panic
Status : Pending

62. Also, please add an option in the Application Monitor Group to allow logging of individual applications. A checkbox (Create an alert if this rule is fired) similar to that what you already have in the Network Monitor Group would be fine.
    

Another improvement for the logs section would be to add an additional column called ‘Application’. This would bring more transparency to the logs without having to select the details for each entry. I don’t understand why Network Monitor does not list any applications where applicable. I have to spend more time analyzing the log because of this. All I ever see is IP, ports and protocol type.
Posted by: adric
Status : Pending

63. It would be very helpful if active entries in the Connections Display could be hilighted in a different color depending on the type (ingoing/outgoing) of network traffic currently taking place. Much easier to spot network activity this way than by watching for byte count changes.
    Posted by: adric
    Status : Pending

64. 1) make all links use the default browser instead of the IE
    

2. turn off logging completely (eg. a logsize value “off” of “0” MB) (NOTE: #2 of 64 was resolved in a future post by egemen)
   Posted by: amino
   Status : In Progress, Obsolete(Feature already exists)

65. The automatic update of application signatures would be a great addition to CPF. That way less savvy users will be able to have proper security without having to mess around with too many settings.
    

AV software already does it… why not even FW software?
Posted by: TheFireKnight
Status : In Progress

66. • A global in/out bandwith speed indicator (percentage are fine, but I’d like to see raw numbers… kbps)

• An change of icon in the tray when the adapter is being used.
• A tinier footprint on the system… 50MB in memory seems a bit much?
  Posted by: tekisfanatikus
  Status : In Progress

67. Could it be possible to include bandwidth management in Comodo firewall?

This feature could be added into Comodo firewall’s activity screen between the traffic and action columns: a new column where could be a checkmark to switch the limit on or off for particular application, a slider for controlling bandwidth limit and kb indicator to show what’s the selected limit . (Feel free to make any changes you like…
Posted by: comodouser
Status : Pending

68. Please give the ability to change the lang on the fly, like nero does. It would really help when giving support at my friends (greek, italians). You could make a dll that controls the lang. The perfect example for this are p2p programs like emule, azureus, etc.
    Posted by: pandlouk
    Status : Pending

69. I wish that when there is an Outbound Policy Violation in the log, that CPF would indicate the program that was responsible for the request.
    Posted by: kail
    Status : Pending

70. I also wish that I could enable/disable Network rules. At the moment I have to invert the Action and/or push them to the bottom of the list. And on that front, if it's not been mentioned before, I also wish that the rule right menu also had Move to Top and Move to Bottom commands.
    

Posted by: kail
Status : Pending

I would like to thank Justin in helping compile all this for us! Thank you Justin!

Melih

I have two little requests:

1. Add a verbose mode for Network Monitor, that should log every packet mostly those that are
   allowed. (it will help when testing)

2. On the Network monitor rules is it possible instead of IP range to give us also the ability to select not continous LAN IPs? Lets say something like this:
   Source IP =
   Multiple IP of the same lan = 192-168-1-X
   X = a set of the adresses in the domain coma sparated from 0 to 255 = 0,3,15,162,…,255

This one will help security especially on wifi-lans

while talking to some of my friends, who run linux, an interesting subject came about.

I think it would make a nice addition, a simple button to block ping replies globally, to stop people from fishing for your computer while it is connected to the internet.

the ability to apply a “friendly name” to a network rule - e.g. “eMule” for the NM rule to allow emule traffic.

ewen

Panic I love this.

I have about 15 rules and it would help.

Another suggestion is to add a checkmark on the left to enable/disable the rules.
I hate moving them up and down. >:(

1- I wish to have an option of selectively disabling the componant monitoring for any application. Each time my AV updates, I get pop ups of unknown components in it. If there is such an option I can disable component monitoring selectively for my AV application( avagent) to get rid of these pop ups.

2- Whenever I run my browsers in a sandbox( like Sandboxie, GesWall etc), I get pop up that

" the browser Refuses to communicate with Comodo Personal Firewall"

and I get this pop up on each launch of sandboxed browser. I want a wayt to get rid of this pop up?

Outpost can use this blocklist: Resources: Ad Blocking Resources
so that would be good to be able to use.

I have outpost now and I want to get away from it so very very very much, and I want a firewall I can recomend to others who know basically nothing about a cpu yet of course need a good firewall.

I’ve heard some good about this one, Comodo, so I stopped by here. I think I ought to try the next version that has more stuff fixed. Is there a timeline for these fixes and features?
Thanks.

Edit:
oh yeah, some other security software I use can include Online Armor AV+, Norton AV, Spybot, Spywareblaster, DefenseWall, Geswall, online AV scans, SpySweeper, mvps hosts, ie-spyad, Secure-IT…

but the order of them does matter!

ewen

Hi panic.
Yes it does. But for disabling them, I have every time to move them to bottom and then up again. With a switch on/off button they can deleted/writen at the registry without loosing their number priority. (I have tried this manually and it works ; only for the official, not the beta)

I’d like to see CPF have a switch that enables a CPU use report. Both globally, and for each single rule.
Of course there would also have to be a CPU usage page/tab to show graphs/diagrams.
I would suggest putting it under the Activity page and calling the tab “Performance”.

This would be very helpful when tuning the rules for performance on the system.

Basically, it would allow you to see how much time the CPU spends processing CPF and then it would also break it down so that we can see how much time CPF is spending on each single rule.

This, along with the already present traffic graph, would help diagnose any network hogs and reorder/recreate the rules for maximum performance.

Actually, better yet… along with the usage report you should put a button to let CPF rearrage the rules for the user based on both CPU usage and network traffic for the rule in question.

Even better… make it so that CPF periodically (or at a certain threshold) offers to optimize the rules for the user.

Edward

But, if CPF was to do that amount of monitoring… wouldn’t its resource requirements also increase? In short, the very act of monitoring at that level of detail would impact CPFs performance. A bit like the Heisenberg uncertainty principle. ;D

It should only visualize it when the gui is OPEN…

Not only that, but the optimization can be triggered with a timer and the optimizations could be inserted on a separate module that gets called by the gui.

The only thing CPF would have to do in real time is log statistics… which BTW it seems to already be monitoring.

I don’t see any way it could affect performance if the capability is not always loaded in memory. In fact, I think that there shouldn’t be any more than a 5% slow down in case that CFP has to accumulate extra statistics for the rule performance optimizations.

And besides… don’t forget I initially mentioned that it could be turned on and off with a switch.

New to Comodo as of today (2.3.2.21 beta) and like it. I would like to make one small suggestion though.

If the color of the “act as server” popup could be a different color (maybe red) from the blue “connect to internet” popup. Would make it easier to distinguish between the two type of requests.

I really think noone cares about this and I am confused as to why . Why is there no referrer blocking or cookie control ? This is confusing to me as this is a great firewall outside the fact it lacks these features implemented by very powerful firewalls . Ad blocking would be nice too but , not really that important . PLEASE . Try to implement or at least say why this is not discussed . Very confusing to see so many here with ideas but , security issues like this are not talked about . Any info would be welcome and THANKS for a very good firewall

I want my firewall to be small and do only common and basic stuff. Browser ads, cookie and referrer control are all things that are browser related and should be handled by the browser. Don’t bloat the firewall to handle ANY thing that could be related to security/privacy.

Look for firefox extensions that can block this kind of things or better fake it (otherwise some webpages are broken).

Bloat ? I do not even think so . And something a browser should handle ? Agreed . However , few do the proper way . And seeing as how IE is still the most widely used , … ! Firefox is a joke . I use Opera on occasion . But , I have tested firewalls and work with an IT group . The better the software firewall , they INCLUDE referrer and cookie control . Referrer is most important . Cookie control is not a necessity . Of course , anyone that knocks me and believes these two things add bloat are sadly out of the loop of what code costs in accordance with resource . I stand by what i said . if it will not been done or considered , please let me know so I can get back to better things . I have already heard this firewall is too heavy . I do not think so . it is all in what your system can handle . In this day and time , if this firewall is too heavy , you have more important things to deal with than screwing around with a firewall . Like upgrading your system .
Many thanks

There are pleanty of free utilities out there for such things, Privoxy being one of many. It would for a fact be bloat to burden this great firewall with such things. It would be one thing of Comodo released a product for browser oriented problems, but adding them to CPF wouldn’t be efficient. The only way I would personally agree with adding such features is under the condition of a plug-in.

I will leave the comments for the rest of you . My goodness . Is everyone here someone that does not understand security ? Bloat ? For anyone who thinks such a control adds bloat , I suggest you learn of what you say before speaking . My my . Sad indeed ! Too funny . It is my suggestion as I know for a fact it does not make it bloated . I understand code . Apparently , very few in here do . Besides , do not respond to me directly if you wish to argue . Talk to the developer in here . You wish to be an ignorant to the truth so , please feel free to take it up with me in private . Thank you for your understanding in this matter . Bloat ? Too funny

Did a little exploring on the CPF today and came up with a wishlist:

• Please allow sorting using different attributes for Connections under the Activity tab. For example, I might want to sort applications according to the ammount of trafic they send and not alphabetically.
• If possible, I would like to see another sub-tab under Activity that display the current transfer rate of any application (perhaps in bar chart form to make it more ‘pretty’ ). There should also be an option to stop any application that is transmitting data under that tab so that we can stop the application at will.

I think that’s it for now. Will post more if the light bulb in me suddenly shine. ;D

Yours truly,
DoomScythe

I would like to see that the application and component monitors and the activitiy windows can be sorted on any column. Than it would be possible to see at once e.g. all the blocked/allowed permissions, components by company, the high severity events or I can sort the traffic by port/traffic.

And btw why is there a difference between the look of the permission columns in the application monitor and the component monitor?