1- It does not seem to log all events. On my system I see no logging for simple execution actions like Explorere.exe allowed to execute opera.exe etc etc. That really sucks.
2- No way to disable logging for a specific event. Most of my log is filled by useless memeory access events for ctfmon.exe
3- It does not tel whether the even was allowed or blocked. That sucks even more. Other HIPS show it very nive with blocked events in red( or some other color).
4- Also some HIPS whoe whether the even triggered a pop up or not? It,s very useful option as well.
I hope the logging can be improved in future versions.
I get this alert so oftenm with every other application " application X accessing ctfmon.exe in memory" so I made a general block rule for ctfmon.exe to get rid of this alert.
I can,t make a general allow rule as that will allow any malware to modify memory of ctfmon.exe. It was a real irritating alert and I never saw it with any other HIPS like SSM, EQS, AD etc .
You can fix that very easily. Simply go to D+\Advanced\Computer Security Policy and hlightlight Comodo Firewall Pro. Then click on edit. Click on protection settings then click modify next to interprocess memory access and add ctfmom or any other things you need to. I have a couple of posts about this helping about people. I was happening to me with Set Point.
I use ctfmom all the time cause of Word and never have 1 problem with accessing memory from any program. Ctfmom is a running process all the time and when I installed Comodo it all ready learned it.
So you deleted all of Comodo default rules when specifically there is a default setting for ctfmom and your complaining. I don’t get it. All I have ever done is installed Comodo and it works. No troubles. On both my laptop and desktop. I have also installed it on about 20 other pc’s with no troubles. All installs are at default settings.