Greeting all.
I posted similar Q once but Gurus were busy. I’m not complaining
Some App. wants to communicate through xxxxx UDP.
If I check Deny (+remember) the new rule created for that app. is:
Block All TCP/UDP In/OUT…
… I have to modify that rule (at least setting particular port)
No drama. But why?
Thanks in advance
G’day,
This is related to the Alert Level Frequency (SECURITY - ADVANCED - MISCELLANEOUS).
If you adjust it upwards, the alerts contain more specific info and the created rules conform to the higher level of detail. The down side is, you get more alerts this way. If you adjust it downwards, the alerts are looser as are the correspondingly created rules.
Like most of life, it’s a trade off, but not a biggie.
Hope this helps,
Ewen 
Hi Ewen,
Thanks for reply.
Yes. Probably it’s “no biggie” but I have to say without being too critical:
- I would like to see a bit more logic here.
Now… How indeed raising the Alert Frequency Level (AFL:-) and getting more alerts may influence creation of “remember” or “permanent” rule? Yes, user does have more info but it is user’s decision at the end. And I made it. As you can see from my description of the initial Q
https://forums.comodo.com/help/5351_udp_in_utorrent_171-t10883.0.html
Denying without “remember” blocks that one and only port correctly. I would say, it creates a dynamic/temporary/“this session” rule according to user’s choice. All other applications’ rules are in place, not discarded and application works fine…and next session I will be notified again. Good. And at the same AFL.
So why the creation of permanent/static/“forever”/'written on paper and sealed" (enough already! rule when I answer the same question would do what it does.
As a matter of fact how high should I raise that mercury slider (1 or 3 points up)?
So what I am driving at is - it is a bit confusing that a different (!) rule may be created When & If different AFL is set. It is good to know though. Thanks again for pointing that out. …
I tested the thing:
Medium – doesn’t help (app. is having blockage – needs a lot of prunes);
High will set particular port number (big relief – constipation was cured);
No more than one and the same notification came up for tested Application;
The alert contained no “more specific info”.
I hope I will be convinced that there is no other way. I do understand that there is no so speaking hierarchy in app rules. The new one created placed as a last, and then all are checked and that’s what discarded my set of rules until I edited the last “bad” one.
Probably I should put the following into Wish List:
It would be nice to have another option in the alert dialogue kinda “show this app.s’ set of rules”, which if checked will bring a list of rules for This App. only (under its current Parent) after creating permanent (“remember”) rule. It may help to raise attention without raising AFL
Thanks again and my best regards
SiberLynx
There actually is an “order” or hierarchy of sorts to the application rules. In a buggish kind of way. I think 'twas Toggie and myself that did some investigating in this area, and perhaps another user as well. Any time you modify a rule it moves to the top of the group for that application, and will be read first. So if you have a rule to Allow one type of communication and deny another, it is possible that the order after editing may impact the other existing rules for that application.
Also it was discovered that if you have a more permissive Alert Frequency level (ie, Low - where it is only interested in Application and Direction) but have rules with more restriction (such as Port information), if you respond to a popup with “Remember” and Allow, it will overwrite your more detailed rule with information to match the less-restrictive Alert Frequency. Hope that makes sense. Basically what it boils down to is that if you want to include details such as port or IP address in your application rules, you have to have the AFL set to match that amount of detail. Application rule detail does not supersede Alert Frequency detail.
LM
PS: The alerts will always show ALL the detail, regardless of the AF level. This is something that can be confusing…
Hi Little Mac,
First, thanks for informative (as usual) reply.
I found and read the thread mentioned by you about App. Rules investigation. Interesting.
“Any time you modify a rule it moves to the top of the group for that application, and will be read first. So if you have a rule to Allow one type of communication and deny another”
A comment on this one. I didn’t want to bring it when answering to Panic. It was kinda sound in a different key compare to what was actually my main concern.
I found it myself straight away before I posted 1st unanswered Q. Yes I noticed and wrote that the rule was the last one and I edited it and it jumped. When I went there to “play AFL” before replying to Ewens’ comment - the rule was indeed placed(moved) as a 1st one.
I removed it and created the new correct one on a second attempt by setting AFL High. Sorry for some repetition but what I want to point out here:
“Any time you modify a rule it moves to the top”, as you said, doesn’t work any more. I did try many times. No matter what I do with this rule now (I can even colour it pink) - it won’t move!..remains the last one… so not “any” time?
Finally, I still may not agree with current implementation and connection between AFL and permanent rule creation. Or not entirely understand it, if you like.
Taking in account that “The alerts will always show ALL the detail, regardless of the AF level” it may more than confuse less experienced user.
I can live with it though.
What would be nice to have may be (goes into Wish List again) is some helpful additional feature where user can request to check the set of rules for particular Application and Comodo will go through the list and advise about possible discrepancies / ambiguous settings. Am I dreaming? No.
Many thanks
My best regards to you & to mighty Comodo :■■■■
SiberLynx
Yeah, I have thought that myself recently, as there have been some Q’s pop up here about the app rules, AFL, and so on. The FW alerts (IMO) should correspond to the current AFL; it just makes more sense that way. If the AFL doesn’t have Port info, neither should the alert.
v3 of the firewall does have a built-in error-checker; but I’m not sure if it will go to that level of detail or not (as to check appmon rules for potential problems). Would be nice, though… One thing it does have, though (I think) is that instead of multiple app rules, I think you can add multiple definitions for the application (sub-rules, if you will). I think I remember that right. I was messing with it yesterday (beta version), but don’t have access to it today…
LM
Hi Little Mac,
Sorry for delayed reply.
Mainly I would like to express my gratitude for your time and for another enjoyable conversation with knowledgeable people.
say hello to Panic
I am very glad that we found common grounds discussing this topic.
My best regards
PS
probably it is time to write some poems for you and Ewen…
because Soya got two already - it is not fair (:WIN)
That’s right; it is not fair that Soya is receiving such preferential treatment… ;D
In the hot summer
My heart melts inside
Haiku has left the building
And I am lost.
LM
Come now. I can’t help my popularity. There’s only one of me to share. (:HUG)
Oh my God! I’ve started something else here. Haven’t I?
Very good, Little Mac!
Despite it is 4-4-6-4 syllables and 4 lines. Haiku rule is 5-7-5 and 3 lines
Probably next time you may succeed with Tanka with 31 syllables (5 -7 -5 - 7 - 7), which is – much easier.
The conclusion:
It is beautiful almost-Tanka about Haiku and soul of it as well as amusement was preserved. Well done! (:CLP)
Anyway we, “western” people, tend to break Oriental rules of Order and Unity with Nature. Otherwise we don’t feel right. Right?
So I will answer with something, style of which cannot be described, cannot be categorized, and has no definition. One thing is for sure – no Japanese connection present. In addition it is probably better sound being translated in Russian. Trust me.
*******
My PC has dual boot
Where Systems live in neighbourhood
And according to tradition
There’s XP on big partition
(Never works – I’m out of luck).
OS X sits on small partition called (exactly!) - Little Mac
When XP behaves like shmuck
I reboot to Little Mac
Little Mac will always work
Have a question? Get an answer.
It is solid as a rock!
*******
Cheers, Guys
Thanks, SL ~ once again you have outdone yourself! (:CLP)
I knew it didn’t match haiku; I merely wanted to capture the feel and sentiment… After all, that’s what poetry is all about, yes?
LM
Little Mac,
I shouldn’t even bring that remark about breaking the rule a bit.
The main thing was honestly expressed in the conclusion part.
Probably it has to be in a biggest possible font, red, and blinking, and surrounded by sparkles.
Many thanks for the judgment of my “masterpiece”.
C ya
PS
I think, the next one will be for Panic.
I have no choice ;D.
Okay, I’ve closed the thread now, as we seem to be done with the initial question. SL, if you still have questions about this, just PM me or another Mod (please include a link back here) and we’ll reopen it.
LM
PS: Just for you, I have edited my previous post… 