Hi, I’ve been using Comodo Firewall Version 5 for years and years. As most others seem to agree, the interface in version 5 is nice and speedy, and well laid out. I’ve tried moving to newer versions several times on VM’s, only to be disappointed by the cluttered interface that takes far too many clicks to navigate through. I’ve now been running version 8.2 for about 5 days now, and decided it’s time to take my issues online and address just a small subset of them here.
Of course, I ran into the issue with Comodo and installing Nvidia drivers. Right clicking on the Comodo tray icon, exiting Comodo, and then running the Nvidia driver install worked. That seems to be the only solution. It’s been an issue for quite some time, and has been well complained about on numerous Internet forums. One example is here: https://forums.comodo.com/install-setup-configuration-help-cis-b137.0/-t113656.0.html
I’ve created new firewall rulesets, yet in the prompt when an application attempts to make a connection, under “Treat as”, not all of my rulesets show in the list as selections. It seems to be somewhat random which ones I’m prompted for depending on what rulesets I have created. I’ve tried deleting some of the built in rulesets, but that had no effect. I would post screenshots but I can’t upload images here.
If you create an ASK rule, this means I want Comodo to ask each time the rule is matched so I can decide whether or not to allow the specific connection, and I DO NOT want to keep it that way. There should be just a simple allow / block prompt in this case, or make it so the “Remember my answer” checkbox is NOT checked by default, otherwise this could easily ruin your ASK rule!! There also needs to be a selectable default setting for the Remember my answer checkbox in general in addition to making sure it’s not selected by default on an ASK rule.
There needs to be a view log option directly on the Comodo right click menu on the tray icon. Then from the log, you should be able to right click on an entry, and create a rule right from the log. That seems easy enough to do to help automate things!
There NEEDS to be an apply button in the advanced settings window. If you are working on creating and testing many new rules, it’s really painful to have to keep clicking OK, then have to go through many more clicks to navigate back to the rule you were working on. This is even more of a problem if you use the tray icon to navigate to firewall settings, since it’s even more clicks to return to the advanced settings window.
The advanced settings window needs auto-refresh capability and a refresh button. If you receive a prompt while you’re editing firewall rules, and the prompt makes a change to your, the rules are not refreshed. You have to completely exit out of advanced settings, and then return back to get the refreshed rules.
When prompted to allow an application access, there needs to be an advanced button that lets you edit the rule right then and there if you need to make changes (for example, to make the rule less specific) before adding the rule. This is a common, normal thing to do!
If an alert is replaced with another alert from multiple applications attempting to access the network, it’s far too easy to end up clicking Allow on the wrong application. This happened to me!
For roaming users, there needs to be a built in “Local Subnet” network zone to use in rules that’s automatically discovered. Not all places use private IP address space, so you can’t just create a rule with 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, etc. for general use. Rather than screwing around with the auto “Home” network detection, it would be much better just to be able have rulesets use a “local subnet” zone.
Some users have reported that disabling file source tracking in CIS allows Nvidia products to install/update. You can find that setting in the advanced sandbox settings.
When you get a firewall alert and click “Treat As” it will only load rulesets that answers the traffic in question. For example, lets say you have a ruleset which ONLY says “Block IP In From 192.168.1.1 to 192.168.1.2 where source & destination ports are Any” and you get a firewall alert for 127.0.0.1, the rules in the ruleset doesn’t say what to do with 127.0.0.1 in any situation so it can’t be used to answer the alert.
The “Remember my answer” box should remember your previous action, if it was ticked then the next alert will have it ticked, if it was unticked then the next alert will have it unticked. I agree that a setting to make a default selection would be nice but I personally prefer it the way it is.
Agree and I think there are wishes for those suggestions already.
Agree completely, it’s a pain. Already a wish for this.
Agree again, not sure if it’s already a wish or not.
Agree yet again and I think there’s a wish for that.
Sounds like a bug, I believe it’s supposed to only show one alert at any moment and then queue alerts.
Hi and thanks for the reply and answers. I will check out the file source tracking option next time I install CIS on a machine with an Nvidia card.
For #2 - thanks for clarifying how the ruleset display is designed. Where I have a problem then with that functionality, is that there’s a lot of apps I only want to give certain access to. So while the immediate popup alert may not apply to all the rulesets, I think I should still be given the option to choose any of my rulesets to apply. For example, let’s say I installed a new application, and it’s trying to call home to its developer and send whatever information from my computer (as you know if you are a Comodo user, many applications attempt to do), but I only want the app to communicate with my local network, and a couple of remote network on the Internet, of which I have created a ruleset for. That ruleset would not be displayed as an option. That doesn’t sound like good behavior?
For #3 - I noticed the “Remember my answer” checkbox defaults to the last checked state. That’s fine since in some scenarios, you’re likely to run into a series of prompts where you’ll always want to either remember all or not remember all. However, under certain circumstances like I mentioned, you should be able to override that default state, especially when you create an always ASK rule, since if you leave it checked, it would override that ASK rule.
For #8 -The issue happens if the current alert is just about to time out, you’re about to click Allow, then the alert times out, and another alert pops up immediately in it’s place, and you end up clicking Allow on the wrong alert. It shouldn’t be that likely that it’s going to happen, but of course it happened to me :-\
For the rest, I’m happy to see you’ve noticed some were already on the wish list, and there’s some agreement :). I’ll have to go through the current wish list when I get some time.
In the ruleset you can make a rule at the bottom that says “Block IP In/Out From MAC Any to MAC Any Where Protocol is Any” that ensures that it can be relevant for all firewall alerts. (Remember to make it at the bottom since the the higher up it is the higher the priority, you don’t want it to have higher priority than the allow rules.
In certain situations that could be considered desirable, for example if you make a broad ask rule (for example ask about everything) and then you want to permanently allow certain connections that is asked about while only temporarily allowing other connections. I do however agree with that there should be an option.
I see, you can increase the alert timeout in each modules respective advanced settings, so firewall alert timeout can be found in the advanced firewall settings, I have mine set to 999 seconds.
It looks like I may have found a bug then with ruleset selection in “Treat as”. I added a “block any any” at the end of the ruleset that was not showing up in the alert dialog under “Treat as”. The ruleset still didn’t show up. Right before the “block any any” rule, is an “ask any any” rule. When I removed the ask any any (actually temporarily moved it below the block any any), the ruleset did show up under “Treat as”.
The ruleset is simple:
Allow all local rule (permits all traffic to and from all private networks - ie 192.168.0.0/16, 255.255.255.255, etc)
Ask all
Block all
So it looks like the ruleset selection has a bug with an ask rule?
I had played around with enabling the alert timeout, but ran into a problem with it. If you’re in a rush to get the alert out of the way, and press Alt-F4 to close the alert box, you won’t get any new alerts until the timer expires! Sounds like yet another bug?
Actually I think that is as it should, I didn’t consider ask rules that much in my initial statement. Think like this, if you would have answered with the ruleset then it’d think you answered “ask” with “ask”
I guess that’s a weird scenario, since as you said, if it did give you the option to select a ruleset that had ask in it for the current connection attempt, and you applied that rule, then Comodo would have to ask again what to do. I guess that’s fine though. That also goes back to my original post, that they should do something else with the ask rules - like just an allow or block for the current connection attempt. Perhaps not a lot of people are using ask rules.
I’ll have to review the documentation and possible put this and the second issue with the alert timeout in as bugs.