I just have downloaded and installed CPF and before I write anything else: THANK YOU for this fine product
Now my view/concern: I am kind of a pro user (admin since years) and have used Sunbelt PF before. What I am missing is the exact approval of IP-Adress and Port. Yes, it IS possible to do so manually. But why not when I approve in learning mode?
Programs which connect to 127.0.0.1 (localhost) are approved for ALL IPs and PORTS AND wheter they use it or not, both TCP and UDP. Why is that? Why is there no simple method in learning mode to choose: Yes, let programm xy use THIS IP and THIS port over THIS protocol…nothing else?
Maybe I have overseen something or are simply looking in the wrong place?
I think what you’re after is in Security > Advanced > Miscellaneous > Configure > the 2 loopback check options and the Alert Frequency Level, which can be adjusted to High or Very High, thereby generating each attempted connection’s IP, protocol, and port.
If you set the Alert Frequency above the default Low then even you’ll naturally receive more alerts from Application Monitor, regardless of what you did with Network Monitor. Yes the order is from top (highest priority) to bottom (lowest priority), but Application Monitor is checked by CFP first then Network Monitor.
Network Monitor is universal and has the final decision on how ports and such are defined, whereas Application Monitor is application-specific.