Feedback / Feature requests / Questions

Hello, I am a long time user of this software, and I have some ideas regarding improving it a bit. I would really appreciate the developers feedback on these:

1. When clicking on the ‘Blocked Applications’ log:

A) It would be really nice if there were a way to right-click on each item and with one click instantly go to the corresponding event log. The way it is right now, the user has to check the blocked applications log, then manually open the ‘View Logs’ event log area to find more details, and scroll through it manually.

B) Question: In the ‘Unblock Applications’ window, when ‘Unblock for all security components’, is this any different from ‘Add to Trusted Files’ in the "Active Processes List (Contained Only)’ log?

2. In the ‘Blocked Applications / Unblock Applications’ window, you can right-click on items and select ‘File details’, but i the ‘File rating’ tab, the user rating ‘Rate Now’ option is grayed out.

A) It would be nice to be able to use this option from within this window.

B) It would be nice if the ‘File details’ option was available in the ‘Contained apps’ log as well.

3. In the ‘Firewall Event’ log, it would be really nice if there was a way to see which firewall rule blocked the event. For example, IPv6 traffic, loopback traffic, fragmented IP traffic, anti-ARP spoofing, or which specific block rule from within the Firewall ‘Application rules’. This would also make it possible to more properly use the ‘Advanced Filter’ option.

4. When running software in the Container, it seems common than a lot of them either take a really long time to open, or stall out and do not open at all. I am on Windows 10 Pro with all updates, and have tested this on several different fresh installs of Windows. Is this a known issue, or is there something I can tweak to help with this?

5. In Advanced settings / Firewall / Application rules and HIPS / HIPS Rules: it would be really nice to be able to right-click on items and have the ‘File details’ option.

6. The current ‘Learning Mode’ creates general/broad rules. It would be really nice for it to create very precise/exact rules (Verbose Learning Mode) regarding each and every action applications do:

A) For the HIPS module, this could be rather detailed and rather extreme.

B) For the Firewall module, this might have to be somewhat more limited/reasonable, for example not creating rules for specific IP addresses, just the protocol/port etc.

This would be nice for users that like fine-tuning their systems, but want to take advantage of the learning modes.

7. Under ‘Website Filtering’, the ‘Allowed Sites’ and ‘Blocked Sites’ rules list categories for ‘Safe Sites’, ‘Malware Sites’, and ‘Phishing Sites’, but when viewing the ‘Categories’, the only one that actually shows up is ‘Exclusions’. Is this on purpose (proprietary), or an error?

8. Does the information from ‘Send anonymous program usage statistics to COMODO’ get used in the statistics here Comodo Transparency Page - Historical Statistics ?

If so, it would be a cool feature to include a link to those statistics in the ‘Logging’ settings window. It might even increase the amount of users that leave this box checked.

9. In Settings / Updates, I have the option ‘Use full signature database’. I am using the stand-alone Firewall installation, without the AV.

A) I am curious how this option applies to the version I have installed.

B) When I view the online help database, I cannot find any information regarding this feature: https://help.comodo.com/topic-72-1-766-9134-Configure-Program-and-Virus-Database-Updates.html Does it provide any additional security (even if at the expense of system resources)?

10. Is it possible for the ‘Enable Trustconnect alerts’ option to detect if an alternative VPN is being used, or would that require specific whitelisting of other VPN providers / not be feasible? It is a nice feature, but I already have a dedicated VPN. No big deal either way, just curious.

11. Most VPN products have built-in ‘firewall’ option that allows the user to disable all internet access while not connected to the VPN. Would it be in the scope of Comodo FW to implement a feature like this, for allow the user to specify the VPN/Adapter/Connection specifically? Regardless of other software providing this feature, it would be re-assuring if the Comodo FW itself enforced it.

12. There are Firewall Rulesets for ‘Web Browser’, ‘Email Client’, etc., but Comodo FW does not automatically apply these to known browsers, and instead, automatically applies general Allow all outbound rules. Is this on purpose, or is this going to be implemented in the future?

13. Under General Settings / Configuration, there are the three default configurations. As soon as the user starts tweaking settings on their own, the configuration technically becomes a personal configuration, but the ‘Status/Active’ is still applied to one of the original default configurations. In order to Export the current personalized configuration, the user must select the ‘Active’ configuration, but at first this can be a bit confusing.

A) I suggest that upon any tweaking of settings that differ from the selected default configuration, a fourth configuration is created, with an arrow that signifies its source configuration (Firewall Security, etc.), and is titled something like ‘Personal Configuration’.

I know this is a really small tweak, but think it would provide a little clarity and be a nice little feature.

B) When exporting a modified configuration, the prompt ‘Would you like to save your changes to the current configuration before exporting it?’ comes up. At first it seems implied that the changed to the existing default configuration are going to be saved to said configuration.

A) I think it would be more clear if it was worded ‘Would you like to save your personalized changes from the current configuration before exporting it?’. Maybe not that exact wording, but something that makes things a bit more clear.

B) The ‘Select a path to export the configuration’ window does not seem to refresh itself when creating a new folder from within the dialog, making it hard to rename said folder or save in it accordingly.

C) Upon Importing a custom configuration, it would be nice if the default name it was imported as was 'COMODO - * Security ‘Filename Security’.

D) It would be nice if the software prompted the user ‘Would you like to automatically Activate the imported configuration’.

E) When activating a new configuration, the user is asked if they want to save the changes to the current one or not, but when clicking ‘Yes’ it overrides it, instead of asking what to save it as, or verifying override. This results in the default configuration provided with fresh install to be overwritten, but maintains the original name, which can be confusing later down the road.

F) It would be nice if there were an option to reset the default configurations.

14. Option to enable DNS resolution in prompts.

15. In ‘Advanced Settings’ window, add ‘Apply’ button to each area, so settings can be applied without closing the window.

16. Rulesets do not update in the active settings window while they are being applied via prompts. The only way to get them to refresh is by closing and re-opening the settings window.

A) Automatically refresh settings on a pre-set interval.

B) Button to manual ‘Refresh’

C) Automatically refresh upon switching between different windows (for example ‘Applications Rules’ / ‘Global Rules’).

15. Option to display more detailed network monitoring information, such as in LittleSnitch MacOS Firewall has. The ‘View Connections’ window and Killswitch provide some of these features, but something that can be displayed in the main CIS window, which provides extra details (other than just the 3 most active processes), especially the geolocation mapping, would be really stellar! Maybe the ‘View Connections’ window could be updated to have an optionally enabled geolocation map?

The DNS resolution feature I requested above, would also be really nice if it was implemented in the ‘View Connections’ window as well.

16. The issue of rules getting deleted at shutdown seemingly has still not been fixed. Several simple solutions have been proposed, but Comodo fails to acknowledge and address them. This has been an issue for a very long time, and it is very disappointing that nothing is being done about it. https://forums.comodo.com/verified-wish-reports-cis/hips-rules-disappear-randomly-m1897-t100199.0.html

17. Ability to filter traffic per Service (to differentiate svchost usage). https://forums.comodo.com/firewall-help-cis/svchostexe-and-system-trying-to-access-internet-t126188.0.html

The free software Private Win10 is able to do this:

I edited your post to combine all your other posts into a single post so it is easier to read. As for what your asking for, most of your suggestions are already asked for as wishes, you just have to search for them, and some are logged internally that don’t point to an existing forum wish topic. So they are aware of these wishes, but they have been ‘wished’ upon for years, but they may never implement them or take years to getting around to adding them CIS. I’ll answers some of your concerns.

A) It would be really nice if there were a way to right-click on each item and with one click instantly go to the corresponding event log. The way it is right now, the user has to check the blocked applications log, then manually open the 'View Logs' event log area to find more details, and scroll through it manually.

Unblock applications was never designed as a replacement to the event logs, which causes so many complaints and confusion from many when they added this feature. If something is blocked and you want info as to why then you must review the corresponding logs, the unblock applications is only meant to easily unblock things from a single area instead of digging through the various settings to get applications to work correctly.

Question: In the 'Unblock Applications' window, when 'Unblock for all security components', is this any different from 'Add to Trusted Files' in the "Active Processes List (Contained Only)' log?

Yes because it allows creates exclusions/rules for each component in addition to setting the file rating to trusted.

4. When running software in the Container, it seems common than a lot of them either take a really long time to open, or stall out and do not open at all. I am on Windows 10 Pro with all updates, and have tested this on several different fresh installs of Windows. Is this a known issue, or is there something I can tweak to help with this?

This is a bug with applications that require UAC/elevation and will be fixed in the next release.

6. The current 'Learning Mode' creates general/broad rules. It would be really nice for it to create very precise/exact rules (Verbose Learning Mode) regarding each and every action applications do:

A) For the HIPS module, this could be rather detailed and rather extreme.

B) For the Firewall module, this might have to be somewhat more limited/reasonable, for example not creating rules for specific IP addresses, just the protocol/port etc.

For HIPS it would cause way more performance hit and take longer to complete especially for doing this for every running application, for the firewall you need to change the alert frequency to the desired level to the specific detail rule creation, though it is not specified in the help that it applies to training mode or create rules for trusted applications option. e.g. set alert level to high and rules will be based on destination ports, whereas low will create a rule for each direction connection attempt.

7. Under 'Website Filtering', the 'Allowed Sites' and 'Blocked Sites' rules list categories for 'Safe Sites', 'Malware Sites', and 'Phishing Sites', but when viewing the 'Categories', the only one that actually shows up is 'Exclusions'. Is this on purpose (proprietary), or an error?

Yes on purpose due to that the urls for those categories are stored in the back-end system that is dynamically updated so you will never see the full content of those categories.

9. In Settings / Updates, I have the option 'Use full signature database'. I am using the stand-alone Firewall installation, without the AV.

A) I am curious how this option applies to the version I have installed.

B) When I view the online help database, I cannot find any information regarding this feature: Comodo Internet Security Software Updates, Download Software Updates | COMODO Does it provide any additional security (even if at the expense of system resources)?

It is easier to maintain a single UI that can be interchanged when switching between versions, so having that option doesn’t have an affect on firewall only installs, and yes the help needs updating.

I edited your post to combine all your other posts into a single post so it is easier to read. As for what your asking for, most of your suggestions are already asked for as wishes, you just have to search for them, and some are logged internally that don't point to an existing forum wish topic. So they are aware of these wishes, but they have been 'wished' upon for years, but they may never implement them or take years to getting around to adding them CIS. I'll answers some of your concerns.

Thanks for doing the merge, I was typing a lot of it as I worked my way through the interface / noticed issues, so it was a lot easier for me to type up a bit at a time. I did search through the forums a decent amount, but it is a bit hard to always find the exact wording required using the search interface, and there are indeed a lot of posts to go through.

It is nice to hear that Comodo is aware of these issues/requests. I honestly have to say that I miss the days when umesh was interacting in the forums and implementing/patching things left and right. Nothing against shane, or whoever is in charge now, as I understand a lot of the resource management is up to Melih and Co. I do not think it is a matter of inability, more so a matter of resources, from what I can gather anyway.

It is true that the majority of people using Comodo CIS/FW lean towards using it because it is free, but there are a lot of people out there (like myself) that would rather pay for it and have a higher level of interaction from Comodo in these forums and quicker progress made in the product. I understand that there are pay versions, but they literally provide nothing that I am interested in. I don’t need the ‘guarantee’ or whatever it is called, or the other features. I would be more than happy to pay a premium fee for premium attention to my feedback/requests, that would be more than a bargain. I imagine if Comodo provided a special subscription, for maybe 75-100$ a year, and showed that they are actively patching/improving this product, that there would be a decent amount of people willing to sign up.

The way things are right now, the premium (pay) versions of CIS literally attract novice users that a) are not likely to see the benefit of the advanced features in this product, and b) are not going to go through the effort of doing real troubleshooting and critical thinking here in the forums. I also really think that even the novice users are not being very enticed to sign up for the pay versions based on the current offerings. Honestly, I would pay 200-300$ a year if I knew shane or whoever the lead developer is, is going to go hard digging through forum feedback and actively implementing fixes/features the way umesh was allowed to.

I also think Comodo messed up in the past by trying to focus on so many different projects at once, and should really focus on just CIS. the browsers, rollback software, and all that other stuff are (no offense) worthless if they are not all working properly and up to date, and (no offense) even more worthless if they are taking away from CIS development. I doubt Commodo wants to hear this, but myself and some others (what % of it’s users that comes out to - I don’t know) feel the same way about their AV product. It seems weird to me that they implemented the features of BOClean, but still have low detection rates in all of the tests that can be found, always falling back on the sandbox/hips features. It is also weird that so many AV test sites basically test everything but Comodo. I know there is some discrepancy on this, but it is what it is and you don’t see anyone that does 0day testing ever saying Comodo AV did a good job.

Unblock applications was never designed as a replacement to the event logs, which causes so many complaints and confusion from many when they added this feature. If something is blocked and you want info as to why then you must review the corresponding logs, the unblock applications is only meant to easily unblock things from a single area instead of digging through the various settings to get applications to work correctly.

Yes, that makes sense, but I am really hoping they see the benefit of having a simple option ‘Go to corresponding rule’ (or something worded similar to that). It would make navigating the GUI so much nicer, without requiring them to implement the log features into the ‘unblock applications’ area.

Yes because it allows creates exclusions/rules for each component in addition to setting the file rating to trusted.

Thanks for the info. I guess I am thinking that if the file were trusted to begin with, then it wouldn’t of ended up in there, but I guess there are exceptions, and I guess this takes those into account.

This is a bug with applications that require UAC/elevation and will be fixed in the next release.

Do you know if setting UAC to ‘never notify’ is a workaround for this issue, or maybe it is possible to further disable defender/uac in the windows settings?

For HIPS it would cause way more performance hit and take longer to complete especially for doing this for every running application, for the firewall you need to change the alert frequency to the desired level to the specific detail rule creation, though it is not specified in the help that it applies to training mode or create rules for trusted applications option. e.g. set alert level to high and rules will be based on destination ports, whereas low will create a rule for each direction connection attempt.

My hope is that they implement the verbose learning mode for people like me that want to fine-tune everything, but do enjoy using the learning mode. To some extend the learning mode is necessary to prevent PC from locking up, but it is much easier to create proper rules using the prompts, rather than edit each rule line by line. It is understandable that it would require more PC resources, but anyone who enabled it would more or less be an advanced user and be able to deal with the temporary speed reduction while initially setting up their rules.

Yes on purpose due to that the urls for those categories are stored in the back-end system that is dynamically updated so you will never see the full content of those categories.

Thanks, I figured that was more or less the case, but was just a bit curious if it is just because of the effort to implement the GUI being able to navigate these settings, or if it is on purpose to protect proprietary lists.

It is easier to maintain a single UI that can be interchanged when switching between versions, so having that option doesn't have an affect on firewall only installs, and yes the help needs updating.

So, to the best of your understanding, this rule only applies when the AV is installed? That is what I figured at first guess, but was just curious if there was an aspect I was missing.

18. When clicking options in the System Tray CIS Menu, leave the menu open until the user clicks outside of the menu. This way, it is easier to quickly enable / disable multiple features without having to keep clicking on the icon.

19. Ability to add folders/files to the ‘Blocked Files’ area in Hips/Protected Objects

The help file hints this should be possible, but right not it only allows Applications/Running processes

Edit: It does allow adding files, even though the ‘Applications’ option must be used, and you can afterwards edit the rule and change the file location to a folder location, but it definitely needs some fixing.

Edit: After testing, this still definately allows (at the very least) any trusted application to access it. If the purpose of ‘Protected data’ is to prevent contained / limited applications from accessing it, then this should prevent anything not specifically allowed from accessing it (the help file seems to agree with this).

Edit: In the HIPS Ruleset editor, there are ‘Access Name’ enties for Protected COM, registry, and files/folders, but no options for Protected data or Blocked files. Seems this has not been implemented yet?

Regarding #6:

6. The current 'Learning Mode' creates general/broad rules. It would be really nice for it to create very precise/exact rules (Verbose Learning Mode) regarding each and every action applications do:

A) For the HIPS module, this could be rather detailed and rather extreme.

B) For the Firewall module, this might have to be somewhat more limited/reasonable, for example not creating rules for specific IP addresses, just the protocol/port etc.

If I turn on Custom / Paranoid mode, turn off Auto rule creation, and turn on 'Do not show popup alerts: Allow Requests", then everything is allowed, but no rules are created. My hope was that since I have ‘Set alert frequency level: Very High’ and ‘Set popup alerts to verbose mode’, was that it would automatically create detailed rules as needed, but instead it acts as if those components are simply disabled. Changing this to act in accordance would solve this request and do so in a way that would not affect users that want to keep things simple. It seems should would be an easy fix, so hopefully Comodo is willing to tweak this. That would be really awesome if they did and really make this product exceedingly more powerful and granular in the process.

20. When creating rules via prompt (HIPS), the prompt does not allow for detailed enough rules. For example, if a program needs to access a lot of protected registry keys, the sensible solution would be to simply allow access to all protected registry keys, rather than click ‘Allow’ a thousand times. The main issue with this, however, is that if one goes into CIS settings and manually changes the rule to ‘Allow’ (all) Protected registry keys, and then hits ‘Ok’ and saves the settings, the prompts from before have no way to close them, and when hitting ‘Allow’ on the prompt(s), it over-writes the manual change to the settings, changing it back to ‘Ask’. The same can apply to the FW module, in that it would be nice to use verbose (high alert) mode, but customize rules through the prompt (All IP, instead of specific IP) in some cases. These issues would be less of an issue if verbose learning mode was possible, but definitely still be an issue. The Web-browser rule is great for browsers, but other applications that access the internet may have different requirements.

When creating rules via prompt (HIPS), the prompt does not allow for detailed enough rules. For example, if a program needs to access a lot of protected registry keys, the sensible solution would be to simply allow access to all protected registry keys, rather than click 'Allow' a thousand times. The main issue with this, however, is that if one goes into CIS settings and manually changes the rule to 'Allow' (all) Protected registry keys, and then hits 'Ok' and saves the settings, the prompts from before have no way to close them, and when hitting 'Allow' on the prompt(s), it over-writes the manual change to the settings, changing it back to 'Ask'. The same can apply to the FW module, in that it would be nice to use verbose (high alert) mode, but customize rules through the prompt (All IP, instead of specific IP) in some cases. These issues would be less of an issue if verbose learning mode was possible, but definitely still be an issue. The Web-browser rule is great for browsers, but other applications that access the internet may have different requirements.

I like the way you think. I got a few laptops, but the one laptop I use I have is setup up so its very granular with lots of hip rules. Everything is extremely well controlled. It gets the full drama treatment. (not too many hip rules or comodo will forget (its a known bug. It wont get fixed because it'll require alot of code rewrite and it only affects less then 1% of comodo users because most people dont write an extreme amount of hip rules)

Do you know if setting UAC to 'never notify' is a workaround for this issue, or maybe it is possible to further disable defender/uac in the windows settings?

No it doesn't matter what UAC is set to, it will cause apps to load slowly if they require elevation.

After testing, this still definately allows (at the very least) any trusted application to access it

Blocked files makes sure nothing is allowed access to the file regardless of rating and there is no exceptions that can be done to allow access other than removing the file from blocked files. If you want to block a folder the path needs to end without the trailing backslash e.g. folder*, if you use folder\* then yes the folder is accessible but everything within it is not.

If I turn on Custom / Paranoid mode, turn off Auto rule creation, and turn on 'Do not show popup alerts: Allow Requests", then everything is allowed, but no rules are created. My hope was that since I have 'Set alert frequency level: Very High' and 'Set popup alerts to verbose mode', was that it would automatically create detailed rules as needed, but instead it acts as if those components are simply disabled

Only way rules are auto created is only done through training mode or create rules for trusted applications setting, also verbose mode only applies to HIPS alerts.

When creating rules via prompt (HIPS), the prompt does not allow for detailed enough rules. For example, if a program needs to access a lot of protected registry keys, the sensible solution would be to simply allow access to all protected registry keys, rather than click 'Allow' a thousand time

That is exactly what verbose mode alerts does, it specifies each unique action when enabled, or just one alert for each access right when disabled.

[Quote=Jay2007tech]I like the way you think. I got a few laptops, but the one laptop I use I have is setup up so its very granular with lots of hip rules. Everything is extremely well controlled. It gets the full drama treatment. (not too many hip rules or comodo will forget (its a known bug. It wont get fixed because it’ll require alot of code rewrite and it only affects less then 1% of comodo users because most people dont write an extreme amount of hip rules)
[/quote]
For now, you can bypass worrying about these glitch, if you disable ‘Create rules for safe applications’. It happens when that setting is applied, during shutdown, only when there are a mssive amount of rules existing.

CISfan has suggested several fixes that would take care of this, without Comodo having to re-do a bunch of code:

Blocked files makes sure nothing is allowed access to the file regardless of rating and there is no exceptions that can be done to allow access other than removing the file from blocked files. If you want to block a folder the path needs to end without the trailing backslash e.g. folder*, if you use folder\* then yes the folder is accessible but everything within it is not.

Yes, but in my testing it seems that this feature is not working properly. I will test more and respond back if anything changes. Thank you for the information regarding 'folder' , but the GUI should definitely be tweaked in this regard to make it more user-friendly.

Only way rules are auto created is only done through training mode or create rules for trusted applications setting, also verbose mode only applies to HIPS alerts.

What I am asking for, is that if verbose mode (HIPS) or high alert mode (FW) are enabled, then the ‘Training mode’ creates more fine tuned rules, according to these settings.

That is exactly what verbose mode alerts does, it specifies each unique action when enabled, or just one alert for each access right when disabled.

The issue though, is that say for example ‘High Alert’ mode is enabled, and the prompt specifies a specific IP / Port combination. There is no way to (via the prompt) edit the rule to only allow the port, but allow all IP. With HIPS ‘Verbose’ mode enabled, the issue is that, for example, the prompt is for a specific Protected Registry Key, but there is no way to (via the prompt) edit the rule to allow access for all Protected Registry Keys. I understand these modes allow for more fine-tuned rule creation (which I prefer), but they do not allow for the user to adjust the rules as they see fit (via the prompt). Some applications need access to a wide range of IP addresses, and some require access to a large amount of Protected registry keys, etc. The user must disable the FW or HIPS accordingly, reply to the prompt, go into Settings and manually adjust the rules, then re-enable the FW / HIPS. If the user leaves the FW / HIPS on while trying to manually fine tune the rules in the Settings, then they are bamboozled by the Prompt(s), because when they click Allow on the prompt, it applies ALL the settings of either the FW or HIPS that were existing at the time of the prompt first popping up. Instead of asking Comodo to re-code a bunch of things regarding how prompts interact with the settings database, the most simple (and elegant) solution would be to allow the user to do more custom fine-tuning via the prompt itself. This would also prevent the user from being forced to constantly disable FW / HIPS while setting up new computers. A lot of the things I am suggesting might seem to some people like they are a bit needy, but I truly believe the very large majority of my requests are absolutely required for a non-miserable experience while fine-tuning CIS. CIS is EXTRMELEY well designed and EXTREMELY powerful, but the GUI has areas where slight tweaks would be absolute GAME CHANGERS.

21. Grey out ‘Create rules for safe applications’ under FW settings when ‘Custom ruleset’ or ‘Block all’ is set, and grey it out under HIPS settings when ‘Paranoid mode’ is set (while maintaining its state of checked/un-checked while being greyed out). This would be a very small tweak, but would visually clarify the configuration.

Hi somerandomcat,

Thank you so much for the time you took to write such a detailed review. We will make sure to work on every single Bug/Feature request mentioned here. The CIS team is already working on some of the bugs that you have pointed out.

You can definitely see the changes in upcoming releases.

Thanks, I look forward to the beta.

22. In ‘View Logs’, when clicking ‘Cleanup log file’, there is a pop-up ‘Logs have been successfully cleared.’. It would be really nice to have a check-box ‘Do not show this’.

23. It would be nice to have ability to copy/duplicate rules within rulesets.

24. It would be nice to have ability to manually enter multiple ports within FW rules ‘Set of ports’, rather than only have an option to select pre-defined groups. It would also be nice to be able to enter multiple port ranged within the same rule. Edit: Or basically just ability to create port sets through the normal rule creation GUI and have them applied to the Portsets section, rather than exit out of it, go to other section, then back, etc.

I have to correct you on this, it happens independently of the amount of existing rules.
I have had it happen more than once with only a few existing rules.
For me a serious reason to abandon V12 to avoid Windows registry corruption.

Does it only happen when auto allow is on?

I’m not sure what you mean with “auto allow”.
Please refer to the naming of one or more specific settings in the GUI that you would like to know about whether I had these settings on or off.
I don’t have V12 installed anymore but I still remember the settings that I’ve used.

Sorry, I was half-awake and on my phone.

I mean, when “Create rules for safe applications.” Is on.

Or, did you notice issues with rules being deleted even with this feature off?

I have always been using CIS with “Create rules for safe applications” set to on, so I had it never switched off.
The understanding from reading several forum posts is that it does not happen when this setting is switched off but this could be a camouflage to hide the real bug.

25. In Kaspersky Total Security, there is a really nice feature in their prompts called ‘Run sequence’. It shows the chain of events in which the application relating to the prompt was executed. I just noticed this feature and thought it would be cool of CIS implemented something along these lines.

26. In Sphinx Firewall, there is another cool feature where you can hover over the taskbar of said application and interact with a neat little menu. Thought I would post it here incase the VIS developers could implement it. It’s really handy to quickly change modes.