It would be really nice, if CIS was able to display ‘Network Zones’ per individual adapter. Right now I tether my internet from my phone, tablets, and every time I swap one out, unplug/replug one, CIS sees it as a new zone. I have CIS set to auto assign new zones accordingly without bothering me, but the issues I am having are:
A) The Network Zone list gets cluttered with many different zones, which may be around 30-40, when in reality, they are only a few different devices.
B) It takes a bit of manual checking to figure out which is which, I have to check the MAC address and determine which adapter is being used.
Kaspersky Firewall is nice in this regard, as it associates each connection with the corresponding adapter. I am not sure what the best solution for my issue would be, but I do know that configuring rules based off adapters, rather than having to compare MAC addresses is a bit more user-friendly.
25. In Kaspersky Total Security, there is a really nice feature in their prompts called 'Run sequence'. It shows the chain of events in which the application relating to the prompt was executed. I just noticed this feature and thought it would be cool of CIS implemented something along these lines.
CIS already does this and provides much more information, you just need to make sure virusscope is set to monitor all applications, then click on show activates in the firewall or hips alert.
SSL Man-in-the-middle-protection = Comodo Internet Security Essentials (Option during install of CIS)
SSL Strip Attack Detection = Enable Trustconnect alerts (Unsecured Wireless Networks)
Content Tampering Attack Detection = Comodo Internet Security Essentials (Option during install of CIS)
ARP Spoofing Detection = Enable anti-ARP spoofing
DNS Spoofing Detection = Comodo Internet Security Essentials (Option during install of CIS) / Change my DNS provider to Comodo Secure DNS (Option during install of CIS)
Trusted Wi-Fi Network List = Network Zones
Block Traffic for Malicious Applications = Firewall (+Antivirus / HIPS / Auto-Containment / File Rating / VirusScope)
Low Risk Applications = ^
Apply Program Control for IPv6 NAT Traversal Traffic = Filter IPv6 traffic
Show Firewall Block Notification = Unblock Applications window / Firewall Event Log
Regarding #15, it would basically be super awesome if the Widget tool was re-created to mimic ‘Little Snitch’ ’ Network Monitor’. Then it would be super useful and overall just excellent.
Ability to:
A) Designate a location for sandbox diskspace (so I could for example, force all browser data to only be written on a RAMDisk).
or
B) Ability to configure sandbox disk-write to take place in the RAM and never on disk.
Right now I am using Sandboxie to contain my browser, only because it has option A. It also allows folders to be excluded (actually written to disk), which is great for things like bookmarks or profile configuration data. It also has templates built in for most browsers (even Brave, which I use).
Shadow Defender is a virtualization software that has option B, but it is system wide (besides exceptions).
Re-introduce the hardware virtualization option (I forget the name of the feature) that were taken out due to compatibility issues.
Support more services running in containment (like SandBoxie supports them) to be able to run applications in containment that need access to those services.
@liosant - Please feel free to add your request/suggstions to CISfan and I list. I respect and appreciate both of your input.
I really am a huge fan of this software, if they fix a few bugs and implement even a portion of the features we have requested, it will really be an amazing product. I am looking forward to the coming releases.
‘Open architecture’ like Jetico Firewall has. Basically, check-box settings like ‘Block fragmented IP traffic’, ‘Enable anti-ARP spoofing’, etc., somehow be displayed in the Global Rules section as a corresponding rule.
DDoS protection? Not sure if this is covered by the settings I mentioned above, but Kaspersky for example has a feature called ‘Network Attack Blocker’ that blocks IPs for a default length of 60 minutes if triggered.
‘Anti DDoS Guardian’ also looks like it has some interesting features. Some of them are more server specific, but some of them could probably be easily implemented: http://www.anti-ddos.net/
For No 35 regarding DDOS just enable “Do Protocol Analysis”
“Do protocol analysis- Protocol Analysis is key to the detection of fake packets used in denial of service attacks. Enabling this option means Comodo Firewall checks that every packet on whether it conforms to its protocols standards. If not, then the packets are blocked (Default = Disabled).”
Ability for CIS Firewall to intercept, capture, monitor and to setup rules for applications which use low-level Winpcap or Npcap packets to make inbound or outbound LAN/internet connections.
Current CIS versions allow all applications which use either Winpcap or Npcap to totally bypass CIS Firewall to make unprotected, non monitored and uncontrolled inbound or outbound LAN/internet connections.
