Firewall default custom ruleset bechaviour seems changed

  1. The full product and its version: (virus db - 32107)

  2. Your Operating System (32 or 64 bit) and ServicePack revision. and if using a virtual machine, which one:
    Windows Embedded 8.1 64 (very much similar to Standard Windows 8)

  3. List all the configuration changes you did. Are you using Default configuration? If no, whats the difference?:
    HIPS - Safe, Firewall - Custom, Auto-Contain - Enabled
    IPv6 filtering On.

  4. Step by step description to reproduce the issue. Or if you cannot reproduce it, what you actually did before it happened, step by step:
    0: Install current beta version
    1: Switch Firewall to “Custom”
    2: Allow any IP request of any program

It seems, that in previous versions this steps created a specific single IP rule.
In recent version, I believe just a single IP permission switched whole program to “Allowed”, which is clearly bad. It may even erase all manual rules which were set on this program.

Only switching Firewall alert frequency to high made rules work like expected: allow create a single IP rule, and any other IP still under question.
If this is connected to IPv6, any way to have feedback from COMODO app on conflicting rules or that alert answer is interpreted wider than expected?

Hello Username 245,

Thank you for reporting.We will check this and notify you.

Kind Regards,

Firewall rules are always based on the alert frequency level when answering alerts. By default alert frequency level is set to low which only gives 1 alert per direction of connection request.

If I remember correctly, in all previous versions in “Custom” mode, after program tries to connect on specific IP a message was shown (allow/deny).

After you pressed “allow” a new rule was added, with this exact IP. If program tried again to connect to different IP, a new message was shown.
To my unprofessional understanding, this is nice and safe way, you can allow a program to update from official server, but hack code in same exe of malware-bitkin-miner-etc would be blocked.

But in last version, after pressing IP alert allow and looking, what was created in the rules, I saw just “allow all to all” rule created.
No new messages will be shown if program will try to connect to other IP.

I’m not sure if this all is correct for IPv6, heard it may be impossible to filter it for specific IP.