Just some questions.
1.If something is not listed in global rules, will it use default deny or allow? (Noticed ICMP blocks are gone from CIS 3.14)
2.What is the Allow Any IP rule? Why is it used?
3.If CIS4 allows every outgoing request how can I change that to a more secure option?
Thank You.
EDIT: Can someone explain to me why the ICMP allow rules are used. I do not think they are of any use as my system works perfectly well and my router blocks all ICMP packets.
If you change your configuration to Proactive you will see the difference.
That’s the problem I am on proactive and the any rule in the global rules is still there!
Sorry, I was looking at Application Rules difference and hadn’t noticed it in Global. Good questions.
It should not be there when you change to Proactive…
yeah thats a big bug. We need a fix and a fix now because with the sandbox and firewall rules bugs being reports from the RC and still has issues.
please issue a fix fast.
Those are the Application Rules, it is in the Global.
oh
It is not a bug. It is by design:
You can easily change to the stricter standard of Proactive Security Configuration:
Switching to proactive doesn’t remove that rule from the GLOBAL rules.
And can someone please answer my questions?
Thank You.
The Allow All IP Out rule has always been there.
Comodo Firewall works as follows.
Uncalled for incoming traffic will first see Global Rules and then Application Rules. With the default Global Rules all incoming traffic gets blocked unless an exception is made in Global Rules.Then it gets handled by Application Rules.
Outgoing traffic will first go through Application Rules and then through Global Rules. The basic here is that we want outgoing traffic in general (we want to connect to the web); so the Global Rule for outgoing traffic is allow. Controlling outgoing traffic is done with Application Rules.
ok what if I changed the predefined security policy OUTGOING ONLY ‘’ look at the attachment’’
with proactive configuration, then I think I’ll be notified if any ‘‘unknown’’ application tries to connect to the internet < which is the safest , right ???
[attachment deleted by admin]
You wouldn’t need that rule when in Proactive; that doesn’t mean it wouldn’t work though. Simply switching the Firewall Behaviour Settings to Custom Policy mode will alert for each program, including the safelisted ones, wanting to access the web.
Remember the basic that outgoing traffic gets handled by Application Rules.
No that sounds too many alert from Firewall …!! since i’m going to have also alerts from the safe application and then we go back to 3.14 in which my index finger got tired of clicking ’ allow ’ .However , with this configuration only unknown application is alerted which is the most important thing here … < as far as I could see…? isn’t it ? 
Thanks
Knk2006. To have the desired v3.14 behaviour you need to do as follows:
I did some testing today with the last option and on my system and you don’t get alerted for incoming traffic. I don’t know if that is by design or a bug.
That is answered in the second point of what I replied to Knk2006 in this post.
who said that I want the 3.14 back 88)>> then why would I upgrade anyway ? :a0 I was just asking if my configuration will alert me for any in/out connection established by unknown program … After I tested a couple of malicious software it seems that it works perfectly as I supposed so …
p.s. how can I receive updates for safe application if I haven’t installed the anti virus ? are they downloaded automatically or what exactly ?
What you asked pretty much sounded the old behaviour which a lot of users prefer. Hence my interpretation.
My Pending Files has Look up function and that will check online with the Comodo database.
What people may have forgotten (or never knew) is that COMODO has always had 2 layers in the firewall:
Traffic rules take president… If you remove all “Global Rules” except for one that blocked all IP In/Out, it wouldn’t matter how many application rules you set to allow access… they will not communicate… period.
A Global Rule that is set to Allow IP In/Out means that no “traffic shaping” (limits/restrictions) were enabled. What this does is put the burden on the application rules to make the restrictions. This patterns other software firewalls that use only application rules and don’t even attempt to “shape traffic”.
Would I use a global Allow IP In/Out rule? No. Would this be a setting I would call a bug? Also, no.
But… for those that don’t understand this “traffic” layer, disabling it like this also eliminates it from causing them grief when trying to figure out application rules that don’t/won’t work (without the traffic being allowed as a companion setting).
That would be true but CIS only has a block and log all incoming IP at the bottom (not block and log in and out going traffic). Removing the other ones still allows outgoing traffic if the application rule allows.
Neither is there a Allow All IP In/Out in the Global Rules; only an Allow All IP Out rule.
Ah, I should have pointed out I was replying based on the image knk2006 attached here on the first page.