Global Rule vs Application Rule [SOLVED]

Good afternoon, dear Comodo gurus!
First, want to say that I like Comodo very-very much for its great functionality and very friendly interface. (V)

Second, I’ve faced a problem. I wanted to allow all IPs to connect to my computer via RDP, so I created a global rule: Allow ANY TCP from any source port IN ANY Destination address on destination port 3389. And marked the checkbox to log the event. Then, I tried to connect. RDP client said that it can’t connect to the remote computer. When I came to my comuter, I saw the popup saying that svchost is trying to acceps an inbound connection from specified IP on port 3389. After I say “Allow and remember” - RDP connects are available(and the log entry appeared about allowing inbound on 3389 due to the global rule). Even if I remove previously created Global Rule - svchost application rule accepts the connection.

Having all I’ve said before, I have two questions:

  1. It seems logical that: if I have more general rule to accept ALL INBOUND connections, firewall SHOULD allow ALL applications accept these connections, not ask me for that. Isn’t it?

  2. Why when I pressed the button “Allow”(described above) and checked the checkbox “Remember my answer”, COMODO created an application rule for svchost “ALLOW INBOUNT TCP from IP XXX to any destination from ANY port to ANY port”, while in the popup was specified port 3389?? Again, it’s logical if it creates the same rule, but specifying the destination port 3389, isnt it?

Thank you very much for your reply in advance! (L)

P.S.: I use version 3.5.5810.432 with my Windows XP SP2

  1. Odd your global rule should have worked as inbound connections check global rules first.

  2. If you want your rules more specfic you have to change your alert settings to high or very high screenshot below.
    Dennis

Could someone who allows inbound connections (as I do not) in global rules please post advice.
Thank you

[attachment deleted by admin]

  1. Global Rules applied before App Rules.
  2. If you have allowing Rule or don’t have Blocking Rule - then CIS looks in App Rules
  3. If I allow Incoming Global Rule, it does not mean I want ANY application to recieve connection on that port (may be I swiching between some apps, that listen on the same port)
  4. Creating Rule - it is really depends on Firewall Mode + Alert settings.

Dennis2 and exproff, thanks for your answers!

I really understand now that these two types of rules stand one after another like “double wall”. And just thought that in this case we should be able to define a rule for “All applications” and successfully found this option in the CPF! Just perfect!

Thank you very much! I love this firewall much more now :slight_smile: (V)

By the way - all my words about order of Rules applying just for the case of INCOMING connections. So don’t be confused!

But isn’t it so that if the connection is OUTGOING, it’s all vise versa? I mean -

  1. App Rules applied before Global Rules.
  2. If you have allowing a connection for Application or don’t have Blocking Rule - then CIS looks in Global Rules
  3. If I allow Outgoing Application Rule, it does not mean this application will connect. It will first check for Global Denying Rule.

Am I right? (it seems obvious to me… but maybe I’ve just messed up :))

Almost right =)
Here is link on schema for Outgoing connection
https://forums.comodo.com/firewall_help/global_rules_not_working-t29923.0.html;msg216634#msg216634

Yes, just as I thought! :slight_smile: Thanks! (R)