GLOBAL RULES & OTHER QUESTIONS

Hi,

Sorry for the length of this first message. And FYI, I am running Windows Ultimate x64 and am running this at home on my Lenovo laptop, with a WiFi setup (LinkSys Wireless-N router) and also plug in my RJ45 connection at times.

The version of Comodo that I will be running, is 4.1

I currently use PC Tools’ FW, which is app based. But after seeing how Comodo trounced it in the latest tests and that it is also app based, I decided to give it a try and installed it. But I went back, because I couldn’t figure out a couple of things and now wish to get answers first, because otherwise, I will spend a lot of time doing it the hard way and then having to go back and change it all. So I have PCT FW installed again and I say that, so that people won’t ask me to check this or that. I can’t and so, I am really looking for people who know this software well to help me out, if they would, please.

And please understand that I am not trying to be rude about anything here. I am saying this, because I do not wish to keep installing and uninstalling, to try each thing that someone who is kind of guessing at it tells me to try, only to find out they remembered wrong and have to uninstall and install PCT’s FW again and again and again.

I need to have a working firewall immediately, with what I need blocked, blocked and what I need allowed, allowed. So I need to get the basics down first, before I install again, because I need the firewall to be usable for me immediately when it’s installed. The more advanced stuff I can worry about after it’s installed and is not as immediately important.

So like I said, what I am hoping for, is people to respond who KNOW the program and not people who don’t and who would be guessing at it and saying, “I think it’s there and then there…”. That won’t help, because I’ll be writing your responses with instructions down and if they’re wrong, then as I said, I end up going through the work of taking it off and installing the other one again and asking again, etc. and I don’t want to do that repeatedly.

So please, if you’re not sure, then that’s fine. No worries. Just please let someone who is sure answer, okay? And thank you to those who can help me, in advance.

Anyway… :slight_smile:

The problem is, that the layout of the options screens, to me, make absolutely no sense. For example, there is no “link” that just says, “Applications”, as does the one I use now. I have to go into “Network Firewall Rules” or something like that and then go into another screen and then figure out what to do from there and the User Guide doesn’t really cover it in any real detail and I don’t see anything in the FAQ (unless I missed it) that explains step by step how to do what it is I need to do. So it is not intuitive AT ALL to me (are you seeing this, Comodo folks?) whatsoever!

Issues:

  1. What I am trying to do, is to set up global rules for apps, that I can apply to individual applications. You see, I will be using it basically as an app based firewall and would not switch without that ability, but since it does have it, I want the extra protection that Comodo offers.

I did find where this is done and I did set up a rule for allowing and a rule for blocking and it wasn’t tough at all. But what I cannot find, is how to apply this rule to an individual app, as I am allowing or blocking that app manually, in the program’s options screens (right click on tray icon and click on “Open” and find it from there).

I am not looking to assign it to a group of EXE’s, or anything like that. I know all of the individual apps that I want to allow/block and I want to be able to have this rule set up and then add individual apps, one by one, browsing for each one’s Exe and sit there and do them all one after the other and spend the half hour doing it and be done with it.

So instead of having a long list of apps and each saying “Custom”, I want to be able to assign this “global rule” for each one, as I add each one to my choice of “Allow”, or “Block”. And I do not want to have to set each one up “Custom” and then go back and change them all. That’s simply wasted time!

The only thing I can see on how to manually add individual apps, is to browse for the exact EXE that runs it and then tell it I want to block it, but then, I don’t get to assign the global rule. I have to go to the option that says to block an app, click on that and then browse for the exact EXE of that program that I want to block (which is fine), but then I have zero options from there. It automatically sets up a custom rule.

Once I have browsed to the app’s Exe file, I cannot find anywhere (while still setting up that app) where I can click to apply one of my global (allow/block) rules to it. So what is the point in setting up a “global app rule” to be able to assign, when it won’t let me do that, you see what I mean?

So I figure there’s GOT to be a way to do this if it lets you set up a global app rule, but I just don’t know what it is (how to apply said rule) and as I said, the options screens are just not intuitive. After all, if they were, then I wouldn’t be writing here, right? :slight_smile:

  1. I do not want the firewall to automatically add ANY application to an “OK” list! I want to have to approve of every single app! But I do NOT want to lose protection by doing so. In other words, please do not give me something to turn off, that is a hammer to solve a small problem that only needs a slight push and that would remove protection that I could keep and don’t have to turn off to be able to make it so that I can be able to manually approve of each inbound or outbound request as they happen and require that they ask me.

Don’t get me wrong, I don’t want to lose the “Remember my choice” thing. I don’t want to have to keep approving or blocking what I have already approved of or blocked (speaking for individual apps). I just don’t want any app to be able to access the Internet without my say so.

And please don’t worry about how many prompts I’ll get. I don’t care about that. That is temporary and I am used to that anyway, because any app based firewall will do that. :slight_smile:

  1. Are there any way cool tricks that folks know about this firewall’s setup, that would be way beneficial?

Thanks for helping me out!!! :slight_smile:

ok, you will not be able to read all the things that people could write with best intentions. it would look like a big hill, in your imagination (as you dont run comodo now). the first way to learn about something, is to do it!

use “custom policy mode” for firewall. make the settings in the highest way (check for ip, port ect). then each time when an application wants to go in the internet, you will be asked first. remove everything about “trusted vendors, make rules for safe applications ect”. make ONLY rules for “allow OUTgoing”. only a server or maybe p2p need INgoing rules.
use the stealth port wizard (hide me from everyone), this will create a GLOBAL rule “block ip in any”. this means, you will get requested packets, but unrequested packets are blocked.
in this moment you are safe enough to learn.
i could write books with usefull tips here. but i learned it myself, and its easy. you have to find your own view. just try it.
i always returned to comodo, because other firewalls are too complicated for me :smiley: . you see, its just a point of view. look step by step. each window, and you will understand, like i did.

GLOBAL rules are NOT for applications. applications are in the main window, next to the global rule tab (left). mostly GLOBAL rules are the first border for INcoming things.

its not necessary that everyone write the manual again in another way. ask specific questions, and they will be solved… when you find an “unsolveable” question.

defense+ should run in safe mode… remove everything about “trusted vendors, digital signatures, making rules for trusted applications ect”…

oh, yes, disable the sandbox of comodo. it could change some behaviour of the firewall in my described way. you can use a real sandbox like the free useable sandboxIE from tzuk. if you want to have a full sandbox and a full firewall (good combination).

and learn by doing!

I believe what he means by ‘Global Rules’ in this case, is ‘Predefined Rules’. You can create these, also easily, and then apply them to any or all applications of your choosing.
For the Firewall, go to Firewall/Advanced/Predefined Firewall Policies.
From here, click Add. then, give the new rule a name, and click Add (bottom left) of this window.
Define your new rule(s), click Apply, Apply, Ok to save the new rule.
Now you can use this rule with any application simply by selecting its name from the predefined rules.

I hope this helps you, GiantWaffle.
Btw, Welcome to the Forum.

Okay, first of all, thank you both for replying so quickly and for the welcome. :slight_smile:

Please, just this once, read through this post carefully, even though it is long. Otherwise, we’ll just end up going back and forth for a week. :slight_smile:

Now let me first say a few things and please bear in mind that I am only stating facts, not attitude, so please don’t take offense and please don’t get defensive. I am not angry at all and am not posting out of anger. Also please understand that caps and exclamation marks are being used for emphasis only.

First of all, I know that my post was a bit long, but it is clear to me that it wasn’t read through carefully and quite a bit was assumed about me and what I said.

TO CLOCKWORK:

*** 1) It was kind of insulting to say, “learn by doing”.

*** First of all, I have been a tech for about 30 years and have “learned by doing” quite a bit!

*** Second, since you started telling me how to install the app, it means that you assumed that I had not even installed the firewall, which means that you did not even bother to actually read my post, or at least not most of it, since had you read it, you would have known that I specifically stated that I had installed the app yesterday and that I had then uninstalled it, because I needed these two things first and could not figure out how to do them while it was installed. That means that yes, I did try to “learn by doing”. But my system is not one that can be left exposed for any length of time! Certain apps must be controlled immediately, before I run them for the first time and when I set them up, I do what I need to do in my firewall, before I click “Finish” on the program’s install!

*** Third, while you tell me to “learn by doing”, the first thing you should realze, is that the forums are for people to get help learning how to do things when they don’t see the solution and not for people to be told to just go and figure it out! And if that’s your attitude, then why even be here? Seriously, dude!

*** Fourth, I CLEARLY STATED that I have no problem with learning the more advanced features, but that there were TWO THINGS that I needed to know BEFORE I could just let the firewall run. I also stated that it is because the options screens are NOT INTUITIVE AT ALL! But I did say that I just needed to get help with these two things, because I needed the basics of allowing and blocking SPECIFIC APPS that I have already installed on my system DONE IMMEDIATELY and that I could figure out the rest later.

*** Fifth, you tell me to do other things without telling me how to do what I asked about, but don’t say why I would want to do them and don’t tell me specifically how to do them! You may think you’re telling me how, but you’re not.

*** Sixth, as for other firewalls being “too complicated”, I have been using PC Tools Firewall for some years now and I was up and running in five minutes, as even novice users installing their very first firewall are and not knowing anything about setting up a software firewall, as I had no need to have done one before that (years ago). It is that easy! But I thought I should try Comodo now, given how secure it is and how it trounced PCT FW in the last test set. Otherwise, I would have stuck with what I have.

*** Seventh, you say it’s not necessary to write the manual again and say something about an “unsolvable question”. I didn’t say anything about an “unsolvable question” and there’s no excuse for a manual skipping things!

And without intending to insult you, I must ask if you understand what a manual is for, sir. It seems to me that you must have started in computers after the printed manual went by the wayside. There wasn’t any such thing as forums and companies actually had phone numbers and real people, without 10 minute voice menu navigation, who helped you if the manual didn’t cover something, or if the way they explained it was not clear enough. And those manuals by the way, typically ranged from 50 to 200 pages and covered everything and those manuals were not really bad English, translated into English by someone who didn’t speak it that well. :slight_smile: It is a ridiculous idea to believe that manuals are some sort of “luxury bonus” that users shouldn’t feel the need for, because companies are supposed to charge you money (I know this firewall is free, but as a general rule) and then tell you “Tough!” when it comes to written help that actually covers the options and then leave you to sink or swim, while talking about how easy it is FOR NEW FIREWALL USERS to set up (which this one DOES claim), when in reality, it isn’t, unless you are already quite familiar with many aspects of how a firewall operates and how to configure one! There options screens don’t even label things as what they actually are (meaning, “What do I click on to get to this type of option set?”)!

And for a history lesson, which does NOT come from frustration, but just historical fact and so you can understand, forums were not put up to help you. They were put up to get rid of you! That’s why it’s users here helping each other, with the occasional support person and that’s why companies now have just a couple of people who do support and they usually have to split that with their regular job, which their bosses expect to get done as if they didn’t have the support work taking up some of their work time. And even in forums, many times, you’ll get the “smile and nod” from support folks in forums (I’m not saying it happens here), but they never actually do what they said they will and claimed to recognize what a problem there is with what you brought up as an issue.

You see, first real manuals went away. Then phone support went away in favor of email support. Then companies just stopped answering the emails. That’s right, they just stopped! They trimmed their staff and let the person go who also happened to be the one guy who answered the emails and so, they just ended up piling up and never getting answered! And of course, no one else in the company realized this. Yea, support was real important to them, huh?! (:

Then, when their phones (the main numbers, since many stopped publishing support numbers in their texts) started lighting up like crazy, they came up with the idea of forums and figured they could leave people who didn’t know this new software, to help people who didn’t know this new software. Forums are not designed to give you interpersonal care by the company and never were! That doesn’t mean you can’t get any help. Some users are very good with the software and love to help people, or they do it out of ego, but either way, they’re there. :slight_smile:

But the bottom line is, all users have there, is the hope that another user will want to bother helping them and many times, all they’ll get for responses is; “Hey, if you find out how to deal with this, then let me know, okay?”. Tell me friend, don’t you see a problem with that???

So take it from someone who has been around a long time and has seen everything there is to see, right from the very first PC! I know what’s what and have even worked support for major companies and I have even helped them reengineer their products! I know what I’m talking about. I’m just not real familiar with certain aspects of software configuration in a software firewall, that’s all. I have never had a need for one in a work environment and only at home and I have had one that has worked for years, so that’s about it for experience with them. :slight_smile: I do understand and have taught networks, everything from small LANS, to global wireless networks. But that does not mean setting up software firewalls on individual PC’s. :slight_smile:

And while some people think that being a tech (a real one, theory and all) means knowing everything, it doesn’t. And I won’t know every firewall out there, nor their configurations and while I can figure it out, my need is to get the two basic things that I stated running immediately, or I cannot switch. It’s that simple! So I took a quick whack at it (by quick, I mean a couple of hours), didn’t get it (what I was looking to do) and so, I went back to the old firewall and came in here. So why not just help me?

The bottom line is, if something is not in the manual, then that is what this forum is for! No user has to answer me, of course. But don’t answer someone telling them to go figure it out!

And you were basically dancing around telling me to go away and figure it out. But why should I? If I have a question and have tried (and I did try and said I did) and find the options screen’s menus confusing and not intuitive, nor descriptive of the option set there once you click on that “link”, then why does it bother you that I come in here? Just don’t answer me if you don’t think people should ask for help. In fact, why even be here, right?

And the instructions that you did give were not clear and were just a jumbled splish splash of an attempt and I would have no clue where to go based on them.

*** Eight, as for “global rules”, they do exist in Comodo.

TO JOHN:

*** First, I believe that it is “Global Rules”, but I do make room for the possibility that you are correct in what you call them. I am obviously no expert at Comodo’s options menus. :slight_smile:

*** Second, thank you for trying, but I said that I already found where to set up the rules and that what I needed was SPECIFIC STEPS to apply them to apps, as I am in the process of manually setting each one up to allow or block and what you gave me was a note about setting up the rules and then said something like, “then apply them to all applications”. Ummm, H-O-W J-O-H-N ??? Wasn’t THAT my question? How do I apply them to the app, as I’m setting the app up? HOW, SPECIFICALLY, STEP BY STEP, SEE???

Now don’t get me wrong, I’M NOT DEMANDING ANYTHING FROM YOU GUYS. I’m just saying that IF someone requests specific steps, then it makes sense to either give them, or just ignore the message, doesn’t it? That’s what I do. In fact, I do that anyway. I give specific steps to do something, unless I know that they know the menus, or they say they can get there, but are confused about what things mean or how to do something once they do.

*** Third, you did not really read my post, since as I said that I found where to make the rules and made them and I found where to manually add apps to allow or block. What I could not find a way to do and there is no option to do while manually adding them, is to apply that global, or predefined rule to that app and it just applies a custom rule automatically. And when it comes to THAT PART of the process John, your response really just says, “now apply the rules to the apps”. Gee John, like I said, isn’t that what I came in here to find out how to do? :slight_smile:

In other words, I made sure to be wordy, so that things would be clear to whomever read my post. But what I got was people skimming through it and telling me to go figure it out, or telling me everything that I said I knew how to do already and leaving out how to do what I asked for help on how to do.

And contrary to what someone said, the software DOES say that the rules I set up ARE FOR APPS and the section that I was in DOES say that they can be applied to SPECIFIC apps in the app list. I even gave the general location of where to look to see that for yourselves. I need to know how to do that, without having to add each app and end up with a custom rule and then go back and change them all to my global rule, which is the same rule parameters anyway. So in effect, why bother doing that second step, if the rule is the same anyway? And why is the option to make a global/predefined rule which claims it is for applying to apps even there, if it makes no sense to be?!

TO BOTH: Whoever said there are no rules that can be applied to apps, as I said, there most certainly are! Where I went, the rules created there are SPECIFICALLY FOR APPS AND IT SAYS SO!

And before you ask; “Then why didn’t you use them?”, when you ask that, you would once again be skipping past why I JUST FINISHED writing above! To find out SPECIFICALLY, STEP BY STEP, how to apply those rules to specific apps, while I am manually adding an app to allow or block!!!

Also, no one even addressed my other question (which of course is fine if no one knows) in which I asked how to prevent the firewall from automatically adding apps it knows from some list, but in turning that feature off, to be careful not to turn some other feature off that I can leave on. In other words, some people prescribe hammers when a slight push is all that’s needed. :slight_smile:

TO BOTH:

Again, please don’t take offense and please don’t get defensive. I am NOT trying to attack either of you. I am just stating what I saw when I read your responses, which did not answer anything that I asked.

Now here’s what I’m going to do…

I have a rollback program. So I’m going to install the new firewall, specify where exactly I go and tell you what each thing is labeled and then see if maybe you can understand better what it is I am trying to accomplish and can maybe guide me, if you are still willing to.

And just one final comment to CLOCKWORK…

My friend, you may be at a point where everything computer related is an adventure for you. Maybe you like to work on other peoples’ machines and don’t even charge them and get them piled up and maybe you have a ton of people calling you asking how to do this or that and to find programs for them, etc., etc. and that’s fine. But I am not at that stage. That was many years ago ad no, this is not an adventure for me. It’s not “fun”. It’s not “cool”. To me, it’s just an annoyance, as you also will come to view things like this, when you already have one installed and are just switching. But it has to be done, if I want the BIG LEAP in security!

You see, for me, I am laying here in bed, where I have been for the past five years with a serious back injury and extreme pain that kicks in shortly after I sit up to use my laptop and that keeps getting worse until I can’t stand it any more and I will have to take twice my pain meds after I type this, because I had to write a message this long which takes time, to explain apparently more clearly what it is I’m asking for, since either no one understood last time, or no one read more than a few sentences in my post. It’s not your fault that I have pain, but it is up to you if you read all of the post and whether or not I have to keep repeating myself. And either reading it or not reading it is your right and your choice and that’s fine. I’m just saying that if you do respond, then…

For me, I’m not going to play around with a piece of software for days, or weeks, or months, trying to get two lousy, basic features working the way I want. The new firewall will go instead. Understand?

But I do have to use my laptop and would like to be as secure as possible for some things that I do for companies that I cannot go into.

Now the advanced stuff, I can do a little here and there to figure it out and CAN TAKE MY TIME and I don’t expect anyone to hold my hand. That is the type of thing that I will “learn by doing”. :slight_smile:

But JUST THESE TWO THINGS, I do need running and cannot spend days figuring it out, while I lay here unsecure (the way I need to be) and insecure about whether or not I’m secure the way I need to be for specific apps that I have!

Can you understand where I’m coming from, my friend?

Anyway, thanks for reading and please, have a great day! I’ll make sure to write down step by step where it is I’m going in the software for you guys if you still want to try to help and then report in, since you guys are the experts here. And just so you know, I have no problem trying some things and being at your command, if I can just know how to get these two things done first, okay? Ego is not a problem here. :slight_smile:

To apply these Rules, go to Firewall/Advanced/Network Security Policy.
This brings up a window showing all the currently applied rules for each application currently listed.

To apply the new rules, click Add/Select, and either select from a currently running application (running Processes), or Browse. Browse will allow you to locate the application from your drives.
Once you have selected the file you wish to add the rule to, click ‘Use a Predefined Policy’, and select the rule you earlier created from the drop down box. Then click ‘Apply’.
Continue to add applications as needed, then click ‘Ok’ to finish.
The new rule is now applied to the new applications.

If the application is already shown in the Computer Security Policy list, you can ‘Edit’ the existing rule to change it to what you desire.
To do this, select the application, then click ‘Edit’ (on the right side of the window).
Click ‘Use Predefined Policy’ and select your rule from the drop down box. Click ‘Apply’, then ‘Ok’ to complete the changes.

This link here, by Chiron, does a great job of explaining how to set up CIS.

Please note, even with minimal interaction from you the user, rest assured you are fully protected with CIS. I will state the new GUI coming out with the newest CIS is more intuitive and easier to use, and will offer even greater protection with even less user interaction.

John,

Wow! Clear, simple and it definitely deals with what I needed! Thanks! :slight_smile: I’m going to try that and thank you for coming back again to help me, John! And thanks for the link! :slight_smile: And thanks also for tolerating my ignorance and being so kind in trying to help me. I really do mean that!

I have a rollback program that takes me back to where I was in about 20 seconds. No, it’s not like “System Restore”, which only backs up certain files. This is like cloning your drive (it’s actually an image, which if you are familiar with them, creates a small image, which is all that’s needed to recreate and entire drive’s worth of data) and during boot, I can just tell it to roll back to a previous image that I have stored.

So I uninstalled PCTool’s FW and installed Comodo’s firewall and set it up as best I could and then created a recovery point/drive image, so that I would be able to roll back and forth at your helpful requests and try whatever you told me to try. So I will try this and I can’t hose up my setup, since I’m backed up and it only takes about 20 seconds to restore (plus a reboot). :slight_smile:

So I am all yours John, should you need me to change something and I can do it right away! :slight_smile:

John, I did go in and look for what I was saying regarding the “Global App Rules” and while you were right about there being “Predefined Rules”, it turns out that I was also right about the “Global Rules” for apps that can be created by the user.

The following is what I was talking about having a problem with (regarding applying the Global Rules for Apps, written out step by step (I did as promised and wrote it ll down as I did each step) and it is found in the program in the following location, after right clicking on the System Tray icon and clicking on “OPEN”:

FIREWALL >> ADVANCED >> NETWORK SECURITY POLICY >> GLOBAL RULES TAB

There you will see what I was talking about, where I created Allow/Block rules. I know you probably don’t need to know now, but just for informational purposes, so that you know where I was talking about, in case someone else brings it up and so you don’t think I’m crazy. :slight_smile:

So the following is what I did/where I went to make individual apps Trusted/Blocked, but then could not pull the Global Rules that I created in, when I went to Allow/Block those individual Apps (this is where I went to Allow or Block individual apps):

  1. Right click on System Tray icon.

  2. Click on FIREWALL at top right.

  3. Click on COMMON TASKS on the left.

  4. Click on DEFINE A NEW BLOCKED APPLICATION.

  5. Click on SELECT.

  6. Click on BROWSE.

  7. Browse to executable for app that you wish to block and highlight it.

  8. Click on OPEN at the bottom right of the box.

It now brings the program into the small box, but there’s nowhere to bring in and apply the “Global Rule” (either Allow or Block) for the program.

Now do you see what I mean? That’s where I was getting stuck. :slight_smile: But hopefully your instructions are right on the money. I have a feeling they are, since from my small experience with the program, they do sound right and it seems like you know exactly what you’re doing! :slight_smile:

Thanks John! I’ll let ya know. :slight_smile:

Okay John, I tried it and yes, that does work, but it is the same thing as doing it the other way that I defined.

In other words, it applies the “Predefined Rules” and not the “Global Rules” that can be set up if you just click the next tab (on the screen that you had me go to).

I guess in the end it’s the same thing, but what then is the point of having the ability to set up those Global Rules? Are they for another purpose, like specific port allowing/blocking/custom and I’m just being blond and missing that? :slight_smile:

Also, I took care of #2 in my original post. I did finally find that, hiding where one wouldn’t think to look of course. :slight_smile:

I look forward to your reply and thank you again, John. :slight_smile:

ok, sometimes people dont understand each other, that happens. for example, i didnt told you how to install, because i read that you went back to your old one. maybe you have not read mine text like i have written it. another example, i told you about the global rules tab, and i tried to tell the difference between application based rules, and global rules. maybe you had the predefined rules in mind. global rules exist, we both agree :smiley:
the comodo firewall in custom policy mode blocks everything until you allow it! if you read my text again (not always a book like yours), you will see, that i told you the basic to start. if everyone would write that much, “we” couldnt help many people. thats why i said: ask specific problems, which you cant solve yourself. dont ask to invent the wheel (manual) again.

learning by doing is the best way of learning. why do you think it would be insulting to tell that? its not important if you have 30 years been technician. who stops learning is stupid. i am never too proud to learn. what i wanted to tell is: keep on, look, learn, and this program is great. but there are hundret things to tell, and to describe that you get a picture in your head. so its better to look at the real program while you get into it. the manual helped me.

i wrote what i thought would help ME in YOUR situation. i cant look into your head.
three years ago i was sitting alone in my room for a little time, and i managed to understand comodo very easy.

THIS forum is to help you. comodo is FREE. so if you want support from comodo direct, you could buy the license for a year. until today nearly all problems gonna be solved here.
try to ask at kaspersky FORUM(!) for help without having a license. lol
this forum is good, no one tries to get rid of you, everyone tries to make this free program a good experience for everyone.

as i told you, Global Rules are NOT application related. they are global. their first meaning is to deal with incoming things. general things. like “block ip in any”, or ping blocking. of course some things for outgoing too, like echo reply ect… (stealth port wizard "hide me from everyone).
the other window is for applications.
see it that way:
incoming things have to pass first the global rules, and then the application rules.
outgoing things have to pass first the application rules, and then the global rules.

predefined policies are application based, so they appear not in the global rule list too.

usually programs need only OUTgoing rules. not that it would be forgotten. thats why using the “block ip in any” GLOBAL rule is a good idea to set, while you dont have bad effects normally on applications. and nothing from outside will disturb.

one thing is important: BLOCK rules should stay ABOVE ALLOW rules! if you want to make a little exception to a block rule, only this exception should stay above the block rule! for example, if you block internet explorer, and this rule is on the bottom, another program could use internet explorer still if it gets the permission.

Clock,

If you don’t mind, I guess the only question I have is…

Let’s say that an application has a rule that is set to Allow. When it is going outbound, for example, how is it determined whether it passes through a Global Rule that Allows or Blocks?

I ask, because you talk about setting “Block IP in Any” and that it relates to applications not being affected, but if they pass through Global Rules after their own rule, then how is it determined, as I asked above, which Global Rule they will pass through?

Also, you say that it means that “nothing from outside will disturb”. Disturb what, specifically? Anything at all? But then what is the point of the Global Allow Rule?

What I mean is, while there may be a Global Block Rule, there is also a Global Allow Rule, so what triggers which one to go into action when, since they’re both called “global”, which would seem to imply that they both cover everything, which isn’t possible, since it’s gotta be one or the other acting at that point and there’s also other “global” rules in addition to those.

Do you see what I mean? I know that YOU KNOW what you’re saying, but please understand that’s because you have the rest of the knowledge in your head. But you have to understand that I don’t and so, I am not, to put it the best way that I can, “following the thought through” to what happens next like you are, do you see?

I would appreciate it very much if you would explain things to me by first assuming that I do not know anything about it at all. That way, hopefully nothing will be missed and things will be brilliantly clear. :slight_smile:

If you don’t mind, please slow down a bit and please be a bit more detailed about WHY you’re saying something, so that I can understand what’s going on. I would appreciate it MUCH and thanks again for clearing up some things for me! :slight_smile:

if you dont have a global rule that blocks unrequested packets from the internet, it might happen sometimes that comodo asks for INgoing traffic. as you didnt requested this packet, its easier to block them already with a global rule, because you dont need anything that tries to connect to your pc when you dont requested it. it would disturb you, that you answer a question which is not necessary. and maybe you would allow something in the hectic, what you didnt wanted to allow.

keep in mind, if you allow in the application rules “game.exe allow OUTgoing tcp+udp” the game will be able to connect to the internet AND it will get the requested packets too! the philosophy of your rule set should be: only allow (OUTgoing) what YOU request to reach your pc. block the rest. unrequested INgoing traffic in general blocked by your rule set in global rules.

as i used my 3mb firewall there wasnt global rules. as i didnt wanted to answer questions about unrequested ingoing connections, i made a rule “all aplications block anything”. this rule i put on the bottom of the aplication list rule set. each time when i wanted to get questions for a new aplication that i wanted to connect to the internet, i had to disable this rule, otherwise the firewall had blocked it.
you could make the same. but comodo has the global rule section.
if i say “block IP IN any” in global rules, it means: block any protocoll (everything) that has the parameter: “i want to connect to this pc, but no one asked me to do it.”
your game.exe can send packets OUT, and as these packets produce an answer, the parameter is “requested”. so this packets will arrive at your pc, even though you have the global “block IP IN any” rule. while some other packets which you didnt requested are blocked in the same moment maybe.
windows update is requested by your pc, so you get the updates too.
if you have a server or use p2p you have to make exceptions in the global rules. less as possible, until it works (for example reduce the rule to exact the needed ports).

i have in global rules these:
2 allow rules on top (because they are exceptions of the block rules)
allow ICMP IN if message is “fragmentation needed”
allow ICMP IN if message is “time exceeded”
and 2 block rules under these two
block and log IP IN ANY ADRESS ANY PORT (IP means all protocolls, not adresses)
block and log TCP IN ANY ADRESS ANY PORT (this is not necessary as it would be blocked by the IP IN ANY rule already, but i am used to have this rule, and old habits dont disappear :smiley: )

see the global rules as the rules for the “globe” (internet, block INgoing if its unrequested), and the application rules as rules for OUTgoing (in other words allowed “requests” and answers).
if you would make an INgoing rule for a game (aplication rules), it might be possible that something can connect without your OK. really, you need 99% possible only OUTgoing rules in your aplication set.
my old 3mb firewall needed out+ingoing rules, because it wasnt able to understand the “requested answers thing”. its a modern feature and its a security plus to have only outgoing rules now (for aplications).
The global rules keep away un-necessary questions.

IMPORTANT is: if you make any block rule (application or global rules), you should decide to activate “block and LOG”. because if something is wrong, you can look in the log if a block rule was fired in the moment when something didnt worked.

i hope i made it clear enough.

You can create a Global rule and use it (I have seen it done), but imho, it lacks the precise control over what apps actually use it vs those that don’t or, use it differently.
You are free to set up however you choose and if a Global rule will be sufficient to do exactly what you wish, please, go for it. You Don’t need my or anyones approval. CIS is yours to configure however you see fit.
We are, however, here to offer guidance and support should you encounter any difficulties or issues that you cannot resolve yourself or are unsure of how to go about this.

Myself, the other Moderators, and even the members themselves, are here to offer support and help. Each as something to contribute, and some unique insight to offer.

I would also ask Clockwork to keep in mind each member has their own way of doing things, and seeing things in their world. Please respect this whenever replying, and yes, you have contributed and it is valued (see PM).

“You can create a Global rule and use it (I have seen it done), but imho, it lacks the precise control over what apps actually use it vs those that don’t or, use it differently.”

John, i think this text is confusing. if you are not sure about global rules effectivity, try this rule:
block ip OUT any (put it on top).
no program will be able to connect to the internet. even if it has the right in application rules.

its something totally normal to have a global rule set. thats why i dont understand that you say “(i have seen it done)”. its nothing special. it just avoids to make routine rules (beyond adress, type and port) for each program itself, or to avoid questions about “ingoing connection attempts”.

if you use the stealth port wizard (hide me from everyone), you dont have to make rules in global rules yourself. i just erased one rule after that. it was “allow ip out any”. everything works fine, and i dont allow things that are not necessary.