I appear to be having an issue with Global Rules. I’m attempting to create an exemption for all LAN traffic. I have created separate entries for incoming and outgoing with the IP protocol setting (my understanding is that this then, if “ANY” is selected in the “IP Details” tab, allows all forms of traffic), and using the Network Zone of my LAN (range: 10.0.0.0 - 10.255.255.255) in the appropriate source and destination tabs.
However, I keep getting pop-ups asking me for permission to allow applications access to and from IPs within my LAN. It would appear that the global entry is not working.
These are the settings that I’m using. Both of the tabs not visible in both rules are set to “Any”.
The rules look fine ti me, except I’d use Ip range instead of Network zone, cuz in my experience “Network zone” tend to let in more then it should.
You must be getting pop-ups for “system” and \ or svchost.exe processes, that’s because application rules and global rules act as 2 “layers” if you will.
For incoming traffic global rules are checked first, if the traffic is allowed there then application rules are checked, if it’s still allowed in the application rules then traffic goes to actual PC otherwise it’s blocked or asked. For outgoing traffic it’s vice-versa (application rules are checked first, then global)
So I think you should add “allow outgoing IP destination ip range ” and “allow incoming IP source ip range ” for system and svchost.exe processes. You can delete outgoing rule from global rules.
Ah. So, in other words, global allow rules aren’t actually global - if there isn’t also a rule for them in the application rules section, then they will, effectively, be ignored? Fantastic.
That’s a major annoyance - you then have to still set individual rules for each and every application that you wish to allow unrestricted access to the LAN instead of creating a truly global rule.
Thanks for your help, but between this and a few other problems, I think I’ll be moving on from Comodo.
Global rules are actually “global” if you’re blocking things, if you’re allowing things… not so much.
If it makes it any easier for you, think of global rules as your router, since they do pretty much the same thing by default (Block all incoming and allow all outgoing), and application rules as your actual firewall.
This dual layer thing is done so that user won’t be bombarded with ton of incoming requests (they’re blocked silently by default), at least it seems that way.
If it’s still to inconvenient for you, you can just clear out global rules and set-up every process’ in \ out rules individually.
Every desktop firewall is basically working with application rules. Global rules are just for things that you globally know to be not important for you, so you block it, or you make exceptions later.
Do you want to make a global rule saying “allow this”, and every trojan is allowed to use that rule for his own traffic? A malware writer could think about usual traffic in a network, and if theres just a global rule which manages all traffic, the trojan needs to use the usual traffic attempts, and all computers would be infected (example), without prior question.
But as we need application rules to ALLOW something (no matter what global says), you would not allow a trojan by default. (In contrast, it just needs a single rule in global, to globally block something!). Since i use firewalls, any of them had application rules. Some had the benefit of additional global rules (for saving time and nerves).
In other words, you decide to move from a firewall, because it has two usefull features. Sounds strange, doesnt it?
If you have problems, tell them. Its possible to have no problems in this case.
They are not ignored. Do you want to disable application rules, and work only with global rules? WARNING LOWERS SECURITY SIGNIFICANT
Make just one application rule: All processes, allow IP any any any IN/OUT (Or you can use your local network details… Also not recommnded!)
You literally disable the firewall with this. Then all you have left are the global rules. But do you really want that?
All what any application (good or bad) has to fullfill in the described low security case is this: Fit any global rule, and it will be allowed to pass.
Thats insecure. Also keep in mind, that global rules dont ask questions. If you dont make a block rule in global rules, all traffic is allowed when you disabled the application rules!
Global rules should only be used to manage global decisions
Application rules are for managing the actual specific permissions.
