GUI Redesign Concepts (v3.0.13.268)

If in the end this is complicated to implement without bloating it, maybe update 2.4:
strip D+'s code of v3 to use the firewall’s improved code, make the GUI like 2.4, implement SHA-1 hashes for applications at least.

Even so, i still think current V3 needs that extra check - integrity check that is.

Here’s an idea for the GUI in attachment. 4 and 5 would be in the same tab in D+ main Window, 7 and 8 are illustrations of what would be better when editing rules.

In the last pic to the right, instead of “Ask Allow Block” options, there would be ideally two columns, parent and child, and for each process, the field would show Ask or Allow or Block (maybe a drop down menu to change the option).

[attachment deleted by admin]

Those Gui concepts look great (:LOV)
Apart number 8 (which will add more flexibilty) the other ones would not require much efforts to implement.

It would be still possible to mantain D+ advanced panel unaltered.

The n.8 concept maybe need a bit of polishing (or a separate dialog) and maybe some grouping/sorting options but the separate ask is something I needed (so I don’t have to toy around with those remembers)
The default ask/deny/allow can still be obtained with a * rule or an optional defaut to ask/allow/deny (which will gray out the corresponding unneded apps with the same permissions).

Thank you very much for the time Pedro. They look very good indeed. I will make Devs get these:)

Very good.


Thank you Egemen for your time :slight_smile:

When i referred something using explorer, i wasn’t thinking about bypassing CFP. I was thinking about me, the user, unknowingly allowing an action while not understanding of the possible consequences for a Firewall allowed application.

Lets suppose hashes only for applications allowed in the firewall. Firefox in the end is modified because my rules allowed it. When i open firefox, i’m alerted that it was changed, and in the Security considerations box the D+ log of why that happened.
Have the option to use hashes unchecked by default, and the user can choose to use this extra step.

I’m already imagining extra stuff that i can’t picture in full (probably they complicate things). So i prefer to stop here. ;D


Look at this last edit in attachment (yet another possibility heh). There are inconsistencies most likely, for “Default Action” - probably child and parent is incorrect/ impossible for some items, and admin too.
Gibran perhaps you can correct it, since you can check CFP (i can’t right now). And find a place to say “Default Action” :smiley:

Admin would have 3 options: (you can infer from the pic, but)

  • No - admin priviledges not needed (admin as in CFP admin of course)
  • Only - only the admin can do this / execute it (CFP locked will silently block it)
  • Pass… (short for ‘Password input needed’ or something) - If i execute with CFP locked, it will ask for admin password - allows flexibility

Admin can do a bit more than what you describe (i think) since it can allow with CFP unlocked, block when locked (not just block unknown or without rule, but also block an app that is allowed with CFP unlocked), or ask password when CFP is locked, just to execute it (not to unlock CFP in full).
The wording of course can be improved, i just don’t know how.


Edited admin rights, it’s now on top of the window, and its function is clear now.

[attachment deleted by admin]

Now that i think of it, admin probably doesn’t make any sense where it is…
Just 1 box on top of this window (i mean, this is already a rule for an application, doesn’t make much sense to protect by child-parent stuff, even i would get lost! Last edit, please hold.

Done. Gibran can you correct it (substitute parent child fields if/where not applicable with only one)?

I’m done with this for now, i have things to do… can’t get carried away.

I guess that this way things will get much more complicated.
I think that future versions could add something like view permission chains
to give an overall view about apps chains (eg explorer-firefox-downloader-archiver)
and addittionally open that specific app policy clicking app names.

I would like a smaller dialog too.
I guess It would still be possible to have only one dialog without losing any functionality but it will require a complex gui.

[attachment deleted by admin]

Something like Defense+, when editing rules and trying to understand what you have in front of you, is always a bit complex. You can only try to make an architecture that simplifies it (i think CFP3 is probably as simple as it can be under the hood) and a GUI that also simplifies operations and policy review (easy to read).

My last picture doesn’t look too bad if i may say so myself ;D
It’s about as small as i can make it, without redesigning the window from scratch. And it’s not needed imo. Just some polishing.
It’s just a suggestion with a pic, i bet the developers can make it better, if they agree with my wish for less windows. To me, as i tried to illustrate, all those functions should be in that same window.
I can change my mind, but need to read arguments (i wait for your glued version of the GUI ;D) , like above where have almost understood all Egemen’s points.
Indeed if i’m alerted in real time of changes, hashes seem unnecessary, but when you consider the firewall it’s confusing for me at least. And if the GUI is complex, it will take time for me to acknowledge the differences (to sink in Egemen’s comments).

Hi :slight_smile:
Firstly, i want to say that i think the idea behind v3 is a brilliant one, and the program does what it says it will. The overall scope of d+ far exceeded my expectations, and is really impressive.
I firmly believe that when the update is released some time this week (hopefully) many of the stability issues will be resolved.

HOWEVER, there are so many things wrong with the interface that i feel it requires a complete re-working, and pretty urgently too. The following apply mainly to D+, but the firewall component is also affected by this.

1. every link you click on opens a new window.
this causes several problems,
a. the name of the process whose rules you are editing is obscured, and to find that processes name / path you have to shut all the windows. (see 3)
b. editing a rule should be quick and easy, requiring 2 -3 clicks to get to the editing area at most. presently, it requires 6 clicks, 4 of which launch a new window.
c. clutter. Do we really need to have 5 windows open simultaneously? There is a reason that all major browsers use tabs, you know.

2. the processes are not listed in alphabetical order.
To be perfectly frank, this is so obvious I can’t imagine how /why it was not included. v2 did this, so it’s not like it’s a new feature to comodo.

3. Applications rules do not show parent processes
This is a must, the current method used is incredibly unwieldy, and requires a lot of hunting around if you’re unsure of the parent.

4. Nowhere in the window that you edit rules in does it refer to the processes whose permissions you are editing.
Again, it’s hard to imagine how this was overlooked, it seems so obvious.

5. The placement of various options within the program make little sense.
Why is “view events” (should say “view logs”) considered a common task, while editing the rules an advanced one? Same goes with “my protected registry keys” and “my protected COM interfaces” They are most definitely not “common tasks”, and people could easily mess things up if they are unsure of what they are doing.
another example: if you try to edit any of the apps in the “windows application” section of the D+ rules, you are told that you must use “my file groups” to edit those. All well and good, until you realize that there is, in fact, no such thing. Well actually there is, but its not where the help file would lead you to believe it is. Instead, you have to go to "my protected files, (window opens), and then click on “groups” (another window) and there it is.

The program itself is excellent, ( (B) )but I do think that it is let down badly by the interface, which makes everything much more difficult / time consuming than it needs to be, and it also makes the program seem a lot more daunting than it actually is.

I personally have been really put off by the current complexity of the interface, as have many others, I’m sure.

Now I do realize that comodo is trying to cater for people of all levels of technical expertise (or lack thereof), and that many people will never use anything but “out of the box” (or in this case, off of the intertubes) settings, but I would contend that the current interface is “user-unfriendly” no matter what your level of expertise.

That said, I do like the new colour scheme though :slight_smile:
Thanks for reading :slight_smile:

Thanks for that Qwerty…

here is a big favour pls… (only if you have the time)

Can you modify the GUI to your liking and post the screenshots to us here pls…

This way we know exactly what you mean and could help us improve.

Hi Melih :slight_smile: Thanks for taking the time to read and reply to this.

I’m no photoshop guru (mspaint more like), so please bear with me, but here’s the basic gist of it.

(I’m referring here to D+, the firewall interface is well thought out, requires only alphabetical sorting IMO )

I feel that sorting the processes alphabetically is extremely important, as it doesn’t take much time for the process list to become very long, and thus make it increasingly difficult to find the process you’re looking for. This applies especially to programs without icons.
This is less important for the predefined groups (Windows System Services, Windows Updaters, Comodo Firewall Pro) as those groups have a fairly small number of entries, which aren’t going to increase over time.

When you double click on a process name, I think that this window

should be skipped altogether, and replaced with something like

with the full path shown in the title bar. (the red boxes signify tabs :slight_smile: )

A processes’ grouping (Trusted, Limited, Updater / Installer, etc) could be defined via a right click menu in the “Computer Security Policy” window, and perhaps also a “treat this program as” drop down menu in the “Process Access Rights” tab.

The “run an executable” entry currently in “process access rights” could be replaced with a third tab called “process permissions” or something similar.
This 3rd tab could show a list of all programs (just like the “computer security policy” window, with 2 radio buttons next to each process, one for parent processes, and another for child processes. Edit - I actually think that drop down menus would be better, a parent drop down menu and a child one. This would allow for Allow / Deny / Ask, as is in the firewall.
There could also be a “global” setting, which would set the default for unspecified parent and child permissions of that process.

This would make it much easier to view and edit all of the permissions allowed that process, without having to open and close multiple windows to get to all the rule editing areas.

(just imagine the green boxes are drop down menus :slight_smile: )

I would keep the “add”, “remove”, and “purge” buttons, as they are all useful, the “edit” button could be dropped as you would edit the permissions by clicking on the drop down menus directly, but you would need an “Apply” button in its place.

Within the “Process Access Rights”, and “Protection Settings” tabs, opening up another window via the “Modify” button is unavoidable, but again, sorting by alphabetical order would make it much more navigable, displaying the process name (Probably not path due to lack of room) in the title bar would make it easy to tell at a glance which processes permissions you are viewing.

Each tab should have it’s own “What do these settings do?” link to its’ section in the helpfile, of course. :slight_smile:

In regards to the D+ → Common Tasks section of the main program interface, “My Protected Files”, “My Quarantined Files”, “My Pending Files”, and “My Own Safe Files” could be condensed into a single link called “My File Tasks” (I believe something like this has already been suggested by another forum member). This link could open a window with 5 tabs, encompassing “My File Groups” also, which is currently hidden in D+ → Common Tasks → My Protected Files → Groups.

(again, red boxes signify tabs)
Edit- upon consideration, I believe that “My File Groups” probably deserves it’s own link in D+ → Common Tasks, as it’s purpose is somewhat different to the other file sorting tasks.

“My Protected Registry Keys”, and “My Protected COM Interfaces” should be placed under D+ → Advanced Tasks(moved from common tasks), and condensed into a link called something like “Advanced Protection Settings”. The link would open a single window, with a tab for protected reg keys, and another for protected COM interfaces

“D+ Events” I feel should be grouped in the same sections as the rules themselves are, but the ability to right click on an event in the log → go to process rule would overcome this, and it would be a neat feature to have in any case, for the firewall as well.
A link somewhere in the main interface which will launch cpflogvw.exe directly would be a nice feature, if not in the main interface, maybe via right click on the cpf icon in the systray?

(On the topic of logging, I would really like to see D+ have the ability to perform more detailed logging, (optional) for eg logging all processes launched, which process launched it, whether the action was allowed or denied and the time this occured. This would make trouble shooting (“it worked yesterday, why won’t it work today?”) much easier, and will allow those who are so inclined to tighten up their rules considerably. However, I suspect that’s a topic for the wish list thread :slight_smile: )

Well, that’s pretty much all I’ve got, and it’s pretty late here so I’ll leave it at that. However, I did want you to know Melih that I really do appreciate you taking the time to read my post, and I hope my pitiful efforts at mspaint covey what I’m trying to say. :slight_smile:


ps (R)

Thanks qwerty.

I will now pass this to our dev guys for them to consider.
thank you for taking the time. We really (really) appreciate it


Gibran, i just noticed your pics. Did you edit the post?

I like your expand idea, really good! If the behavior isn’t sluggish, it’s definitely an alternative.

The main problem with it is if the list of applications is too big. It could be too stretched vertically. Maybe not, maybe not!
Can you finish the window, or are you picturing the expand function to hide the other “Access name” items? They should not be hidden, you should be able to click the next item without having to close the current one. Am i being clear ??? (lol)

I still prefer the parent/child columns. If i wanted to see the whole chains i wouldn’t want to see them for each application. The chain idea isn’t bad at all, but maybe place it in “Options” tab, since we wouldn’t use it often.

There’s another member with some more ideas. One of them moves the application path to the window tittle. The “Select” button is eliminated. Also interesting. We’re almost there heh

It should be possible to expand all permission in the list maintaining all of them open but this will make the list much longer. The one at time behaviour mimic the current one.
Anyway it would still be possible to make the applist show only a fixed number of entries and the user should se the others using a scroller. If the dialog can be resized then it will be much more flexible.
Anyway the actual implementation is bound to devs GUI components. If they ever try to reproduce that design maybe the only fast way is to use a modified Treeview component (no modify button but a plus sing at the left side. I guess that the simples the design is the higer are the chance that it could be implemented.

The parent-child is an attempt to mimic an old V2 behaviour but currently V3 handles only childs.In order to change the parent for an app actually V3 need to dwell in another app (the parent) child settings.
This will lead to much confusion.

Since V2 was not able to block execution it reported parents when child apps attempted a connection. As V3 can contro child process execution users can actually take control of an entire app chain.
The view chain is only a way to guess an overall rule interaction and it should provide a way to access the rules of the other apps in the same chain.
So as long as a rule doesn’t have any dependency that function is not be needed.

Maybe we could split th inferface design part in another topic and gropu all such suggestion in one place.

I don’t disagree, all options expanded would be too much.
What i said was when expanding one, the others, while collapsed, should be visible. Then you click another one (like ‘Interprocess Memory Accesses’) which expands that, and closes the previous one (while still visible to click again).
About the plus sign, you could be right, and it could actually be better. I’ll try to do that later.

Nah, it’s simple. It’s exactly as you say, you change for instance a child for explorer.exe, Process Explorer, and that has the consequence for PE’s parent. It’s that simple, and not confusing imo. You’re simply capable of viewing that relationship in 1 of them (the one you’re editing).
Most importantly, you see that for all process associated with explorer in its edit window.

Yes, it seems i made a mess of this… There is at least one other thread of interest for this, qwerty’s thread (he has some good suggestions, i still have to read the rest).

I joined the two threads as they address the same topic

Hey Gibran,
i’ve been busy, but i did try something that day. It wasn’t good, or didn’t promise. It would be too big vertically, if we use that expand feature.
Perhaps another layout, or maybe if i gave it more time (more than 5 mins :slight_smile: ) it would come out ok.

It would be possible to limit the expansion but I guess that most dialogs should be designed to work with 800*600 reolutions but shoud be able to use also bigger displays.

pis 7 and 8 looks good, as soon as i looked at it, it looked simple enough and logical. which for alot of people is what matters, being able to look at something and being able to easily indentify what they see is about just by the visual looks of how everything is appears to be.

lol. hope you got that ^ ;D I’m sure you do anyway

good feedback guys.
pls keep it coming.
keep showing (by posting screenshots) us how we can modify.
thank you!


Just to add my 2 cents worth to the discussion…

A couple of things struck me while I was using and configuring the firewall and the following would (for me at least) make things just a little easier/smoother to use.

  1. Add the ability to open the “Active Connections” dialog from the taskbar icon.
  2. Add the ability to open the “View Process List” dialog from the taskbar icon.
  3. Be able to access the “Port Sets” dialog from the “Application Network Network Access Control” dialog.

I found that especially while I was setting up the program I was having to go to these displays often and above links would have made it a lot smoother (less clicking and opening and closing of displays).