I would like to allow IP in for one application but block IP in otherwise. In the application rules, when I add a rule to block IP in for the File Group “All Applications” after my allowed application, IP in for Windows Operating System is still allowed. What File Group selection can I use to cover everything (including Windows Operating System)?
First of all, do you want to block an IP address? Or just create a block IP In From IP Any To IP Any type of rule, either way you would do that under global rules instead of application rules. Also, are you trying to get rid of the intrusion logs targeting Windows Operating System? If you are, then you need to understand how comodos firewall works which I can explain for you if this is what you are trying to accomplish.
I want to block IP In From IP Any To IP Any type of rule.
According to https://forums.comodo.com/firewall-help-cis/global-rules-applied-before-application-rules-for-outgoing-t55643.0.html, global rules are applied first. So your suggestion would have the effect of blocking IP in also for the application I would like to allow.
No, I know how to prevent intrusion logs if need be. Thanks for the offer.
Anyone have an answer for my opening post?
- Make sure you answer CFP popups when it shows "Windows Operating System" popups. Or alternatively you can create a manual rule to allow outgoing requests for "Windows Operating System"
It look like previous versions triggered alerts for “Windows Operating system” whereas AFAIK current version don’t.
It might be still possible to create rules for WOS using Select button"Running.processes…"
"System Idle Process" is now changed to "Windows Operating System" to describe application less traffic (So no more "System Idle Process" in CFP)
“Windows Operating system” is apparently meant for applicationless traffic.
Blocking an IP for WOS will probably block all applicationless traffic for that IP. I did never test is though whereas in general all WOS entries I have in the log pertain ICMP traffic blocked by global rules.
Perhaps providing additional details to allow anybody to reproduce the scenario where the traffic in for Windows Operating System is still allowed, it would be possible to have anybody give it a try to see if it is possible to come with a solution.