Improve presentation of Firewall rules list

Great as Comodo is, I find the way the firewall Application Rules list is currently presented to be rather non-user friendly and makes it harder to find what you’re looking for and requires more mouse clicks than should be necessary.

As an illustration of how I think it could be improved, please see this screenshot of my rules list in Kerio 2.1.4, which I haven’t used for many years but found extremely easy to use.

You will note that it shows a “user-friendly” name for the rule/application on the left and this is what I suggest Comodo should do, as having the full path and executable name listed makes it a lot harder to work out just which application you’re looking at. You might think it’s clearer as there can be no question about which application it is, but having that much text just makes it take longer for the brain (mine anyway!) to focus in and identify the application. There’s plenty of room in the window (which can be resized of course) to have a “user-friendly” name on the left and the full path and application on the right (before the Treat As column).

The second improvement I would like to see is for the window to default to showing the rules list compressed, as having it expanded overloads the user with information and makes it harder to locate a specific app. Currently every time I open this window I have to click twice (seems to be a bug as subsequently I only have to click once to switch between compressed and expanded) to compress the rules to make it easier to browse and then I have to expand them again once I’ve located the app I’m looking for to examine tha actual rules.

Lastly, I’d suggest presenting the rules in a similar manner to Kerio, rather than as sentences as Comodo currently does. Seeing

TCP (Out)    [Any port]    [Any Address]:[80,443]

is IMHO orders of magnitude clearer (and tidier) than reading

Allow TCP Out From MAC Any to MAC Any Where Source Port is Any and Destination Port is 80,443

I think again it just comes down to the amount of text one has to read, which affects how quickly the brain can process it and it processes a static arrangment of “Protocol Type (Direction) [Source Address:Port] [Destination Address:Port]” better than a rather cluttered sentence.

Kerio used a green/red arrow in the first column to signify Allow/Block and Comodo has a green tick/red cross to signify the same, so the word Allow or Block is not really needed and of course as Comodo groups application rules, the “user-friendly” name and application name don’t need to appear on each line as they did in Kerio.

Any chance that 6.0 has moved towards a clearer display of the rules, similar to good old Kerio?

You can compare to this screenshot of Comodo and see that it wastes far more space to display less rules in a harder to read format. I think ideally Comodo would display the rule for applications where it’s a single Allow/Block rule like Kerio did and only use it’s rules folder feature where necessary, as it’s great for keeping things tidy with applications with several rules, such as the first two in my screenshot, with the rules displayed in a similar format to Kerio when the folder is expanded.

Another cool feature I thought of was being able to re-order the rules list by drive, so all the rules for applications on C:\ would be first, then D:, etc. I think this would be a great option as currently it can be very hard to find the rule you’re looking for with them not in drive order.

Hmm, I’ve just taken a look at 6.0 installed in Virtualbox and it’s just been made worse unfortunately.

Not only has the opportunity not been taken to display the rules in an easy-to-read format like Kerio did but the buttons (Add, Remove, Purge) have been hidden under a ridiculous pop-up tab at the bottom of the screen, or a right-click in the rules area and the tabs (Application Rules, Global Rules, etc) which were clear and tidy at the top of the screen have been moved to a side-menu, whilst the area above the rules list is given over to an overly large “Application Rules” heading (which would be unnecessary if the old tabs were still there) and a pointless statement “The following firewall application rules are active on this computer”.

I don’t actually mind the new visual style but I do object to making the interface less user-friendly and wasting space unnecessarily. I also object to how hard it is to get to the rules list now. With 5.2 I double-click on the notification area icon, which takes me straight to the Firewall window and I click on Network Security Policy and there I am. With 6.0, I have to double-click on the notification area icon, then click the green arrow to get to Tasks, then Firewall Tasks, then Open Advanced Settings, then Application Rules.

I remember Kerio used to let me right-click on the notification area icon and select config, which took me straight to the rules list. Where’s the sense in making firewall software that makes it so hard to actually get to the firewall rules?

Definitely +1

I share your statement.

Woa, brilliant minds!

I absolutely loved Kerio, and how easy it was to manage.

I would go even further and use a simple list with check boxes for AV and HIPS too!


If I ever get back to mocking up pretend windows for CIS, I’m definitely incorporating this.

EDIT: Idea officially incorporated in my latest wish list thread.