Is this a bug or am I doing it wrong.
I have a global rule “Allow All Incoming Requests If The Sender Is In [Home LAN]”
[Home LAN] consists of IP Mask 192.168.1.0/255.255.255.0
The idea is to have no restrictions on activty between my PCs on the intranet 192.168.1.xxx.
Yet I get an alert “svchost.exe is trying to receive a connection from the internet. Remote: 192.168.1.15 - TCP”
As I understand it, the inbound global rule should allow this connection and I should get no alert. Initially there is NO application rule for svchost.exe, but once I answer the prompt then one is created. If I tell it to allow the connection, then I don’t get asked again. But the global rul should act FIRST and allow it.
Firewall & Defense+ security levels set to Train with Safe Mode.
An application that is trying to establish a connection must be allowed to do so by BOTH application rules AND global rules.
“But the global rul should act FIRST and allow it.”
That’s not how global rules work. When an incoming connection is about to be established, the global rules list is checked top-to-bottom for the rules matching the given criteria (connection protocol, source address, source/destination ports, etc.).
If the first found matching rule says “Block”, Comodo blocks the incoming connection.
If the first found matching rule says “Ask”, Comodo skips to the next global rule in the list.
If the first found matching rule says “Allow”, Comodo refers to the application rules list to see whether the application listening on the given port is allowed to receive the connection. If the matching application rule exists in the application’s ruleset, Comodo acts as instructed. If no matching application rules exist in the application’s ruleset, an alert is triggered (or the application rule is created automatically, when in Training mode).
If the end of the global rules list is reached, Comodo acts like an allowing global rule was found (described above). Which means that on the global rules level connections are allowed by default.