Continuing my endeavours to create a more defined and secure rule set for Comodo, I have a query regarding the use of two options under ‘Application control Rules’ namely, ‘IP Mask’ and ‘Host Name.’
To better understand my question, let us take an example application, in this case Avast Anti-Virus Home, my AV of choice.
Avast uses a great many servers to deliver updates, each with its own IP address. These servers are configured in CIDER notation, which I assume is a supernet:
66.98.0.0./16
67.15.0.0/16
.
.
75.126.0.0/16
And so on.
Further investigation of the Avast ‘setup.ini’ file located in the Avast program directory, provides us with the host name for these servers:
Server=download24.avast.com
IP=67.15.196.21
Where the number at the end of ‘download’ changes based upon IP address.
To confute rules for Avast one could simply use:
avast.setup [ANY] 80 TCP Out Allow
However, to be more precise about which servers Avast is allowed to connect to requires more thought and this is where I need some guidance.
Would it be possible to use the ‘IP Mask’ or ‘Host Name’ options within CPF to create more specific rules for applications such as Avast.
For example (and I’m guessing the net mask here) under IP Mask, would this work?
66.98.0.0
255.255.0.0
Alternatively, does the ‘Host Name’ option support wild cards?
If these options are not possible, can anyone think of any other means by which one might achieve this goal?
Thanks for any help.