My biggest frustrations with Comodo Firewall

These are my biggest frustrations with Comodo Firewall:

  1. At the moment, I can set up a firewall rule to allow specified activity and block anything else that doesn’t match. I want to be able to also allow specified activity and ASK about anything else that doesn’t match. This is helpful for situations where you might know an app needs certain access, but you want to be alerted if it tries to do anything different (either because you don’t want to give more access than necessary, or because it would be doing something it shouldnt).

  2. The firewall application rules section shows the full path to each executable, but this is a royal mess. Instead, it should show the application name. (i.e. “Microsoft Compatibility Telemetry”, not “CompatTelRunner.exe”). Obviously in cases where an executable doesn’t have a name, just show the file name (and ONLY the file name) of the executable itself. There is no need for the path to be present in the main list. The path to the executable should be available by double clicking or looking up the properties of the entry. Having the path as part of the top level entry makes sorting impossible. This naturally leads us to the next item…

  3. I’ve never ever had a case where the order of applications in the application rules section mattered. The only thing that matters is the order of rules that governs each application within itself. Right now it’s such a pain to find anything here - EVERY time requires doing a search. I say it’s time to get rid of this useless functionality. Combine this with the executable name request above and just make the application rules list alphabetically sorted by default.

Items 2 and 3 above would mean that the firewall applications rules would result in the following:

Current View:
(Sorted Randomly based on the order each executable first triggered an alert)

C:\Windows\System32\svchost.exe
C:\Program Files\Microsoft Office\Office16\WINWORD.exe
C:\Windows\System32\dasHost.exe
C:\Windows\System32\wermgr.exe
C:\Windows\System32\CompatTelRunner.exe

Suggested View:
(Sorted Alphabetically, regardless of the order they triggered an alert)

Device Association Framework Provider Host
Host Process for Windows Services
Microsoft Compatibility Telemetry
Microsoft Word
Windows Problem Reporting

Which list would you find easier to parse, scroll through, browse, and search?

These three items are at the top of my frustration list with Comodo Firewall, and has been responsible for every time I’ve chosen to uninstall and use someone else’s product in the past. I think it would make a lot of people very happy if you granted these requests.

You can, either switch to custom rulest mode or add ask rules to the affected applications.

2. The firewall application rules section shows the full path to each executable, but this is a royal mess. Instead, it should show the application name. (i.e. "Microsoft Compatibility Telemetry", not "CompatTelRunner.exe"). Obviously in cases where an executable doesn't have a name, just show the file name (and ONLY the file name) of the executable itself. There is no need for the path to be present in the main list. The path to the executable should be available by double clicking or looking up the properties of the entry. Having the path as part of the top level entry makes sorting impossible. This naturally leads us to the next item...
There is absolutely the need to define the full path of the executable, malware could be called svchost that is running from the temp folder and you have rules to allow network access. Also using the name of the application can be equally false as again a malware could name itself as windows update, which also leads to duplicate entries that makes it hard to distinguish between a legit application and malware. Overall this would weaken the firewall and cause confusion when setting up application rules.
3. I've never ever had a case where the order of applications in the application rules section mattered. The only thing that matters is the order of rules that governs each application within itself. Right now it's such a pain to find anything here - EVERY time requires doing a search. I say it's time to get rid of this useless functionality. Combine this with the executable name request above and just make the application rules list alphabetically sorted by default.
Well you could have a rule for a specific file group then have a separate rule for an application that is also part of that file group, how else would you determine which rule took priority?

Thanks, I didn’t see that when I initially set up the rules.

You misunderstand. I’m not saying that the full path doesn’t need to be part of the rule. I’m saying that it’s a bad idea to have it visible in the primary column. It makes the list an absolute mess to parse. Your concerns and mine can both be met if we show both. In other words:

Device Association Framework Provider Host C:\Windows\System32\dasHost.exe
Host Process for Windows Services C:\Windows\System32\svchost.exe
Microsoft Compatibility Telemetry C:\Windows\System32\CompatTelRunner.exe
Microsoft Word C:\Program Files\Microsoft Office\Office16\WINWORD.exe
Windows Problem Reporting C:\Windows\System32\wermgr.exe

In fact, I can go you one better - have Comodo do a file hash when an app first flags an alert. That way, if malware modifies an executable, it will register as a new application with a duplicate name rather than matching a rule just because the path is the same.

That’s my point - while the order of rules matter, I have never had a case where the order of applications matter. Look at the list of applications I gave as an example above. Changing that order affects nothing, but between this, the fact that the application name isn’t shown, and the fact that the path is visible in the primary column makes parsing the list next to impossible.

Essentially you are asking for another column.
e.g. in File List we have ‘Company’ column, going by your request, you would like “File Description” as another column in there.
So wherever we have application path in grid control, additional “File Description” column is expected by you.

However for Firewall Rules section it becomes tricky as other than application, you could also have file groups.
How do you expect to see details against file groups?

Not just another column. As I explained previously, having the application rules be manually sorted is unnecessary. The order of rules matters, not the order of applications. The application rules should simply be automatically sorted alphabetically - by the Application column (not the Path column). Or even better - once you eliminate the manual sorting, you can let users choose how to sort the list by clicking on column headers the same way you do in a file manager.

Note: This isn’t the only place that needs the ability to sort. File Groups does not allow you to sort in any way, and there’s no need for that limitation. All display lists should be user-sortable.

Simple - the name of the file group will show up in the Application column. So expanding my prior example:

Application Path

Device Association Framework Provider Host C:\Windows\System32\dasHost.exe
Email Clients File Group
Host Process for Windows Services C:\Windows\System32\svchost.exe
Microsoft Compatibility Telemetry C:\Windows\System32\CompatTelRunner.exe
Microsoft Word C:\Program Files\Microsoft Office\Office12\WINWORD.exe
Microsoft Word C:\Program Files\Microsoft Office\Office16\WINWORD.exe
Web Browsers File Group
Windows Problem Reporting C:\Windows\System32\wermgr.exe

As you can see, the file groups fit in just fine, and everything is alphabetically sorted by file description.

I even showed you that duplicate file descriptions due to different paths work just fine as well.

It would need to be another column because both HIPS and firewall rules have a column for ‘Treat As.’ And because file groups exist and you can create rules for these file groups it will be necessary to be sorted by priority. See you are only looking at the firewall but in HIPS if it were to remove priority sorting, then the all applications file group rule would always go into effect overriding application specific rules. So sorting by any other means is out of the question. Just because you don’t have the case to have application rules sorted by priority doesn’t mean others don’t.

This also applies to the auto-containment rules, you could have an auto-containment rule that applies to all applications or applications in a specific folder, but have a different rule for an application in that folder, how would CIS know which rule to use or take priority over? e.g. all applications that are rated as unknown to run fully virtualized, but have an application be ignored from containment regardless of its rating. This way of sorting has always been this way since at least version 3.x probably even before then too.

I realize that I’m talking about adding a column - the changes requested didn’t affect that, so I left it out for brevity. But yes, the applications rules section would contain columns for Application, Path, and Treat As.

And I never said you had to change the sorting methodology for HIPS or auto-containment. Go ahead and keep them the way they are. That doesn’t mean that these changes can’t be made to the applications rules - for which I have yet to see a concrete example why the order would matter.

I agree with you that the current method of sorting has been this way for a while - but that doesn’t mean that it’s for a good reason and can’t be improved.