My Comodo-needs (includes error description)

First I saw a nice Interface.
Then I found out there is really a lot to tryout with the different levels of alarms.
So I decided to start with the highest level of alarm. - NICE to see which definitions an application really needs. From this Information I builded the general summary for each application.

In most cases 3 definitions for a program - localhost (TCP in/out), UDP:53 for the gateway, TCP out.
When I had different parent-applications to add, I really missed the ability to simply add all the parent-applications in one step to the 3 lines of definitions.

In the way it works in Comodo, I got lots of lines, only because of the parent applications.
I thougth “OK, they builded it this way, because its easier to deal with the remember check from the alarm boxes”. - But it could be done in a different way.

Anyway - when you have builded nice definitions you are happy. - But then the alarm-box opens sometimes for some reasons of information, and because you want to know, what you left out in the definitions, you click “remember”.
If the definitions are right, there is no need for the “remember”. - So if I would get only Informations about things, that are not to find in the definition-lines I dont like that “remember”.
Note: The Computers should be used by different people, without the knowledge of all that stuff. If they get the alarm and they are confused or click the “remember button” for that is no need, the definitions are “broken” in most cases.

Two Samples:
I wanted that Comodo asks to give permission to IE (FireFox-User). - So I set it to “Ask”.
When the alarm-box came up I tried the “remember-button” - which I do not like, when I set it to “Ask” (not “Ask and Remember”).

  • But what came out was interesting anyway. Under The rule with the “Ask” there was the “rememberd” rule.
    So I thougth “OK” the “Ask” is still there above - at a higher priority AND there is to see the generated rule for manual change when wanted, - could be an interesting feature (do they had this in plan?).
    BUT after starting IE a second time and selecting “remember and DENY” at the alarm-box that all came out of order. - After a third restart of IE NO alarm came up and IE got FULL permission…
    ***** ERROR
    step 1) RULE:ASK → alarm - click “allow remember” turns to the lines: 1. ask, 2. allow
    step 2) → RULE:ASK → alarm - click “DENY* remember” turns to ALLOW at 1. line !!
    step 3) → start applicat. again → NO ALARM-BOX AND FULL ACCESS

… that cant be wanted !!! (in another case it turns out in blocked whitout alarm-box)
***** ERROR
SO this “ASK” is not for normal usage.
Instead of this “Ask” I would prefer:
“ASK without remember”
(Maybe as additional option “ASK with remember checkbox” - to OVERWRITE exactly this line of rule - MAYBE as an additional line UNDER “Ask” with less priority than “Ask” - for logging and the ability of comfortable editing later.)

Another Sample:
I disabled Alarm. - But got the message that IE was trying to use thunderbird. - Wanted to fix or see, what I could do to the rules and clicked “remember”…
So Thunderbird has lost all other entries of “parent applications” and lots of lines got the same entry…

Summary of that:
First there is a need for the option to disable the “remember” of direct rule changing for users.

What was usefull, If a second parent application is found - A “select-box” to which rules I want to add the parent application.

In my opinion, when the “user-action-alarm” is “unchecked”, there should only be nessesary security-information (possibly deny/notify via email…) and NO options to change existing rules.

Questions:
I tried to let out any “parent application” assigning (there are lots for browsers). - It only worked by checking “Skip advanced security checks”.
What is the meaning of this ? - Do I lose all other security-checks (Application Behaviour Analysis…) ?

NOW I want to say, that I like the way Comodo gives Information of desired rules, which I can fine-tune. - Thats NICE
… but it needs something that gives more control - what happens in “user-mode”.
(also not destroying all fine made definititions at a “lower alarm frequency” - with one click)

Hi piet, welcome the forums.

Comodo have all ready released CFP 3 as an Alpha test release a couple of weeks ago & I believe that impacts some of the things you’ve mentioned. On the Ask-Rule subject… I don’t fully understand the step 1 to 3 you’ve supplied. But, then again for me… its Saturday evening… ;D In any event, its best to report bugs to Comodo Support. Register on their system & raise a support ticket on it. Or to post in the BB’s CFP Help section, you’d get better exposure there.

If you wish I could easily move this topic to the Help section.

If you do contact support, please post any feedback you receive here, thanks.

OOPS - should be under “My Comodo-needs…” - could you move it?

Thanks for the friendly welcome !
The version which my description was about is 2.4.18.184 (not 3-alpha).
My Intention is to configure Comodo for “my” users so far,that they have to answer to no question which is not really afordable to ask.
That seems to be a more than a difficult task…

  1. First I have to see that it is not working to set an applic.-rule with “Ask”. - As I reported before! (answers to the popup with “remember” turns out in an additional rule, and in the end, after some steps the lines turns out of order with the problems reported above.)
  2. When some applic. (like antivirus) brings up popups sometimes (“appA” has changed "app"B in memory…)… - As I read in forum, to anwer the popup with remember, - I try the answer with “remember” and so I get a new rule to my perfect (til tis time) definitions.
    So I have to delete this not affordable rules.
    HERE ARE THE BIG QUESTIONS. I did not found the answer. WHERE is that point, wich allows ABA not to ask again stored or where is it to edit ? Am I really working with unvisible permissions to ABA?? (working with different users is normal!) Is there anything stored, after I delete the automatically added rules, which are not affordable for the apps-monitor). - Seems not to imagine to duplicate such confguration to different equal machines!
    Do I really have to disable ABA at the end of trying?
  3. Found no technical answer for what is that “allow unvisible connections”. - Have found an explanantion that the meaning would be - to tell that I trust the application… - but for what in detail.
  4. Also for what cases is that “skip extended checks” or so about in detail.

YES maybe this post should moved to support, but thats not really right, - because it has a lot to do about the design and the informations that this proggy delivers about usage.
As far as I have read in forum such problems are still in future release (3.0).

When it is really right, that only an answer with “remember” to a popup from ABA solves these popups and there is no sesult of the answers to see in configuration, the machine is loosing some of the security benefits of comodo. - Different users may answer in an wrong way, and I can only delete those added rules - because the applic.-rules have been allright before.

Until now I must say “This FW may have passed several leak tests, but it is loosing some security in the circumstances of normal usage”.
If Developers are adding a bit to the user-interface, so it is completely dealing with the features (within the rules), it should be a great success - for both worlds - easy usage AND powerfull usage.

…to disable “remember” when rule set to ask - and global.
…to disable specific ABA-popups (events) whithin applic.-rules.
…to add an additional parent applic. to selected rules easily.
…to duplicate all “learning-mode-data” to machines…

…would be GREAT and TIMESAVING !! :BNC