'Network Monitor' overrules 'App Monitor' - bug?


I stumbled upon the following issue:

I experienced serious problems with my torrent client ‘uTorrent’ - downloads were nearly impossible and uTorrent told me, that the standard port used (63233) ‘does not appear to be open’, although uTorrent was ‘Defined as a Trusted Application’ by myself

Pic1 - Trusted Application:


After some investigations I found out, that the Network Monitor is blocking the specified port.

Pic2 - Network Monitor blocks port 63233:


The port was blocked until I generated a rule myself inside the Network Monitor which allowed all inbound/outbound traffic using port 63233.

Pic3 - Self-defined rule for port 63233:


After that little tunning uTorrent started to work properly… the point is: is this the intended way Comodo should work? To me it seems more like a bug if an application - although set to ‘allmighty mode’ - is still being blocked… :-\

Any comments on that are highly welcome!

Welcome to the forum, Erian!

It’s not bug because network rules define how trusted applications in the application rules are allowed to interact with connections. For example, by default it would not be secure to allow incoming connections to uTorrent on all ports. That would just leave uTorrent wide open when it only requires one incoming port. An additional network rule is required for uTorrent just like the one you added. However, you should change it a bit so that it only allows incoming tcp/udp to that designated port, not outgoing. The reason is because your top rules should’ve already allowed outgoing connections. (Network rules are prioritized from top to bottom).

In a basic sense, applications in your AppMon are the ones you assigned to be allowed internet access, while NetMon are global rules that specifically control how they are connected to/from the internet (like a router).

Attached is my network rule for uTorrent. Also, if you have the default certified applications by Comodo option enabled then you don’t need an application rule for uTorrent.

[attachment deleted by admin]

Thank you very much for the clarification! :slight_smile:

With this in mind

…network rules define how trusted applications in the application rules are allowed to interact with connections
everything becomes absolutely clear.

However - seen from a user-perspective / usability-perspective it seems somehow unlogical to me. Let’s assume someone is not very familiar with this “philosophy” (and I’m not a newbie - I graduated in compter science after all 8)) he can easily find himself getting desperate wondering “what the hack is wrong with this application”. From my perspective I did everything right - uTorrent didn’t work, so I made it a ‘trusted application’. Point. Not only that there is no hint about this not beeing enough… no, you get misleaded on top of everything!

The misleading point is the representation inside the ‘Application Monitor’ - instead of any hint leading you to the ‘Network Monitor’ rules it misleadingly displays the ‘Destination’ beeing -, the ‘Port’ beeing 0 - 65535 and the Protocol ‘TCP/UDP In/Out’ with a ‘Permission’ set to ‘Allow’. What else should someone assume than thinking that all Inbound/Outbound traffic on all ports will be allowed?

I hope you get the point - now that I understand what happened it’s seems to be more of a logical / usability issue to me - this problem might be worth a consideration for future versions of Comodo.

I absolutely agree with you on that. If CFP is somehow able to handle applications and bind them to network rules on the fly, there wouldn’t be a need to manually create a network rule. I don’t know much about the technical details involved, but that would certainly save inexperienced users a lot of trouble/questions. Might be something you can put into the wishlist if it isn’t already there.

This separation into network and application rules seems very irrational thing to me.

Example, i want to allow al applications make Dns requests (bi-direction TCP and UDP requests on port 530 - how should i ?

Or how should i allow any application to make loopback connections (127.0.0.* + IP’s of netork interfaces themselves) ?