Network Monitor Rule Question

Does this default rule in position 0 not totally defeat the purpose of outbound protection?

ALLOW TCP or UDP OUT FROM IP [Any] TO IP [Any] WHERE SOURCE PORT IS [Any] AND DESTINATION PORT IS [Any]

Not necessarily, because ultimately you still have control over an application’s network access in the “Application monitoring” rules. In other words, if you specify iexplorer.exe is allowed outbound to destination port 80, tcp, any ip, then that is exactly what iexplorer.exe is restricted to.

However, I personally do not like the “Network Monitoring” rules that load by default in Comodo. They are far too permissive for my liking, even if the final say on an application’s network access is governed by the “Application” rules. If one were to mistakenly allow too much network access while configuring a rule for a given application, there is little to nothing in those liberal “Network” rules to safeguard against this kind of error.

So, I guess also if I put an allow rule in the network monitor for a certain port… I still have to give access to that port for a specific application or ‘allow all’ for specific application in the application monitor rules before it can be used?

Correct. However, the Network Rules work in order from top to bottom, with the top-most rule having priority over all others beneath it, so if you were to place the “allow, udp/tcp, in/out, destination ip: any, destionation port: any” rule over-top a more restrictive one such as "allow, tcp, out, destination ip: any, destination port: 80,443 then it will make this latter rule redundant. I still like to purge Comodo of most of its default network rules in favour of my own.

Below is a screenshot of my partial Network Monitoring rules profile. I’m behind a router so no qualms about revealing my local ip addresses :wink:

[attachment deleted by admin]