New rules added at top

I am now using 17.304 and some defence+ rules get added at the top of the list rather than the bottom. Does anyone know why this is? Could it be installation mode?

It seems like it’s the same behaviour for the firewall. New items get added above the old ones.
Still don’t know why they choosed to change it, but I like it this way, since I’m doing some hardcore-configuration :wink:
Anyways, I’m sure egemen or Melih has an answer for this one :wink:

Cheers,
Ragwing

I Love It this way Too … :■■■■

I have rules at the top that block certain things for all applications. If a new entry goes at the top it bypasses my global block. I block running of executables from the user directory so anything downloaded by a limited user cannot be run. If something is added at the top it will bypass this important protection.

Is there any reason why ‘File Groups’ couldn’t be separated from ‘Application rules’ just like ‘Global rules’ from ‘Application rules’ for firewall?

So the processing of the rules for Defense+ would look like this:
File Groups > Application rules

and for Firewall:

outgoing connections: File Groups > Application rules > Global rules

incoming connections: Global rules > File Groups > Application rules

If the rules would be proccessed this way, it would also allow sort ‘Application rules’ by name ( I think :stuck_out_tongue: ).

I think this is an excellent idea :BNC . Any single application that needed any special rules that overrides the global ones it could be given a group of its own any placed in the correct position in the global rule list.

I like global rules as I want certain things blocked even when in training mode to provide basic protection even if some user accepts the wrong thing.

One of my main problems is finding things in the application list in defence+. I don’t care what order they are in as far as rules go and would love to sort on program name.

Has anyone got an answer to my original question?

Hi Everybody, since updating to V3.0.18.309 I’ve noticed something about the application rules that get applied. In previous versions of CFP 3 the application rule “Comodo Firewall Pro” always remained at the top of the list. But because of recent updates meaning I had to start my application rules from scratch I uninstalled my previous version and then installed V3.0.18.309.

Now I have noticed that as my application rules get added to the list some are above the “Comodo Firewall Pro” rule and some are below it.

Does the “Comodo Firewall Pro” rule need to be at the top of the list or does it not matter?

Any help would be much appreciated.

Thanks In Advance.

Bump

It should not matter. I have not noticed any ill effects by having CFP rules below others. Since rules are processed top down, the order in which you have your rules may make a difference if there is any overlap. An example of this is svchost.exe. I have separate rules for svchost, but it is also part of the predefined policy for Windows Updater Applications.

Al

It does matter. I have rules that apply to large groups of applications blocking certain things. An example is to block any application running a program in the user directories (ie where a limited user can write to). If a new application is added at the top my blocking rule is not applied to it. This is a big problem for me.

Did I not say it matters if you have overlapping rules?

Being added at the end or top can cause problems depending on how specific or broad a rule
is made and whether it conflicts with other rules. If there is no overlap then it should not matter
where the rule is placed. At least that is my understanding. Someone please correct me if this is wrong.

Al

I do have overlapping rules.

I have users of my computer who have absolutely no understanding or interest in computers apart from what they need. If they get a pop-up they will just say yes in order to carry on what they are doing. They are all limited users so I have a rule that stops all applications running any program outside c:\program files and c:\windows. This stops them running any program from any directory they can write to and is an effective way of blocking nearly all malware. This can be done if you have windows ultimate with a software restriction policy. However, a software restriction policy is rather inflexible and is buggy in Vista. It also means buying Vista Ultimate, the full version of which costs (last time I checked) $700 in the UK.

The result is a set of rules that have to be on top of all other rules. It is actually more complicated to allow for software installations from other directories. I can use the parental control option in Comodo to block everything but this has to be turned off some times for training.

The real annoying thing/problem with rules being added at the top (by answering alerts allow/block and remember) is that “all applications” group (computer security policy) becomes useless in some sense. As rules are processed from the top newly added apps are processed before that group, thus permissions/restrictions carried out by “all applications” are not applied first of all, which is no good. To keep things in order you need to move that group manually to the top of the list every time new app was added.

I have done some testing. The only way I could get a application to be added at the top was to install an unknown new application (not in safe database). I can only guess the developers made it add to the top so it was easy to find.

This is NOT good for security. This means any new unknown application will bypass any global rules I have set up in defence+.

Am I right about this?

Can it be changed?

Are you running in other than Paranoid Mode because everything is added at the top for me I know it is easy to move them click and hold but I still prefer them added to the bottom like they always have been in the past.
Dennis

If a delete an application from the defence+ rules it adds it again at the bottom. Perhaps it does not delete it fully so it comes back on the bottom again.

1 .The first thing is - it’s up to you, how to answer an alert, and only you can make some application bypass your own global rules by answering alert.

  1. The second thing - if you have some global rule and some new(or old) application will do behavior affected by the rule - it will be handled according to the global rule and no alert will be shown. If the behavior is not affected by the rule, than allowing/blocking it will not bypass your global rule.

The only exclusion is answering with ‘‘threat as’’ option, but in this case it’s again your decision to threat the application not like the other.