[b]Very High:[/b] The firewall shows separate alerts for outgoing and incoming connection requests for both TCP and UDP protocols on specific ports and for specific IP addresses, for an application. This setting provides the highest degree of visibility to inbound and outbound connection attempts but leads to a proliferation of firewall alerts. For example, using a browser to connect to your Internet home-page may generate as many as 5 separate alerts for an outgoing TCP connection alone.
High: The firewall shows separate alerts for outgoing and incoming connection requests for both TCP and UDP protocols on specific ports for an application.
From this description looks like “Very High” (proto+port+IP) really works for me like “High” (proto+port).
Anyway, Radaghast and dbrisendine had no such problem.
With the 30 sec. testing, it seems you are correct. I suspect this is a Comodo DNS problem as Killswitch shows repeat connections to a address server for pages opened with the 30 sec. delay. Will keep testing and report more later.
I just want to confirm that I have the same problem on Windows 8 Pro x64 with the Very High alert setting.
I just installed win8 over the weekend and got the latest versions of all my programs. After I got over the UI shock of 6.0, I noticed this same behavior in all 3 of my web browsers, Firefox 18, Chrome 24 and IE10. (Previously I have been using comodo 5.x on win7 x64 for a few years now)
Chrome and IE10 create a new process when a new tab is opened, so I also tested to see if alerts would come up for these new tabs and they do not. Only when the program is completely closed, including all tabs, and then restarted, do I get the alerts again. So it appears that the firewall is temporarily whitelisting the entire program after the alert for the first website and not just for a single process.
(I’m impressed Google found this thread so fast lol)
I’ve been playing with this again today and it looks like I was completely wrong. I reinstalled XP and Windows 7 with CIS 6 and ran the tests again. Basically, if the ‘Remember’ option is used, the correct (ip/protocol/port) behaviour is observed for each connection. However, if one chooses not to remember, only the protocol/port combination is used. After the first unique combination of protocol and port, all subsequent connections using the same combination are allowed without further alerts.
As I mentioned earlier, we’ve definitely seen this before, I just can’t find the thread/bug, however, I tried the same experiment with 5.10 and the results are the same.
Unfortunately I might have find an answer… Few lines below what I’ve posted earlier is:
The Alert Frequency settings refer only to connection attempts by applications or from IP addresses that you have not (yet) decided to trust. For example, you could specify a very high alert frequency level, but not receive any alerts at all if you have chosen to trust the application that is making the connection attempt.
That is a weird change since 5.x. I understand that most users are not pro-users using default settings and training mode, however if I purposely set “Very High” alert rating then I know what I am doing.
So looks like there is some hidden flag (or whitelist as kojo said) which is not set for “allow+remember”, but is set if used “allow” alone, then connections using the same proto+port behave as “Allowed Application” rule.
We believe this problem to be resolved, because you told us so, it’s on a fix list, or we have checked and found it resolved. So I am moving it to resolved issues.
If you feel it is not resolved, now or at any time in the future, please PM an active mod who will move it back to the main board for consideration. When it is moved please add to the topic your reasons for believing it not resolved.
