Hi all,
why is Comodo making rules for different parents (it’s bothering me, becouse the same rule is multiplying for diferent parents)… Can this parenthood be disabled ?
Welcome, death_paladin9 (:WAV)
The “Parent” part of the application rule is there for increased security; allow me to explain…
Let’s say your browser is Firefox. If you start it from a shortcut on your desktop, Firefox is not running itself; it’s being “called” by explorer.exe, which is the Windows shell application. Thus, its “parent” is explorer.exe.
If you open it manually from within the firefox folder, it will be starting itself. Thus, firefox would be its own parent.
Now, imagine that you get a virus/trojan/etc on your computer, and it tries to use the browser (in this case, firefox) to connect home with your personal info. You get an alert from CFP that “abcd.exe” is the parent of firefox. Hold on! That’s not right. So then you know there’s a potential problem, and you can choose to Deny the connection.
You really shouldn’t see more than a couple parents for any given application. However, if you have your Alert Frequency set to High or Very High, you’re going to get IP, Port, Protocol, and Direction-specific alerts for applications, which may seem like you’re creating duplicate rules. I mention this only because it sounds from your post like you’re getting a lot of “redundant” alerts.
Hope that helps. If not, please give more specific info and we’ll walk thru it.
LM
Thank you, it does help. The problem is to have all in perfect order. I was trying to use my applications under total control of firewall. I used to had Kaspersky Anti-hacker in KIS 6.0. The rules control + aplication templates were more user-friendly. But sadly my trial licence has expired. So I was looking for an alternative for it and Comodo is one of the best firewalls. Althou Comodo works much faster then Antihacker. Maybe something could be done about the interface:
- each aplication should have sub-group of rules
- templates for known aplications would be nice (Yes you can enable Comodo certified applications, but then rules aren’t showing in the list for such apps)
This things would probably make a lot of Comodo users happier, but then it offers a lot already, since it is free
The concept of what you’re wanting to do is in the Wishlist already; Comodo is very diligent to work from that list in providing features/improvements for the firewall.
I think once you become more familiar with CFP, you’ll realize that your applications are under the total control of the firewall. CFP will not allow any application to connect that you do not authorize; by not using the integrated safelist, you can even control all Windows processes, down to the IP and Port that they’re allowed to connect with. Then, whatever access you allow an Application via the Application Monitor, it can only connect to the internet if there is a “matching” rule in the Network Monitor.
For a simple example, let’s say that you use FireFox for your browser. In the App Mon, you limit its connection capabilities to a destination port of 80 or 443, with IP Protocol of TCP/UDP. If you don’t have a rule in the Network Monitor to Allow TCP/UDP Out, FF cannot connect, no matter what you allow in AppMon. You could go even further by creating NetMon rules to specifically match each AppMon rule; in this scenario you would have a TCP/UDP Out with Destination Port 80 or 443. Since all other rules would be specific as well, that would be the only one matching up w/FF (and the same for every other application).
This way you can control how things like Windows Updates occur, and make sure that vulnerable services are limited in how they access the internet. A lot of security-conscious users do this sort of thing, with the idea that the Windows services are easily corrupted by viruses; limiting their access limits the potential damage-causing capabilities. For instance, if the Windows Update unit can only connect to a specific MS IP address on a specific port, and it gets hijacked by a virus, it can still only connect to that IP address on that port (without any additional permission from the user).
Hope that helps,
LM
I didn’t pronounce myself right, sorry. I ment to say, I’m new to Comodo. And the interface is sometimes confusing to me (I hope in time, I will get used to it). It’s good to know, my wishes are already on wishlist :■■■■
PS. I didn’t find Source IP and source port to be set in Aplication rules. That would be also appretiated (:AGL)
This is true. It is considered that since the application is on your computer, that is automatically the Source. It would be nice to set a Port for the application to be allowed; however, the application would have to know to use that port, or it wouldn’t do much good… So that would be something to set within the application, rather than the firewall (since the firewall does not have control over the application itself).
LM
Source port setting is usefull for lots of safety reasons. That is precisely why (you mentionet it above) it should be abble to be set. Incoming connection applications are listening on destination port. In most cases, source (remote) ports change manytimes and it should be set on any.
But with outgoing connection it is good to know, wich (Source) Local port it can use and more specified rules can be set.
Source IP is also very important for the incoming connections, becouse someties you wan’t to allow only certain IPs, to connect to your Server app.
From my point of view, comodo (as a good firewall) should have those two options.
With a Server setup, it’s a different issue… you would define that (and all other incoming connections, even w/out a server setup) in the Network Monitor. Just remember then that for Incoming, the Source is the remote computer, and Destination is yours.
I’ll refer you to this thread: https://forums.comodo.com/index.php/topic,6167.0.html, specifically to the sections on Network Control Rules and CFP’s Layered Rules, which are both on the first page, with quicklinks in the first post. That should help you get an excellent understanding of how this firewall works.
LM