Playing Mr. Detective with event logs is getting tiring.

Okay, this REALLY needs to be changed. It’s super annoying.

I’m getting applications blocked and I don’t know why!

There is no rule blocking the application. I’ve set it to be as permissive as possible.

It’s an application that can send/receive a lot of packets - so I’m guessing it may have hit the flood settings?

Impossible to tell, but if you’re doing something like streaming video or downloading a file, you can easily hit the “20 packets/second” default that the intrusion detection has.

What we really need is something - ANYTHING telling us WHY something has been blocked.

Because sometimes digging through the rules (especially when there are about a thousand per-application rules) is tedious and frankly often simply doesn’t work at all.

I don’t want to play Mr. Detective every time something hits a setting and/or rule that blocks it. It’s getting old and tiring. Half the time I just give up because there’s no way I can figure it out. Event logs should indicate the source of the event.

Better, more informative logs would be a great addition. Gets my vote :-TU


Did the Firewall alert’s time out?


I do agree that the logs should indicate the rule fired when the logging occured. It would make things much easier.


Please add the rule name that was triggered into the log.

Rather then simply adding the rule name, I have long wished for the ability to be able to go directly from a log entry to the rule that triggered it.

ie, right click on the log entry and select “Go to Associated Rule” which will open up the Rules Window with the correct rule highlighted, rather then seeing the rule name and then having to manually go and find it.

+1 let it clean and direct.


it’s often impossible to understand why something doesn’t work with firewall on and works with firewall off. Especially when the source is svchost.exe, Windows Operating System or something like that. In such cases I’m forced to disable the firewall temporary, which is quite annoying (especially when the firewall status is not indicated by the tray icon, and I can forget it disabled for a long time).

A nice option would be ‘Show log’ in the tray icon context menu.

A workaround is to have a shortcut to “C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe” (N.B. This location is XP specific) in the Quick Launch area of your taskbar.

cfplogvw.exe is the log viewer that is started by clicking on the MORE button in the standard logs.

Ewen :slight_smile:

yes I strongly support this

I don’t think it’s necessary to see which rule was fired when the application is already mentioned. However, since logging needs to be activated for every rule, I’m in favour of adding a general setting for logging:

  1. Logging off
  2. Log events according to rules
  3. Log ALL events

I support the motion, logging the rule that triggered the log entry

The “logging everything” option would also be nice. As I suggested in another post:;msg364372#msg364372

when the “Block fragmented IP datagrams” option blocks a packet you have no information in the log at all.