Qns abt Comodo aft migrating from Outpost..

Help for v2
#1

Hi!
I just switched from Outpost to Comodo Firewall, but currently, I feel that the user interface for Comodo is rather bad compared to Outpost…

I do a question about rule creation in Comodo…

To me, creating rules in Outpost seems very easy as when an alert pops out, I can easily set a rule and have fine controls over the rules to set the port, IP, INbound/Outbound etc. for what is allowed and what is not.

However, for Comodo, it seems that I am unable to easily control the rules set by the application monitor unless I do it manually. THat is to say, when a alert pops out, i only have the option to allow/deny (with remember this rule)… And I can’t change if I want to allow all IP address or certain IP addresses, all port or only that specific port on the spot unless I manually go to the Application monitor to change the rule here.
This seems quite troublesome?

Also, am I right to assume that the Alert Freqencies (Low/High/Very High etc.) simply monitors more details like port etc. So, if you put it on Low, and allow an application with remember this rule ticked, it will simply allow THAT application regardless of what port its trying to access and if its inbound or outbound etc. To me, this all or nothing approach is quite tedious? Wheras Outpost allows you to create a rule nicely to suit your preference for future connection of the application… This allows you control your level of alert freqencies…

Also, the ability not to be able to group applications together in application monitor like Outpost also seems to be quite frustrating when you want to review all the rules…

Also, am I right to say that Protocol Analysis = SPI? So, if my router already supports SPI, turning on Protocol Analysis in Comodo will be useless?

Am I doing somethign wrong here… or is my understanding of Comodo wrong? Or is Comodo simply designed like this?

Cheers :■■■■

#2

G’day and welcome to the Comodo forums.

I do a question about rule creation in Comodo..

To me, creating rules in Outpost seems very easy as when an alert pops out, I can easily set a rule and have fine controls over the rules to set the port, IP, INbound/Outbound etc. for what is allowed and what is not.

However, for Comodo, it seems that I am unable to easily control the rules set by the application monitor unless I do it manually. THat is to say, when a alert pops out, i only have the option to allow/deny (with remember this rule)… And I can’t change if I want to allow all IP address or certain IP addresses, all port or only that specific port on the spot unless I manually go to the Application monitor to change the rule here.
This seems quite troublesome?

Also, am I right to assume that the Alert Freqencies (Low/High/Very High etc.) simply monitors more details like port etc. So, if you put it on Low, and allow an application with remember this rule ticked, it will simply allow THAT application regardless of what port its trying to access and if its inbound or outbound etc. To me, this all or nothing approach is quite tedious? Wheras Outpost allows you to create a rule nicely to suit your preference for future connection of the application… This allows you control your level of alert freqencies…

The Alert Frequency settings are the key to how fine the created rules are. If the frequency is set to LOW, you will only receive one alert per application, regardless of the parent application, destination address, source/destination ports, protocol etc. If, OTH, the frequency is set to VERY HIGH, you will receive a prompt for an application for every variation of parent app, source port, destination address, destination port, protocol etc. A setting of VERY HIGH will produce a LOT of alerts, but these will result in very granular rules. A setting of LOW will produce little alerts and the rules created will be a lot looser.

Also, the ability not to be able to group applications together in application monitor like Outpost also seems to be quite frustrating when you want to review all the rules...

Agree, it can be very frustrating if you have 10 rules per application, due to changing parameters. Luckily, the alpha version of CFP V3 support grouping for both application and network “policies” (what they are calling “rules” in the next version). The alpha also allows you to give a “friendly” name to a rule (i.e. - “ActiveSync Allowed”, rather than trying to remember what the rule concerning 169.254.2.0 relates to). As good as CFP V2.4 is, V3 is worlds ahead.

Also, am I right to say that Protocol Analysis = SPI? So, if my router already supports SPI, turning on Protocol Analysis in Comodo will be useless?

I’m not near a PC with CFP 2.4 on it at the moment, but from memory, you’re sort of right. The firewalls true SPI engine is INSPECT.SYS which loads as a kernel level driver. I’ve used CFP 2.4 behind Netgear, D-Link, Dynalink, Draytek and Zyxel routers and although they all incorporated SPI (and it was active at the time), there were still instances of malformed packets that were picked up, inbound, by the CFP firewall.

Am I doing somethign wrong here.. or is my understanding of Comodo wrong? Or is Comodo simply designed like this?

I don’t think you’re doing things wrong, but CFP is designed differently to other firewalls. Its hierarchical approach (inbound = network monitor > application monitor, outbound = component monitor > application monitor > network monitor) can take a bit to get your head around, but once the penny drops, it’s not that hard.

You said :

Cheers :■■■■

I said :

Burp! Thanks.

Hope this helps,
Ewen :slight_smile: