Now that we have Threatcast out (albeit beta) we want to consult our users if they want to contribute by re-designing our alerts. Afterall those alerts are for you 
so who better than you to decide what you want in them!
go ahead, the shape, the sections, the wording etc is all up for modification!
Please post your designs back here and we will then all discuss to see the best one!
thanks
Melih
Cool idea. Actually I have always loved the design and shape of Zone Alarms alerts. They are like quotes. One thing is I think the alerts could be smaller maybe like half the size. Other then that I think they are fine.
Thanks for setting up this thread, Melih.
First of all, i should say that alerts are already great and descriptive. And after some time (after you learn âservice control managerâ, âinterprocess memory accessâ etc. etc.) it is easy to deal with them.
If i will find one .bat file i tested recently, i will post back here⌠with suggestion.
excellent.
Pls get the photoshop out and post some snapshots of designs pls⌠Its much easier to see what you want with designs if you can.
thanks
melih
I hope more detail in the alerts. for example tell us which com interface be called and the fuction of the com interface. thank you
Iâll have to start deleting rules and changing modes, because I havenât had any alerts in a while now ;D
please give us more options to the firewall alerts like âallow this program to connect to this ipâ so the program is only allowed to connect to all ports to this one IP.
the same rule with port âallow this program connect on this portâ
and a combination of both lik âallow connection to this ip and this portâ
âthis portâ or âthis ipâ should be the port and the IP the program actually wants to connect.
this would be great so you can create cool rules without going in comodo interface
Hi everybody,
Some suggestions about alerts.
Alerts on snapshots were received during execution of batch virus (more joke than virus, but anyway be careful). Code can be found here (post #9).
First alert (screenshot 1) iâd like to bring attention to. âSafe app tries to execute safe appâ. Often this is true, but in current example this is not. You know better than me that reg.exe is very powerful app and can be used in malicious batch file to delete/create/modify registry keys to do harm to system. Although this is possible only if reg.exe has appropriate permissions under computer security policy (and this is possible if user uses frequently legitimate batch files with âregâ command), some warning would be good i guess.
Activities on second, third and fourth alerts (screenshot 2, 3 and 4) do not pose any threat, but can bring minor (yet annoying) troubles to user. My suggestion about some warning is same.
It is just simple example, that shows that unexperienced user may have some trouble, âsafely allowingâ activities.
Looking a bit further, i think alert for cmd.exe (screenshot 5) should be similar to alert for wscript.exe (screenshot 6), i. e. âunsafe appâ because cmd.exe may have permissions to execute reg.exe, tskill.exe etc. and these apps may have some permissions in computer security policy (e. g. user needs such policy because of frequent use of legitimate batch files). In this case once he âsafely allowedâ cmd.exe the game may be over.
Just my 2 cents.
P.S.: Guys, hope you wonât change current look of alerts much taking in account all âsuggestionsâ for those who used to them and consider them very convinient (B)
Regards,
Yuriy
[attachment deleted by admin]
Yes, I support the idea behind that! But please donât clutter the interface with thousands of options. I want to see with one glance, whatâs going on and any new option will make this harder.
So I prefer one option âCreate custom ruleâŚâ Which opens directly the âedit dialogâ, which we can reach from the comodo interface of this particular application. Of course not only for Firewall, but also for Defense+ events.
I miss this especially for Defense+, where I have to go to the interface quite often, to modify the rules with wildcardsâŚ
And a second thing: I like the feature to click on the filenames and getting the file properties dialog. Could you please add an analog feature for IP-addresses, so I click on an IP-address in a firewall alert and CFP will do an DNS Lookup, which gives me the domain name and owner of the IP. So it would become easier to decide, if a connection should be allowed or not
A change to the GUI would allow all Firewall predefined policies to be shown in all Firewall alerts, and all Defense+ predefined policies to be shown in all Defense+ alerts. Oneâs answer to the current alert can be considered logically independent from what, if any, predefined policy should be applied in the future. âTreat this application asâ should not be an option mutually exclusive to allowing or blocking the current request. Rather, âTreat this application asâ should be its own logically independent option on the same screen, but not within the same option group as âAllow this requestâ, âBlock this requestâ, and âRemember my answerâ. If the developers want temporary policies to be available (Iâm not sure if this is the intention or not), then there should be a separate âRemember my answerâ checkbox that pertains to only the predefined policy dropdown box. The semantics would be that if one chose a predefined policy to be applied in an alert screen, it will be affect which future alerts may appear, but does not affect the current alert. If one chooses to assign a permanent predefined policy from within an alert, the âRemember my answerâ checkbox for the allow/block request should be disabled, since the predefined policy will â â â â away any existing rules for the given program.
Not having all predefined policies available appears at first glance to be a bug. Also, not having all predefined policies available may prevent some usage scenarios, such as one I posted about previously and was fixed in a later version of CFP.
Instead of using the terminology that a whitelist program is âsafeâ, perhaps use the term âlegitimateâ or ârecognizedâ. Internet Explorer, for example, is a legitimate program, but it is not necessarily safe!
I would like to see a driver install attempt always have its own specific alert, instead of sometimes being lumped in with the Service Control Manager alert, which is a common alert.
This would be great.
To make things easier on new users, it would be helpful if alerts for the pseudo COM Interfaces would include the exact same text as used when editing Computer Security Policy. For example, a new user might have trouble understanding that âService Control Managerâ in an alert = â\RPC Control\ntsvcsâ in Computer Security Policy.
I would like this also please. Maybe it would be called something like âEdit programâs Computer Security Policy after closing this windowâ (for Defense+ alert) or âEdit programâs Network Security Policy after closing this windowâ (for firewall alert). The new window should appear after and not before the alert has been dismissed, so that the rule from the alert is included if it was remembered. This feature would be available only if the user is not currently editing any policy settings, to make life easier on the developers.
Ability to log in alerts ie. box to tick.
Dennis
In an alert, it would be nice to be able to see what group(s), if any, an item belongs to. For example, in an alert about registry key *\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad* being modified, also include the fact that *\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad* is part of group Automatic Startup. This would help the user know what the registry key is used for. The same idea applies to protected COM Interfaces and protected files/folders. It could even apply to which file groups, if any, an executable file belongs to.
This change would fulfill this personâs request and the similar request I previously made in the wishlist.
This change would help the users understand how the item(s) in an alert are used, in order to make a more informed decision about the choices to make in the alert. Also, this change would require no changes to CFPâs internal data structures and would not impact any other user interface elements other than alerts.
It would be nice if CFP would have a settings dialog box that would specify which user interface elements will appear in the alerts, especially if some of the other suggestions being made here are implemented. The user would then have to see only what he/she cares about in an alert.
In a firewall alert, it would be nice to âramp upâ or âramp downâ the generality of the rule generated, perhaps using the same slider user interface element from Alert Frequency Settings; the default slider position would be the setting from Alert Frequency Settings.
That is a great idea but with all the other great ideas i donât think they would fit with a zonealarm size alert :D.
I want something similar. I like how eqsecure puts file descriptions instead of filenames if its possible to make it easier on the user.
See here: http://img150.imageshack.us/img150/4787/pu1xc3.jpg
I love this idea. I think a better way to implement it though is BigMikeâs way.
Like i said before, love the custom rule idea.
The DNS lookup may not be possible because either comodo would need to run their own dns lookup service or pay some other site for it. I think they have paid enough money developing cfp. Unless ofcourse it is free to do a dns lookup.
Good idea for those powerusers but for novices this might be confusing.
Maybe it could come up during the alert and if you press ok after making the rule it will save and if you press cancel it will go back to the alert.
Nice feature like eqsecure.
Heres an example for anyone who wants to see: http://img150.imageshack.us/img150/4787/pu1xc3.jpg
Deffinitely, donât want anyone to get unhappy if their fav ui changes.
I am guessing you can pick how much information is provided. Nice idea since its not possible yet.
