@Commando: this is called thread hijacking. You ask a totally unrelated question that should be a new thread >:(
Back to the original topic: if a popup tells me a program wants to act as a server, it’s the LISTENing of the process on some port, no traffic yet. Consequently, if I say YES to the question and ask to remember, is the Application Monitor the only place where I can find this decision, i.e., is the rule created the only persistent information? Why can’t I distinguish between LISTENing and actually receiving traffic? There are many cases in which I want to allow a server to LISTEN, but not to receive traffic
There are other popup questions related to certain traffic or invisible communication… do I really find all such decisions in the available Application Monitor rules? How does this map? You use different terms in both places, so it is not quite clear what belongs to what.
Personally, I used to work with Kerio PFW and I am actually considering going back to that firewall, as Comodo has a rather obscure separation between Network and Application Monitoring. The decision which application should be allowed what, is at the application level. Consequently, if I have applications using UDP (e.g., for VoIP) and TCP (e.g., for HTTP, FTP), my network rules will either take the trivial form of allowing all UDP/TCP traffic, anyway, (making them obsolete), or restricting traffic to only the ports needed by the applications. That, however, is already defined in the applications, so a redundant definition would not make sense.
The architecture of the firewall may be such that there are cases in which a basic network security should be applied, on top of which application security may be set… however, this does not make everything very transparent.
Further, the automatic rule generation (“remembering”) does not generate specific rules to allow traffic to a certain port, but rather very generic rules, possibly opening more than desired.
The Comodo firewall is nice but I still see the Kerio PFW superior in transparency and flexibility, not to mention the automatic rule generation feature there.