Rules for incoming traffic not created correctly, Stealth port wizzard issue

Hi,
i have Win7 64bit and latest 3.14 Comodo.
I want to have firewall “resolution” per port used, so i set Alert Settings to High.
Then outgoing rules are created correctly per port, BUT if i get incoming request, the resulting rule is too “general” - see the attached image - rule with red dot.
I expected a rule like the one below it - limiting the port and source IP.
Rule like this allows access to whole subnet and any port, which is definetly not right.
Definetly a bug.

Second thing is when i use Stealth port wizzard, it only ADD rules to the Global Rules section, NOT removing allready created rules. This might result in mixed rules, i would expect they will be replaced.
Adding Trusted network makes Allow rule for System section in Application Rules, which is also not removed when i choose different option in the Wizzard.

I also experienced BSOD after setting restrictive policy and removing some user rules.
And one total machine freeze later.
I will try to upload the minidump to proper section.

[attachment deleted by admin]

I want to have firewall "resolution" per port used, so i set Alert Settings to High. Then outgoing rules are created correctly per port, BUT if i get incoming request, the resulting rule is too "general" - see the attached image - rule with red dot.
You need to set the alert level to Very-High for rules creation based on IP address and Port number, however this is a known bug of comodo creating Incoming rules with Ip address only, well at least I have experienced this issue long time ago with older v3 of comodo firewall and someone else had noticed this behavior during an update to CIS but I cant find the post, but I did find a reference about it here https://forums.comodo.com/feedbackcommentsannouncementsnews-cis/comodo-internet-security-313125662579-released-with-new-av-basescav-t49122.0.html;msg353610#msg353610 hopefully it does get fixed in v4
Second thing is when i use Stealth port wizzard, it only ADD rules to the Global Rules section, NOT removing allready created rules. This might result in mixed rules, i would expect they will be replaced.
I agree and I can reproduce this, but I think it used to replace custom rules before and I think it was changed because people complained about there custom global rules being erased after using the port wizard.
Adding Trusted network makes Allow rule for System section in Application Rules, which is also not removed when i choose different option in the Wizzard.
This is supposed to happen as adding a trusted network you want to be able to fully communicate with the network regardless of steal port wizard setting.

I think CIS gives ample options for customized rule changes. You can check whether I understand you correctly or not.

Open CIS-Firewall-Advanced-Network Security Policy

Double click on winvnc icon there (as you seem to edit that). It will open

Network Access Control Window

Click edit for which you want to change rule.

It will open the window Network Control Rule (which contains four buttons). The default entry in each of these is ‘Any’ which means, if you change rule under source address to a particular IP, for other four buttons Destination Address, Source Port and Destination Port, the rule will be ‘Any’.

Go to each button, change as you wish like UDP only, TCP only or just incoming for each of the above. CIS gives you options like ‘specific port’, ip range, single ip address and even ‘mac’ address.

Hope I understand you properly and this helps.

(BTW I am not an expert. Hopefully Ronny sees this post and he can help you further, if it is complicated than this).

Thanks Futuretech,
my Alert settings is High, which is alert for each:

  • TCP
  • UDP
  • port

Very High adds IP address to the rules which i do not want.

The rules are created correctly for Outgoing, but not for Incoming, i know how to set my own rule and if you look at the screenshot, the rule under the one with red dot is created manually.
Good to know this is known issue, but i think it should be fixed, because it just do not behave like it should.

Issue with the Wizzard - if i have port forward from router, i need to make Global rule for it, so i understand deleting everything can make more problems then creating new rules.
Anyway the authors should think if this is the best way how to solve this.

I can live with that issues as far as i know they are there, i just wanted to let the authors know this is happening.