Is there a way to create rules for all files on comodo’s whitelist?
I was hoping that “safe files” would be available under the “file groups” menu, when creating a new rule in “network access control”.
If this isn’t a feature currently available I suggest that comodo consider adding it. That way they could replace the current rule to reduce pop-ups (that allows all requests) to just allowing requests for known safe files.
This could also be applied to Defense+ which would allow the reduction of all alerts along the lines of “### is a Safe application but is…”
There’s no need for this if a file is safe and Comodo is running in safe mode, Comodo will automatically allow the request, no need to waste time processing rules for a file that’s already deemed safe.
Why would you not want to be notified when someone tries to connect to your PC, which is what this alert indicates?
Typically, when you have Firewall/Firewall Behaviour Settings/‘Create rules for safe applications’ checked, you will not receive notifications when a ‘safe’ process makes an outbound connection.
1: to reduce unnecessary alert (after all this is something that Comodo has tried to tackle with version 5.8 )
2: what I am proposing could be applied to outbound or inbound traffic. 5.8 allows all outbound connections automatically by default . What I suggest would work just for safe files. And would reduce pop-ups for safe files sending and receiving data.
The only notifications for inbound connections you should receive are when an application is acting as a server, for example for file and printer sharing or a web/ftp application. Other than that the firewall uses stateful inspection, which basically means any packet received, which is not in response to a prior outbound request, is dropped.
2: what I am proposing could be applied to outbound or inbound traffic. 5.8 allows all outbound connections automatically by default . What I suggest would work just for safe files. And would reduce pop-ups for safe files sending and receiving data.
As I mentioned in my previous post, you can already do this for outbound connections, which is really all you need.
“Add rules for safe applications”, doesn’t do anything more than add extra rules to the security policy.
Because if you are running in “safe mode” then all outboard requests from safe applications are allowed and learned by default.
This therefore wont reduce any alerts for safe applications.
I want an option to allow all inboard request for safe applications.
Forgive my curiosity, but what is the purpose of creating inbound rules for Xfire and Steam, is this for p2p or running a game server? Also, can you explain what you mean by “Windows”?
xfire and steam both contain chat clients and server browsers.
as with windows: comodo often shows alerts saying that “system” is a safe program but is trying to receive a connection" or “system” is a safe application and is trying to modify…
these are related to elements of windows trying to perform tasks. but the popups are very vague and dont really need to be show.
The ‘chat’ facility and the ability to browse various game servers, as far as I know, don’t require inbound ports to be opened. With Xfire, however, there is a p2p facility that requires port forwarding and thus potentially a Global rule to be configured for inbound connections.
as with windows: comodo often shows alerts saying that "system" is a safe program but is trying to receive a connection"
is firewall related and
or "system" is a safe application and is trying to modify...
is D+ related.
Just because CIS tells you a process is ‘safe’ doesn’t mean it should be able to receive any and all inbound connections, or be able to modify any process. For example, there are many well known NetBIOS exploits for which the System process is responsible. If you simply allowed all inbound connections to this critical process, you could well be opening the door to something you’d rather wish you hadn’t.
these are related to elements of windows trying to perform tasks. but the popups are very vague and dont really need to be show.
Indeed they are and I agree whole heartedly, that for less technical individuals, the information contained in the alerts can, on occasion, be less than useful. But this is where the changes need to be made, not to simply allow potentially vulnerable processes, to receive any connection, without some interaction/notification.
As I mentioned earlier, there are, for most normal users, few occasions when explicit inbound connections need to be allowed through the creation of firewall rules. For those applications that do need these rules, you’ll find plenty of threads with pertinent information, and if that fails, it’s easy enough to ask a question.