So, does domain blocking work properly yet? Seems like it still doesn't.

So, yeah. I’ve been trying to use the COMODO Firewall from CIS 12.2 to block a particular process from accessing a certain domain. I did so by setting the firewall to custom ruleset, disabled any rule auto-creation, enabled alerts and added an app >>block TCP out<< rule for the domain “”. I had a number of rules for different IP addresses that this domain resolved to, so I wanted to replace them with a single domain rule. I did so while adding a new rule by using the destination dropdown box and choosing “Host Name” from the type list while entering “” into the textbox. I know, I know… the image below is an example from the COMODO help website and it shows the dropdown menu for the source address. I did it in the destination address instead.

Anyway, thing is after deleting all existing IP address rules for domain “” I am still getting outgoing traffic alerts for the given domain IP addresses. It seems like the host name rule is ignored. I’ve searched the forum and I’ve seen people have similar problems with earlier versions of CIS (i.e. CIS6), so I was wondering what’s up with this feature. Am I doing something wrong or is it still broken? The reason I wanted to use a hostname block is because some IPs may be dynamic. Using a host name would allow me to avoid having to manually add new IP’s each time they change and inadvertedly blocking some defunct IP’s. The domain is only an example in this case, there are other domains that I wished to block, and the connections do not necessarily use ports 443 or 80 (meaning all ports have to be blocked, meaning website filtering isn’t an option here).

These are my current collected IP addresses for the domain “” (this is likely not a full list, its only what I have seen in the firewall): to,,,,,,, to

Host name works too good in that comodo will use every IP address starting from the lowest resolved address to the highest resolved address of a domain at the time of performing a DNS lookup, even IP addresses that are not assigned to the domain. e.g. if you were to block every IP address within range - will be blocked. Hence using host name is useless and pointless especially when a host name resolves outside the initial address block at time of creating the host name rule. Also I think host name only works on parent domains and not sub domains, in your case is the domain while “login” is a sub-domain of It is a long time reported bug that more than likely will never be fixed.

Darn, that’s a bit pepega on Comodo’s end.
What other choices does a Windows 10 machine have to block domains? Will the hosts file work?

Yes using the host file would work.