Some logd are missing ->applicatrion monitor allowed rules

Hello,

I didn’t find any way (in the soft, or using this forum) to have all the log I would like using CPF.

It’s OK for network rules. There is a check box to create a log entry.

But for application rules ?
AFAIK, a entry is created when a rule blocks something.
But if I want to create a log on a allowed rule application ? There is no way to do that, or I miss something ?

Please tell me.

Thanks.

You are correct. Only the network rules and advance security checks are logged.

There is no option that I know of to log Application rules being fired/hit… but then again, I’m not sure why I understand why you would want them to be logged… application rules are extremely specific, where network rules and the like are not… hence why they would need logs to follow what they blocked/allowed. An application rule… affected the application it controls… nothing more to know from a log… it did it’s job.

I’m intersted in why you would like them logged… maybe you have thought of a good reason.

For people who like to log everything, application logs will be interesting enough. Look at this fragment from my logs:

Who went to this address? Was it my browser? Was it Flash Player? Was it the Trojan I picked up lately? Was it Windows Media Player? I would like to know that very much. These Netmonitor logs don’t mean very much to me.

P.S.: Besides, it can also alert to the fact that some ‘functions’ on Windows can bypass the host file. Not too many people know that when you deny some addresses in the host file for svchost, the DNS Client service simply bypasses them. Now I don’t care however much Microsoft wants to spy on me because my XP SP2 is genuine… BUT if Windows itself can do it, so can any malware…

Paul Wynant
Moscow, Russia

I want to control my logs, that’s the point.
Network rules don’t help to know which application has triggered the rule, and the example given by p2u is good.
I can imagine for example to log all the traffic done by WMP, to know what this application is doing on the network. But for sure I only can do it on the application layer, and that’s not possible for Comodo.

For some users, it is not important, for some others it is.

Yes, I fully agree with you. I also think that we need better application log options.

Sounds like a great addition to the WishList!

Very good point, p2u - yes the rule is fired, but what did it?

LM

I added this point to the wishlist.

Well-done, ursule15!

As far as I understand, the new version of COMODO will contain this feature…

Paul Wynant
Moscow, Russia

P2u, I like your optimistic way of thinking !

:THNK
Russian pessimist and Russian optimist talking about the weather:
Pessimist: It can’t get any worse…
Optimist: Sure it can…

;D

Paul Wynant
Moscow, Russia

Paul, is the phrase (pardon the transliteration, I don’t have Cyrillic enabled) “yolki polki” (something about a “forest of sticks”) fitting there?

LM

2 Little Mac:
It depends. Yolki-palki is a euphemism (a word or phrase you use to avoid unpleasant or offensive language) for a very rude expression, which I won’t write here. In English you could translate it like ‘oh boy’… If that is the content of what you wanted to say as a reaction to my post, then the expression applies.
(:NRD)

Paul Wynant
Moscow, Russia

TNX for the clarification. I understood it (somewhat similarly) to refer to situation where things just can’t seem to get any worse. I did not know it was a “nice” way of saying something else… :slight_smile:

I’ve eaten at a restaurant in Moscow of (perhaps?) the same name (or at least similar enough to cause a joke…).

LM