Specify FW/HIPS rule for particular service name, not just file/process


1. What actually happened or you saw:
FW/HIPS allows rules per file or process. Svchost.exe processes run several different services each.

2. What you wanted to happen or see:
I need to be able to specify rules per particular services. E.g. by having option to pick from existing Windows services, or specifying either full service name, or the short service name used with net start/stop <service> command.

3. Why you think it is desirable:
I need to block some services and allow others.

4. Any other information:
For example, Eset Smart Security allows that.

Thanks for a great piece of software!

I completly agree! Setting rules for svchost.exe is a nonsense. But I’m not sure if Comodo listens for any suggestions… They should use system with votes for features, not the forum.

voting for features is not good idea or :P0l


It would be desastrous if users could determine how cis has to work. Some, for example, have problems with cis because some settings are made, what is allowed or not allowed, what contradicts cis, and so on. Such users would then also program cis. :o No, thank you, then I would look for another security software.
Would Kapersky go this way? :-[

Strange and terrible suggestions!

Just read (a good example) :wink: :): (This thread shows what that could main: https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-v11006728-ndash-released-t123032.0.html;msg882912#msg882912)

author=barry I hope devellopment team will fix this sooner or later , it's one of those pesky little annoyances that could be easily fixed , [b]or can't they?[/b]


And so it shall remain. In all the many years I’ve been using comodo I’ve had no problems with malware, trojans, worms etc. :-TU :slight_smile:

this is no argument!
something does not work, users can turn off cis functions at any time! svchosts must be broken down into processes, better to know than ignorance!
CIS has virtualized the svchosts. I had to find out which process is what it is!

The whole list shows enabled files only which I want to be virtualized (see attachment).

I don’t agree. I understand that user may want features going against security, but in that case Comodo would explain why they do not do it. It is not a case with svchost. Svchost is a wrapper for apps which need to be executed as services as win services subsystem needs to communicate with them and to have some control over them. There are some services (= applications) I don’t want to allow communicate with some web servers, but there are some others for which I want to allow communication with servers I know (and trust)… If I disable svchost for any communication, all win services are blocked. Any application can be dangerous, so why allow communication at application level? Comodo could force you to allow for all or for none. This is the same logic as is now with svchost. I understand that not all end users know what svchost is, but for advanced users there should be possibility how to achieve that.

I have questions: Wouldn’t it be a very special feature only for relative few users? Is this wish worthwhile? Windows issues warnings when disabling or stopping svchosts that this could make the system unstable.
Don’t have those users the possibility (not so comfortable for YOU) to stop those programs via task manager or otherwise?

These are just questions, not suggestions!

Is there no way we will be able to filter services not globally (svhost) but filtering services one by one like windows firewall do ? I use both firewall only because of that, if one day i can desactivate totally windows firewall it could be cool …
I use comodo for everything, allow svhost on comodo and block the services one by one on firewall and its not really secure because i can delete a windows firewall rule in litterally 5 lines of autoit script :frowning:

No and I think there is a wish request for this to be added, it is up to Comodo if they will implement it or not.

Is there a place where users can vote for this feature to be added to CIS?

I would like to have that feature as well!


Top of the Topic screen next to Reply - Add Poll

Asking OP first.

Would you create a New Poll for this feature to be added to CIS?
I think more users are interested in having this.

i added the poll on the top of this topic ! This is really my #1 missing feature on comodo firewall since i downloaded it haha

You have my vote. :slight_smile:

Like I said a wish was already created for this, just need to use search, thus merged with existing wish topic.

Oh yes sorry for the double post then and thanks you for merging it ^^ for me this features is like essential, i have to allow svhost globally just because some services are essentials and all the rest like xbox features and even some 3rd party services can be created by programs and run on svhost, but they are allowed because you have no choice to block them separated from others services … so i use windows firewall to block services individually (i use windows firewall only for it lol)

A very good argument for having it in Comodo Firewall indeed (not having to use Windows Firewall).

I never could block individual running services with Comodo Firewall and blocking svchost as a whole is not an option as this would affect other essential windows functions in a negative way.

Please all vote for having this feature implemented!

1. What actually happened or you saw:
CIS currently does not allow one to create rules to allow/block individual Windows services. Instead, it only allows one to allow/block svchost.exe, which allows/blocks ALL services running on svchost instances. (of course CIS allows one to allow/block services which run on a dedicated process, by creating a rule to allow/block said process)

2. What you wanted to happen or see:
When creating an Application Rule, the Browse button’s menu could have an item titled “Windows services”. This would open a window with a list of all Windows services and allow the user to make one selection.
Then, if the selected service shares an svchost instance with another service(s), this(these) other service(s) would be automatically selected together, possibly displaying a warning to the user that these services will be allowed/blocked together. The rule then created will target that specific svchost instance.
If the service selected by the user does not run on svchost (runs on a dedicated process), the rule then created will target its process just like a normal Application Rule created for that process. Or the design decision could be to not display at all services of this type in this window, listing only services running on svchost.

3. Why you think it is desirable:
This feature is useful for those who configure CIS with restrictive firewall policies, denying everything incoming and outgoing by default.
Currently, when it is necessary to temporarily allow outgoing access to a specific service, for example BITS (Background Intelligent Transfer Service), the only way is to allow svchost through, causing all other services running on svchost to be also allowed through, which poses a privacy concern in the presence of data-collecting third-party services which may happen to also use svchost.

4. Any other information:

Too sad that this great feature doesn’t get the attention and votes it deserves.
Seemingly there is a wish and demand for this feature, so people start voting please!