Is there no way we will be able to filter services not globally (svhost) but filtering services one by one like windows firewall do ? I use both firewall only because of that, if one day i can desactivate totally windows firewall it could be cool …
I use comodo for everything, allow svhost on comodo and block the services one by one on firewall and its not really secure because i can delete a windows firewall rule in litterally 5 lines of autoit script 
No and I think there is a wish request for this to be added, it is up to Comodo if they will implement it or not.
Is there a place where users can vote for this feature to be added to CIS?
I would like to have that feature as well!
Thanks.
Top of the Topic screen next to Reply - Add Poll
Asking OP first.
Would you create a New Poll for this feature to be added to CIS?
I think more users are interested in having this.
i added the poll on the top of this topic ! This is really my #1 missing feature on comodo firewall since i downloaded it haha
You have my vote. 
Like I said a wish was already created for this, just need to use search, thus merged with existing wish topic.
Oh yes sorry for the double post then and thanks you for merging it ^^ for me this features is like essential, i have to allow svhost globally just because some services are essentials and all the rest like xbox features and even some 3rd party services can be created by programs and run on svhost, but they are allowed because you have no choice to block them separated from others services … so i use windows firewall to block services individually (i use windows firewall only for it lol)
A very good argument for having it in Comodo Firewall indeed (not having to use Windows Firewall).
I never could block individual running services with Comodo Firewall and blocking svchost as a whole is not an option as this would affect other essential windows functions in a negative way.
Please all vote for having this feature implemented!
1. What actually happened or you saw:
CIS currently does not allow one to create rules to allow/block individual Windows services. Instead, it only allows one to allow/block svchost.exe, which allows/blocks ALL services running on svchost instances. (of course CIS allows one to allow/block services which run on a dedicated process, by creating a rule to allow/block said process)
2. What you wanted to happen or see:
When creating an Application Rule, the Browse button’s menu could have an item titled “Windows services”. This would open a window with a list of all Windows services and allow the user to make one selection.
Then, if the selected service shares an svchost instance with another service(s), this(these) other service(s) would be automatically selected together, possibly displaying a warning to the user that these services will be allowed/blocked together. The rule then created will target that specific svchost instance.
If the service selected by the user does not run on svchost (runs on a dedicated process), the rule then created will target its process just like a normal Application Rule created for that process. Or the design decision could be to not display at all services of this type in this window, listing only services running on svchost.
3. Why you think it is desirable:
This feature is useful for those who configure CIS with restrictive firewall policies, denying everything incoming and outgoing by default.
Currently, when it is necessary to temporarily allow outgoing access to a specific service, for example BITS (Background Intelligent Transfer Service), the only way is to allow svchost through, causing all other services running on svchost to be also allowed through, which poses a privacy concern in the presence of data-collecting third-party services which may happen to also use svchost.
4. Any other information:
Too sad that this great feature doesn’t get the attention and votes it deserves.
Seemingly there is a wish and demand for this feature, so people start voting please!
I didn’t notice there was already this topic before posting a new one.
Anyway, by the previous posts, the concerns raised about users blocking in the FW vital services, such as DNS and DHCP client, are easy to solve: just keep allowing svchost.exe by default, like CIS does today. Only if the user wishes, he can create the rules for the specific services like I described in my post above (instead of having to resort to Windows Firewall for that). The layman user could go on totally unaware this feature exists.
BTW, it’s trivial for CIS (or any software, for that matter) to find the services associated with a particular svchost instance. Process Explorer can show that.
we can create rules, but it is necessary to add command line to prevent unauthorized access…
Hi Liosant,
That sounds very interesting!
Can you tell us more about it?
If we need to add certain command line to enable this feature that would be an excellent solution for all users.
Expert users can enable the feature by command line while novice users use CIS as is.
Script Analysis or command line: function only in auto containment and HIPS;
What we can do for now, is to configure queued applications. For example, configure all applications in firewall for ask requests ports… (this should not be done on a shared computer)…
sorry my english!
Yes, my vote, too.
Yes, my vote, too.
bump
Hi All,
We have reported this wish to the team.
We will keep you posted.
Thanks
C.O.M.O.D.O RT