Suggestions for future version(s) AIO

03.12.2008 *13.1, +17.1
01.12.2008 +1.3, +13.1, +14.1, +15.1, +16.1

1 Themes / Skins / Tray

[b][i]1.1[/i][/b] Add different tray icons for different program components state or levels, ....

[b][i]1.2[/i][/b] Add more themes. At least add posibility to set theme to current OS or for slower PCs
to Windows Classic theme.

[b][i]1.3[/i][/b] Add ability to disable CAV through tray menu.

Update: Part of this has been resolved thanks to us, users. But still there's no way to make
bigger themes change at all. There's possibility to change colors etc. But still we need
change functionality of program to change e.g. tray icon picture based on status, so then
it's possible to change things so it will work. Also make it posible to make some bigger
changes to menu looks etc. Some skins changes to make more options in changing GUI at all.
Also if theme should copy OS style there's need to make some changes in program itself.

2 Log View

[b][i]2.1[/i][/b] Possibility to turn on autorefresh.

[b][i]2.2[/i][/b] Show more detailed informations in log views. For example in D+ log file show registry
keys, action, file/folder. Just to be able reproduce same informations from log file like we can
from Alert Window. Not less.

3 Alert windows

[b][i]3.1[/i][/b] Save positions of windows so it will be placed allways is the same position. I mean also
after new program start. And also add possibility to center windows on desktop.

[b][i]3.2[/i][/b] Remove possibility to Fewer/More Options, Allow this request, Block this request,
Treat this application as, Remember my answers and Cancel button. Add only text
Treat this application as. Just add combobox with this choices:
	Custom (Default selection for alert window)
	Allow all activities / Trusted application
	Block all activities / Blocked application
	<Predefined Rules>
Custom means selected rules, IP, Port, ... Add buttons Allow Once, Block Once (left side
of window), OK (right side). And sure, OK means remember.

[b][i]3.3[/i][/b] Possibility to hide Security Consctonsiderations. Or possibility to set it to simple view
where only some important informations will be. For example specific key in registry or
something like this, not irelevant info for advanced users. Something like we can view in D+
log. Not long explanation but just e.g.:
	Action/Target: Access Memory C:\Program Files\...

[b][i]3.4[/i][/b] Add possibility to set more settings not like this. Because now it's impossible to change
for example IP address from alert. I need to open Comodo and navigate through a lot of
menus to change this, while a lot of other Alert windows can show up. I think good solution
will be to add to Alert windows shortcut to window Network Control Rule where all settings
from alert will be filled. Then I will be returned to alert, or maybe alert can disappear. Just
make this 2 windows connected in functionality. The same I mean also for D+.

[b][i]3.5[/i][/b] Possibility to copy IP to clipboard. Maybe add configurable link for IP whois check.

If there's opinion that make it like this is not secure for basic user, then please make setting
of User Level: Basic/Advanced. Why should some advanced user pay time with difficult 
reactions on alerts? I think it's better to have software to be fine for all kind of users, not
just for the majority.

4 Network Security Policy/Computer Security Policy

[b][i]4.1[/i][/b] Remeber setting Expand/Collapse All.

[b][i]4.2[/i][/b] Add possibility to show only application name/disable show path of application. Or add
possibility to add Description, so only this will be shown and path will be saved separately
in rule. Or just possibility to show "friendly" application name. I mean something like
COMODO Internet security instead of things like C:\Windows\System32\spoolsv.exe. Just
make some description for standard well knows applications and add ability to change paths
to friendly names.

[i][b]4.3[/b][/i] Possibility to refresh list. Or automatic refresh if there's change from Alert window.

[b][i]4.4[/i][/b] Make rules for well know applications. Not to make rules for things we know. 

[b][i]4.5[/i][/b] Add possibility to sort columns based on click of column header, Asc/Dsc. And remeber
this setting. Also add ability to seach application. I know you can use search just by writing
name. But this doesn't work right because of names with path. So please try to consider
to use ideas from [b][i]4.2[/i][/b]. Or just use better search algorithm, not just search from the start
of path.

[b][i]4.6[/i][/b] Show rules that are from some predefined rule in different color. It works but only
partially. E.g. I have defined rule DNS lookup. So first request of any application is
on Port 53, so I use my rule to enable DNS for application. Till now it works. It's gray color
in list. But after I add new rule, as it changes (from Treat as my custom rule) the color is
gone. So make it allways colored even if there are more rules in application. Maybe add some
relative settings. Just when I'll like to change my custom rule, to make it possible that all
rules containing it will be changed. Now this works only for rules where status is Treat as our
custom rule. Make some kind of possibility to derive rules. If this is just too hard
to implement, please just make this rule(s) in separated color.

5 Notify Alert windows

[b][i]5.1[/i][/b] Add ability to notify user about "firing" specified rule. I mean as there's log event, add
here to notify via small tray alert window or something similar to Defense+ is learning.

[b][i]5.2[/i][/b] Add ability to specify that notify tray window will dissapear upon manual close only. Not
only by time specified. Also add some ability like Alert Windows got. I mean queue windows
to prevent overdrawing or clicking other windows like user want. Maybe add queue but also
possibility to specify number of windows displayed at once. Draw them one above another
and use on queue some kind of pick+fall+bring next effect.

6 Task Scheduler

[b][i]6.1[/i][/b] Add task scheduler for automated actions, that doesn't need user intervention.
As suggested for example make automatic actions for My Pending Files to
Purge -> Lookup -> Submit of files. Maybe add also command line arguments to make it 
possible to made this in Windows Task Scheduler e.g. cmdagent.exe /purge /lookup /submit. 
[b]Note:[/b] There's possibility to avoid this while D+ is in Safe Mode. But still there should be
universal solution for all users. So who use this should have possibility to make it easier way.

7 Custom address ranges

[b][i]7.1[/i][/b] Add ability to specify custom adress ranges. They could be stored in some specific file
format e.g. xml/ini. Format example: 
	[custom list name], IP1, IP2, startIP3-endIP3
	[DNS Lookup],,
	[America Online], -
	[My Blocked #1], -,
Or ability to specify it in GUI. But still file variant is much more portable so I think if there'll be
(sometimes) GUI version, still there's need file version. This list can be then used in IP rules
specifications. We can also add rules for our DNS lookup hosts or whatever. Then we can
easy use this in rules. And also in log files view IP ddresses as Custom Name and direct
IP adresses. Or add choice to toggle between Custom Name IP view, direct IP adresses and
mixed view(Custom Name + direct IP addresses) in log files.
[b]Update:[/b] Thanks to [b]exproff[/b] for explanation how to specify custom address ranges via GUI.
But there's still wish for log view change and Import/Export to/from file change.

8 Import/Export

[b][i]8.1[/i][/b] Add possibility to Export/Import rules to readeable format. Some kind of text/ini file to be
possible to share settings with other users. Because a lot of us has more then 1 PC and then
it's impossible to get just rules settings to another PC. Just to make it easier for us.

[b][i]8.2[/i][/b] Add possibility to make separated export/import for CFP and D+. It's important to have
more possibilities in import/export because of use of our created rules between more
systems. Not to waste time with repeating of things we've done before.

[b][i]8.3[/i][/b] Made more sophisticated Import/Export. I mean add ability to Import/Export to/from
xml/ini file. Also made possibility to choose what parts of settings will be exported/imported.
For example have possibility to select only My Network Zones, .... But at least possibility 
to select text format of files. Then it'll be possible to select whatever part user need. 

9 Blocked Files/Folders

[b][i]9.1[/i][/b] Add section Blocked Files/Folders to Process Access Rights to be able to set apllication
to deny all access to specified Files/Folders. Maybe combine functionalities of Protected Files
and Blocked Files with ability to set specified Files and Folders rights to: create/modify/read.
Not to be forced to do separate actions fot almost similar things. Also made this 
in D+ -> Common Tasks.  

10 Configuration

[b][i]10.1[/i][/b] Have separated configurations for D+ and CFP.

11 Active Connections

[b][i]11.1[/i][/b] Add ability to view direct IP address for listening ports to be able to see diference for
loopback, external IP or maybe when using more network adapters.

12 Keyboard shortcuts

[b][i]12.1[/i][/b] Make keyboard shortcuts for standard actions like Allow/Block/Remember
on Alert Windows. Just to make responses faster and easier.

13 Installation

[b][i]13.1[/i][/b] Add command line parameters to installation package to be able to select customized 
settings, e.g.: 
	/s	- silent install
	/dir=<path>	- install path
	/forcerestart	- force restart after installation is complete
	/norestart	- don't restart after installation is complete
	/fw_install=<0/1>	- install FW option
	/dp_install=<0/1>	- install D+ option
	/av_install=<0/1>	- install AV option
	/fw_mode=<0-4>	- selected FW startup mode from 0 - Disabled to 4 - Block All Mode
	/dp_mode=<0-4>	- selected D+ startup mode from 0 - Disabled to 4 - Paranoid Mode
	/noicons	- don't install icon on desktop
	/notray	- don't use tray icon

14 Modify… Buttons

[b][i]14.1[/i][/b] In D+'s windows Access Rights and Protection Settings change color of Modify...
buttons to reflect if there's any entry in rule. Now it is only possible to know if there is any
entry by trying rules one by one. But it would be nice to see it on button's color e.g. green if
any entry is there.

15 Disable protection temporarily

[b][i]15.1[/i][/b] Add ability to disable CAV/CFP/D+ temporarily for specified period of time. Make it some
kind of Installation Mode way. Sometimes  it's needed to disable security for some short time.
But as we forget we want be sure that this action will take just some time and then security
will be just right back.

16 AV signature file version

[b][i]16.1[/i][/b] Add also numbered versioning to signature files alongside of date version. Also add this
version to Comodo's web page to be able to check if the version is actual.

17 Multilanguage support

[b][i]17.1[/i][/b] Add possibility to change language of application. Maybe add some tool so users will be
able to set language on their own. Or use some ini file with words translations to be able
to edit it this way. 

Maybe change of main window. It just take much time to find and click to specific setting. Just
use some basic settings tree or something like that. Maybe make CFP and D+ settings together
in one window. Not need to navigate in menus. I think basic idea is that whether CFP or D+
setting is based on application. So why to have it in different menus. Just some kind like
Outpost Firewall has.

Please write your own suggestions as reply. I will try to update this main list in my free
time to make it easier to view all suggestions without need to navigate a lot. Also if
I misunderstood someone’s suggestion or my suggestion doesn’t cover it, please let
me know. I’ll change it to cover suggestion + try to make it usefull more universal. I’m
not perfect, but I’m opened to opinions.

[b]Credits go to:
-:Viper:- (12.1), bitmap (1.2), blatug (14.1), DarkButterfly (7.1), distance (9.1),
exproff (5.2), Fake vegeta (4.5), jim28277 (16.1), J-Pro (5.2),
L.A.R. Grizzly (1.3, 15.1), phallos (skins), poutnik (11.1), pszwarc (17.1),
ruudboek (13.1), sgrimsle (6.1), sovereignty68 (2.2), T1M (8.2), and many others…

Thank you all![/b]

Here’s my new feature request:

I am trying to automate as many of my routine tasks as I can (defrag, backup, antivirus/antispyware scans, etc.). One fairly time-consuming task that I am still having to do manually is open the “files waiting for your review” list in Comodo Firewall, “purge” the list of files that no longer exist on my system, “lookup” the remaining files online, then “submit” the unknown files to Comodo. I would love either a scheduler in the firewall so that I could have Comodo perform part or all of the purge/lookup/submit process automatically at night, or a command-line option so that I can add an entry to the Windows Task Scheduler to do it (something like cmdagent.exe /purge /lookup /submit).


I agree with all your suggestions. (:CLP)

Now my already known suggestion, which disappeared, when the wishlist thread for CFP was eliminated.

1 - At this stage, we only can block IPs, domains, etc., 1 by 1. It would be nice to be able to import block lists.

Comodo would have to figure out a standard format for this block lists. For example, lets suppose I want to block a range of IPs.

The blocklist could be like: [name of the block list], -
Then if any IP of that range is blocked, CFP would place on the log the name of the block list, so that we would know that the blocked IP belongs to that list.

All blocklists should be placed to a XML file, rather than to the Windows registry.

#7.1 - You can do it (“specify custom adress ranges”) via My Network Zones.

Then again, you can only do it adding 1 by 1.

What we expect to be achieved is that a future version allows to import and export blocklists, directly to the blocked network zones, with a standard format such as the one I gave example. A good explanation is #7.1, which tor345 gave example. :-TU

It would be insane to maintain huge blocklists manually, don’t you agree? And my point of view is, if there is such an offer as the hability of blocking IPs, etc., then why not improve it? (:NRD)

About importing Network Zones - I agree. It is too big work to add addreses one by one. Such improvement I write before in my “wishes” =)
But It isn’t far times, when I will write my own “Zones Import” for CIS =)
There is nothing impossible to add some keys to Windows Registry =)

Thank you if you’ll do that. But still I think it’s major issue. This will
solve My Network Zones export/import. But I think there should be major change
and add possibility to make stronger export/import capabilities. Like we
suggested in points 7.1 and 8. Something that will cover all part of settings,
not only one.

And IMHO using registry isn’t good way. I just don’t like registry. There’s
more problems with them than profit. It’s just thing started with some kind of
good idea but not finalized. But this is for another forum ;).

As I mentioned in my first post, all blocklists should remain in the txt file, which CFP could check against, or automatically import them to a XML file. No registry!

I think that exproff thought about solution when import will read xml/ini file
and write this information to windows registry so that CIS will be able to use
them this way. I just don’t think we need registry. Probably for security reason
also Outpost Firewall disabled pure text format of settings. Probably because of
that viruses, worms, … could be able to change this format. But IMHO there was
problem that they used this file allways for reading settings to runtime.
I think this can be separated. Then everybody can be satisfied. Users and also
security part. So my Idea is that settings can stay in Comodo’s own format. But
we should be able to export/import settings from/to pure txt format. This
settings will be transformed to/from Comodo’s own format for/from runtime. Then
we have separated file with settings in runtime but also possibility to add/port
settings from/to Comodo in portable text format.

That woud work even better. :slight_smile:

One more suggestion that I made previously somewhere. Don’t recall where! :smiley:

The option to also download blocklists from the internet and automatically export them to Comodo format, such as:

Hmmm… COMODO keeps all setting and Rules in Win Registry. Is this good or bad - I cann’t surely tell.
So for now only way to Import/Export is via Configuration Manager of COMODO.
My suggestion (I think COMODO will keep Rules in Registry in new releases) is write a program that will be able to write/read keys from Registry and write/read to file. With some GUI for selecting =)

It would be bad for the registry as it would bloat it.

I considered to create a batch file for that, but, well, I am not that great at batch files… only simple ones! :slight_smile:

Batch file is a bad idea because of wishing to have selective Import/Export.
And for now WinRegistry is best protected storage. But we pay a big price - speed of writing/reading keys by COMODO + size of Registry.

Anyway, I don’t think it will be part of Comodo firewall any time soon that feature. I had mentioned it the CFP wishlist thread, which no longer exists, and never came to be part of CFP. At the meantime, 2 new versions came out (CIS)… I think, that, if Comodo wanted so, they would have had the time for that, no?

Do you mean some specific list used as example? Or you mean just add possibility
to do some conversion of list from internet and then import to comodo as block
list? Something like Opera’s Fraud Protection? Or Outpost Firewall Blocklist?
Just because I think it’s just too customized. Or you mean that comodo should
have own list of blocked sites? The main thing is to make import/export more
similar. Then there’ll be maybe need to add some conversions from Internet based
list formats. I just think that conversions should be external, not internal
part of Comodo itself. Please just give more accurate explanation, if you mean
som specific situation. From where to download list? One list or more list
formats? …

So as far as I can see all the settings we need are stored in registry:
HKLM\SYSTEM\Software\Comodo\Firewall Pro\Configurations.… . So as also
standard Comodo’s export/import is based on export/import from/to registry
there’s need just add possibility to make it in pure text format alongside
Comodo’s format. And add some GUI to make selections of export/import

Registry in Settings:
I think that a lot of software producers are going to portability. It’s just
trend of this days. More PCs, moving from 1 at work to one at home. And need
to keep everything synchronized and with the same settings, … Also is well
known that work with registry is slow. And lot of developers try to remove their
runtime performance settings out of the registry. I understand that registry
are more “secure”. But what it worth? Performance. Maybe in some future it’s
better to make own settings, own format for faster runtime and make security
on our own. Somebody can say more work for something that is already done by
Windows itself. But as a lot of us can cay a lot of things in Windows is just
better to left alone and make things by ourself. It’s just faster, without
bugs, just better.

Thank you for accepting my suggestion into your wishlist.

The reason I suggested that more detail information should be provided on alert window/popup because I’ve encountered a lot of portable storages (usb HDD, flash drive), that is infected with autorun trojan. if the trojan is a new variant and antivirus has failed to detect it, then Comodo defense+ can provide user a good detail information on alert window what has been blocked. That way, the user can learn the portable storage is infected and take proper action to cleanup the trojan. Spybot’s teatimer has a very good example of alert window. It tells me a which registry is about to be deleted, modified, or added.

Conversion of lists, yes. Let’s image, that if Comodo ever does it, their standard format (of blocklist) will be something like:

[domain], -
[domain], - (ip range)
[domain], (xx - netblock)

Then we want to use already done lists, either by applying them locally or through the Internet, such like the one I mentioned. blocklist goes like: - xx name (to whom the IP range belongs to)

Well, why not be able to convert such list to the the format:

[domain/name of IP range], -

And for example, this block list here Enterprise Cybersecurity Solutions, Services & Training | Proofpoint US , which 2 of the blocking formats are

Why not, also, convernt to the standard Comodo format?

You are welcome. This list is for everybody. I just started with few of my
suggestions. And then I’m trying to add also others to make it more complete.

Yes you’re absolutely right. In logs have to be as much important informations
as it’s possible. We have to able to reproduce exact error state. For example
we are out of PC and Alert window is there for maximum 999 seconds. Then it just
disapear. No info for user. I mean relevant info needed for exact state
reproduction. I know that Firewall/Defense+ will disable this request. But still
we should know what was happend. Because sometimes it’s hard to discover some
hidden things. And this could really help.