sygate convert.. couple quick observations :)

Hi all.

Finally got round to doing a a system reinstall and rather than put Sygate Pro back on i thought i give Comodo a try… Being a big fan of Sygate i am hard to please when i come to trying out other firewalls… even though i know Sygate can nolonger really standup to all the new attack vectors.

anyway here a few quibbles so far…

Popup authorisation window

An application tries to get onto the net and the window pops up to allow/deny, the app
tries again a few times whilst the user is reading the security popup… so now it says 1 of 6,
if you scroll through all six they are identical internet access from said program.

So would be nice if Comodo was a little more intelligent and not show these duplicate internet access from a given program.

Saying that if i tick the first request… then move to the next duplicate (request) this is not ticked, also during the process another program tries to connect so we end up in a state where 1 to 6 is program 1, 7 to 10 is program 2 and finally 11 to 20 is program 1… does seem a little over kill and not well organised.

Possible bug

This one is an odd one… let say i’ve open a zip file and extract a file. close winzip, then go and double click on extract file which launches a program that accesses the internet… Comodo thinks its winzip that as launched the application rather than Explorer.

This happens if you do it fairly quickly.

What ports are open and by which app

One thing i love about Sygate is its main screen… it tells me straight away what apps are listen and two which ports so i can quickly and easily spot any rouge files. Its a nicer way than having to look at Netstat -nab. Also the App are show with full paths so u can usually tell if its dodgy or now.

Also means you can quickly right click on that app and set it to either allow/block/ask.

Not that keen on Comodo Connection tab… does really do the above so well…

I would dearly love to see a network activity screen where each APP is show and a + next to them so you can expand that app and see a fully break down of it connections. but whilst closed you get and overview of bandwidth in/out.

Apps like IE, MSN, Torrents etc just flood the log screen at the moment making the info useless.

Comodo Gui.

Main window needs to be able to be expanded, all column should allow sorting.

crash

Whilst cleaning (deleting) some of the APP rules, Comodo crashed and closed down… message was very generic (i’ve crash… closing down…)

Im sure as i find more to comment but just wanted to get the above out there for now… likely the above are all well known and are on the TODO list for a forth coming version, will be nice to hear some feedback.

I am tempted back to Sygate i just like the way it presents its info but i will give this a go to let it bed in properly.

cheers all.

Kaz.

Welcome, kaz!

I’ll try to respond to each item in turn.

  1. Popups. You can modify this - Security/Advanced/Miscellaneous - it allows you to specify the # of alerts, and how long they remain. This happens because the application is not allowed until you click allow, so it continues to try to gain access over & over until the user responds. Thus, CFP creates popups per the specifications, until the user responds.

  2. Closed program “accessing” internet. This relates to Application Behavior Analysis. It is apparently possible (per the dev team) for a malware to create a command to call an application at a future time. Thus, CFP monitors inter-application communications, where these things cross over internally. It seems that such things stay in the computer’s memory for some time after the relevant app is closed. The rule of thumb typically is, if you recognize/trust the application(s) in question, it is safe to allow (without choosing “remember” it’s for that session only); if you deny it will be blocked for that session (restarting the currently-connected internet application may resolve it; sometimes a reboot is needed). There has been a lot of stink about this, because users don’t know as much about how it all works, as the dev team does; this “noise” will be greatly reduced in version 3.

  3. Connections tab used to have a “close” button where you could click an entry and terminate it. It will return in v3, I believe, along with some changes to the way it monitors listening connections.

    Also the App are show with full paths so u can usually tell if its dodgy or now. Also means you can quickly right click on that app and set it to either allow/block/ask.
    With CFP, it’s only connecting if you’ve given it permission to do so (this is especially true if you go to Security/Advanced/Misc and uncheck the box, “Do not show alerts for applications certified by Comodo”; the downside to that is that you’ll see a lot more alerts than you probably want to, based on item #2 above).
    I would dearly love to see a network activity screen where each APP is show and a + next to them so you can expand that app and see a fully break down of it connections. but whilst closed you get and overview of bandwidth in/out.
    It’s in the WishList.
    Apps like IE, MSN, Torrents etc just flood the log screen at the moment making the info useless.
    Well, yes; the default rules are not designed with the p2p user in mind; see the FAQs for p2p tutorials wherein you will learn how to create Network Monitor rules to tone down those related log entries.

  4. GUI resizing. It’s in the WishList.

  5. I haven’t seen it crash before, so I don’t have personal experience there. Doesn’t sound very informative, though. Have you checked Windows Event Viewer for any additional info?

I highly recommend browsing thru the FAQ section, starting with this one: https://forums.comodo.com/index.php/topic,6167.0.html; it’s a compilation of a number posts about common situations/applications, to help the user better understand and use CFP. It’s locked to keep it clean and simple, easy to read. Each individual topic within has an embedded link next to the author’s name; the link will take you to the original thread, where you can read further, and ask any questions you may need.

I think that the more you learn about CFP, the more you use it and get used to it, the more confidence you will gain in its capabilities, and the less you will be “tempted” to return to what was once a leader in personal firewalls. There is a reason that Matousec (a completely independent security group that does detailed firewall testing) rates CFP as #1 against leaktests, and #2 overall (2nd only to Kaspersky Internet Security); once v3 comes out with an integrated HIPS, it should be at the very top…

Once again, welcome to the forums (:WAV)

LM

Leaktest:

http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
(Based on 2.4.16.174)

Best overall:

http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php
(Based on 2.3.6.81)

https://forums.comodo.com/index.php/topic,7226.0.html
http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php

Have you ever used currports or tcpview. I’ve used currports for some time and it gives a reasonable amount of info and a lot easier to read then netstat.
One little annoyance is that sometimes when I’ve had currports running in the taskbar and I open the browser cpf will give an alert that currports is trying to hijack the browser. Happened with utorrent too

This relates to item #2 in my response to kazgor. That’s about the easiest way I know to try to explain it; if I go into more detail, I’ll confuse myself, LOL. :wink:

LM

ta for the replies…

I do accept that Comodo is maturing and infact this is really why i’ve bitten the bullet and decided to go with Comodo.

do think #2 though could get annoying though, i can live with it for now.

@Sullo, i actually use TCPVIEW, very useful program

I do think Comodo need something like it so you can see exactly what programs are listening/connected quickly. i just can’t do that with confidence compared to Sygate.

cheers

It did do this (or very similar) with version 2.3; when they migrated to 2.4, for some reason unknown to the users (or at least, to me) they changed the way it monitored and reported such things. The development team has assured us that it will return, along with a “Close” button to be able to immediately terminate the connection. Whether it will do any IP/Name resolution, I do not know.

LM