"System" too broad

I’m running Comodo Firewall 6.3.302093 on Windows 7 x64, Firewall is set to “Custom Rules” & Alert Frequency to “Very High”. I am finding the “System” classification too broad.

For example, in previous versions on a fresh install “ping” came up as a unique application, but now it’s lumped into the “System” group. Hence I can’t give “ping” “Allowed Application” status while leaving other Windows OS apps as untrusted.

How can I get rid of the “System” group or at least reduce it’s scope?

I’m not sure this is possible in V6.X, I too think “System” is too broad.

Good Day PurpleDuck

You may add %windir%\System32\PING.EXE as a rule and make sure its near the top of the list; This will make sure Ping.exe is allowed through the firewall as long as it’s rules that you set are enabling it to do so.

Also, you may edit file groups by going to CIS > Tasks > Advanced Tasks > Open Advance Settings > Security Settings > Defense+ > HIPS > Protected Objects > Click the Expand Arrow on the bottom > Groups > “Windows System Applications”
You than can edit/modify/create your own Application group

Hope this Helps

Thanks…Jake

Hi Jake,
Thanks for your reply.

I guess I didn’t word my question very well. My intention was to use the “ping” application as an example of the problem. My problem being that the popup alert dialog in Comodo 6.3 now says “System” for everything in the Windows directory instead of naming the application. I used “Ping” because it demonstrated the problem.

Version 5.12 of Comodo would name the Windows app that was requesting network access rather than just classifying everything as “System”. To my mind, if there’s no solution then 6.3 is unusable because it doesn’t allow fine grained permission control of specific system applications via the popup alert.

So I’d be grateful if anyone knows how to stop 6.3 from using the “System” classification and instead name the application.

Cheers,
Richard.

Hey Richard;

No problem, I’m sorry that I misunderstood;

You may again edit “System” via File Groups showing in my previous post, Edit the files that you want to be fit under that category
In the File Groups You can Remove Default Groups and than have complete control;

Fair warning though, if under paranoid and you remove a VITAL System file from D+ Rules than your system may be crippled

Hope this helps

Jake

[attachment deleted by admin]

Hi Jake,
Thanks again for taking the time to reply.

FWIW, I actually deleted the “System” item shown in your second capture. Nothing changed. Was this the wrong thing to do?

So to be clear, although I’d deleted “System”, when I try using “Ping” (just as an example) the popup alert says “System is trying to access 123.123.123.123; Allow; Block; etc”. What I expected was the popup would say “ping.exe is trying to access 123.123.123.123; Allow; Block; etc”. Again, I’m just using “Ping” as an example as I would like all applications to be individually named and have individual permission instead of being called “System” and belonging to the “System” set of permissions.

In addition to this wish (which was what the older Comodo does), I expect to be able to use the popup alert to assign permissions to applications rather than having to use the File Groups to list applications in advance.

Perhaps I should also mention I have HIPS+ disabled. Not sure if this makes any difference to the Firewall.

I guess I may simply have to revert to the old version. Shame, it seems a backward step.

Cheers,
Richard.

The reason nothing changed is because Jacob is wrong here, normally you can edit the contents of the groups, for example you were able to remove “System” from “Windows System Applications” however the issue is that the “System” is in it-self a group however not a group like the rest, in the File Groups “System” is seen as an application while the actual contents of “System” seems to be hard-coded into CIS which means it is impossible to edit what “System” contains without editing the executable(s).

Sorry for misunderstanding; This does seem to be a bug.
Sanya is correct; “System” is hard coded as I remove System and put CIS on Custom policy mode with high alert and tried to ping google.com and it was viewed as “System” and not ping.exe

This is the way it works UNLESS You have created a specific rule for ping.exe and moved it to the top of the list.

If you put All Applications with an Ask In/Out rule just before System you’ll get notification all the time for system (this should not happen) & apps that are not added to the rules.

Jake

Sanya & Jake,
Thank-you both for taking the time to help with this problem.

My final solution has been to switch back to Comodo 5.12. In this version, “System” and much more limited in scope. “Ping” for example shows up as a separate application rather than being thrown in the “System” group. I hope Comodo restore this behaviour in future versions.

Cheers,
Richard.

Could you add this a wish in Wishlist - CIS? That way it will be seen by Comodo. In this board your idea will more than likely go unnoticed.