training: 'custom' rule type

I’ve been using comodo for a couple of months on a new laptop.
Pretty much everything in comodo is on default settings.
I left the firewall in training mode until I got all my software installed, and then switched to ‘safe’.

I took at look at the network policy tonight and noticed that all the rules that were made during ‘training’ are:

allow IP out | from IP any | to IP any | where protocol is any

a few programs also have:

allow IP in | from IP any | to IP any | where protocol is any

Having both these is basically the same as ‘do whatever you want’ isn’t it?
Is there any difference between these rules and the ‘trusted application’ predefined rule?

I’ve used @guard and outpost software firewalls before, and both would not do this during ‘training’. They would create more finely grained rules based on specific ports or port-ranges, direction and protocols. The ‘allow all’ rules would be seen as an unsafe way to use a software firewall.

I just wanted to get an opinion on this. Should I delete all those training rules and start again, but this time in safe mode, so that I can write the rules manually? Or is Comodo following a safe enough practise, balanced between security and ease-of-use?

Note that I did the same with Defense+. It was in training mode for a month, and is now in safe mode. I tried ‘clean PC’ mode, but hated the ‘my pending files’ thing. Is the security policy is safe if it was created by the training mode?

Finally, every two hours or so, I lose my internet connection and ‘repairing’ displays a DNS error message. I have to switch my router & cable modem off for 15 seconds, and may have to do this two or three times, before I get back online. I think my either the wifi router or laptop is finding it difficult to get/renew/maintain an IP by DCHP. I haven’t had time to research it yet, but could Comodo be blocking DCHP data? Unfortunately I got my new laptop, Vista, wifi router and Comodo all at the same time, so it is quite hard to determine where to start looking for the problem.



  1. this is beacouse you have alert setting to low… click firewall > advanced > firewall behavior setting > Alert setting.
    Take this to high or very high if you want extremely specified rules!

  2. Rules created in training will still be there and safe will take those in consideration, hovever applications that was on your computer before that didn’t yet has a rule will be intercepted according to safemode policy…

  3. If you are running wireless make sure that the computer is not to far from the connection point… comodo sould not be the problem…