User Controls Not Powerful Enough!!

The user controls available per application are not adequate for the amount of power available with the most advanced features of CIS.

It simply takes too much time to tune a computer.

I don’t know how anybody else feels, but I don’t think this product is usable enough to take full advantage of the features, without wasting massive amounts of time.

I feel particularly strong about the firewall, because it could be made a lot easier to use the advanced features. I do not, however, have the time to sit and hit okay 100 times for a single application. I don’t want it to be able to communicate to any other IP addresses on any other ports, there are lets say 100 different sockets it should be allowed to use… but it is the only application I even to auto train… so enabling training mode isn’t really an option.

I just don’t know, maybe it is time to find another security program.

Which version are you using? are you using the default settings? You need 5 minutes and a reboot to configure it.

If you’re uncertain about how to configure something, the best thing is to ask specific questions in the appropriate forum.

(edit: Oh and the version is the latest according to the top sticky)

I wasn’t asking a question, clearly. I know how to use the program just fine, it just takes far too much time, ergo the controls are not powerful enough. The controls for a powerful program ought to be able to condense the time for complex use.

I do know what I am doing, and when I say 5 minutes doesn’t give adequate time to configure Comodo… I know from experience of countless installations after a nice clean format. For that matter, technically you don’t even need to reboot in order to enact updates though rebooting certainly is more user friendly. It got to be such a problem going through and ensuring all the proper options were enabled that I started exporting and using the exports as backups which never helped with applications themselves. Most recently I’ve decided it takes so much time that I would make a cloned image and just reimage the hdd from now on. Which has reduced the time, but I try new applications out frequently.

I would like to run it in an analysis type mode in sandbox likely, and then view all the programs actions in a report of some sort. Not sit and read each of the few dozen dialogue windows that for whatever reason take a few seconds in between popup windows; probably just to ensure I take longer, I guess. That analysis report is just for starters, however suggestions fall upon deaf ears 85% of the time; 67.3% of statistics are made up on the spot to prove a point, just thought I’d mention that fun fact. This time I thought I’d give outright feedback, and negative feedback at that. It makes me feel better, on the inside.

It got to be such a problem going through and ensuring all the proper options were enabled that I started exporting and using the exports as backups which never helped with applications themselves.

When you export a configuration it exports everything that has been configured, up to the point of the export. When you import and then activate a configuration, the existing settings in CIS are overwritten with those from the import and thus place CIS in a state consistent with that of the exported machine.

Most recently I've decided it takes so much time that I would make a cloned image and just reimage the hdd from now on. Which has reduced the time, but I try new applications out frequently.

As noted above, if you’re using the export/import function correctly, there’s no need for any additional configuration, unless you wish to add something new, such as a new application.

I would like to run it in an analysis type mode in sandbox likely, and then view all the programs actions in a report of some sort

That would be a very interesting option, for pure analysis, however, if the application is to be employed, rules would still need to be created. Therefore, a process for taking the information in the analysis and making it functional would be needed. If this process is simply reading the report then manually acting upon the information contained therein, then I see no benefit.

Not sit and read each of the few dozen dialogue windows that for whatever reason take a few seconds in between popup windows; probably just to ensure I take longer, I guess.

Unfortunately, processes don’t make every connection, they may ever wish to make, the first time they’re run. To some extent it will depend on the process being run and the context under which it is being run that will dictate the number and the nature of the alerts generated.

In some ways I can see how having CIS anticipate all the possible interactions an application might make and thus creating all the necessary rules, the first time it’s run, would be very useful. Unfortunately, unless the system in question remained completely static, and even then, it would be an nearly impossible task.

Even though you’ve posted in the Wishlist I’d suggest you create another post outlining your ideas in as much detail as possible. Doing so may well lead to some active debate and perhaps even inclusion in the product at a later stage.

maybe this is something you would like

Yea that is pretty cool, I will definitely join the discussion.

Sorry you misunderstood me, and for good reason I suppose. It is entirely redundant to just keep reusing the same application configs after a wipe, it takes away half the reason for the reformat. I reformat not just to get rid of data which is no longer needed or applications I no longer need, it also serves a very vital purpose. To get rid of any potential malware threat that has slipped by undetected and now has application rights. For instance a malware threat may be utilizing svchost and slipped by due to how used svchost is. Like I said, I do get tired of reading every box pop up.

Although I admit having the ability to individually export configs for applications would be nice. That way I could simply pick and choose which definitions I trust.

“That would be a very interesting option, for pure analysis, however, if the application is to be employed, rules would still need to be created. Therefore, a process for taking the information in the analysis and making it functional would be needed. If this process is simply reading the report then manually acting upon the information contained therein, then I see no benefit.”
When I think of an analysis mode for Comodo I think of a mode where it will just run and analyze what the program does then instead of giving individual dialogues just have one really dense dialogue. If I cared for mockups I might consider showing you what that might look like, I will go onto that thread and post it there though and maybe somebody will make a mockup.

“Unfortunately, processes don’t make every connection, they may ever wish to make, the first time they’re run. To some extent it will depend on the process being run and the context under which it is being run that will dictate the number and the nature of the alerts generated.” I know, torrent programs for starters. For many other programs they just tend to have a large network of servers they need to communicate with. With an analysis mode Comodo might be able to condense this to a subnet or IP range.

“In some ways I can see how having CIS anticipate all the possible interactions an application might make and thus creating all the necessary rules, the first time it’s run, would be very useful. Unfortunately, unless the system in question remained completely static, and even then, it would be an nearly impossible task.” Yea computers changes, updates are released blah blah. Such is the way of software. However having the ability to run analysis mode might as well be available whenever you want it. First run of an application is just the most obvious time to use it.

Anyways thanks for the cool thread.

The information stored in an exported configuration simply defines the rights a process running on the PC has, whether that’s a firewall rule that allows firefox to connect via HTTP on port 80, or a D+ rule that allows firefox to make use of the DNS client service. When you restore a configuration the rules defined will only be appropriate if the process in question is installed.

In the scenario you’ve painted, If you’ve reformatted, any ‘malware’ that may have been present should have been removed, therefore any rules that were present that specifically allowed the ‘malware’ access will be redundant. I would hope, however, that if you’re using the ‘advanced options’ in CIS to control, for example, firewall access, your rules would limit any connection attempts by potential malware.

Although I admit having the ability to individually export configs for applications would be nice. That way I could simply pick and choose which definitions I trust.

Unless I misunderstand, that’s exactly what the export/import function allows.

When I think of an analysis mode for Comodo I think of a mode where it will just run and analyze what the program does then instead of giving individual dialogues just have one really dense dialogue. If I cared for mockups I might consider showing you what that might look like, I will go onto that thread and post it there though and maybe somebody will make a mockup.

I’d be interested to see what you have in mind.

I know, torrent programs for starters. For many other programs they just tend to have a large network of servers they need to communicate with. With an analysis mode Comodo might be able to condense this to a subnet or IP range.

Indeed, p2p clients will can use a vast array of addresses, which unless you’ve defined appropriate rules, will potentially change every time a new upload/download starts. With regard to subnets, this may be possible in some circumstances, but virtually impossible in others.

As you may know, services that run in the context of the svchost process perform a great may tasks, quite a number of which require Internet access. One example of this, is for program updates and not just for Windows. A variety of other software vendors, such as Adobe, use BITS, which runs under svchost to update. I currently have 20 different address blocks defined for AKAMAI alone and another 15 for Certificate Authorities. The AKAMAI blocks have been found over time and even now new blocks are added, as reclaimed ipv4 address blocks are reallocated. It’s a moving target.

Yes not that it matters, the charrette forum addresses this situation and calls for modularized exporting/importing functions. So it doesn’t really matter, but it doesn’t work that way already.

The reason I don’t do that, is because I like things to be clean and tidy. I don’t want 50 unnecessary rule sets.

I disagree completely with the OP; you say you know what you’re doing but evidently you don’t for what you have written. The why I write this is simple: digitally signed programs are added without question and auto configured for outgoing only, others are asked and the dialog rate is really low, and you have this ‘remember my choice’ check-box, I don’t see a problem at all, I get away with defining my network zones apply ‘hide ports’ on them and then as a final rule I block all incoming traffic, this works in most if not all networked environments.

When the configuration is for a client I must install and run all apps. the client wants and allow them if CFW asks, this might be a down side of CFW, because if leave it at the user decision, generally it makes the wrong one and then I get called to fix it, but is not a problem actually. I’d like to CFW could detect user started installers, not auto-installers or installers called by an app., and when the installer finishes (MSI, Nullsoft or Inno would notify Windows) then CFW could auto-config the app. with the according rule.

I consider your argument invalid on the basis of this

I want more features so that I might be able to EASILY analyze data and determine if there might be a virus. I like Paranoid mode, and I prefer to see security events per socket not per application.

Had I of known I had been so terribly insulted I would have bothered to return… I just ignored the last update I received in my email. Sir, you are wrong.

No sir, you’re wrong in your proceedings: you say you like Paranoid Mode and then you complain that you have to click 100 times something and then you have the audacity to tell me that I’m wrong when I clearly point out to you how you have to do it right; is obvious you haven’t even thought how wrong is your behavior before coming here to complain.

About the infection strategies, you’re writing out of ignorance again, if that knowledge is on Wikipedia it should hint you that that is of course known by security experts like COMODO and they would look for those before trusting the user installer and the digital signature that you conveniently ignore, is there not only to authenticate a installer but to prevent its corruption through the infection strategies.

Next time you try yo lecture someone about something make sure you know what are you writing about. And you weren’t insulted, I just revealed your ignorance about it, which you’re the only one to blame for.