Comodo Firewall Pro Beta

Seer,

You have 2 rules to allow outgoing and other 2 rules to allow incoming.
That is a software bug, right?

If you remove the incoming rules, that you have for each application, the P2P works well?
I'm asking this because that rules shouldn't be necessary...

I will try the next beta version of CFP, because this one is to buggy for me...
But it's normal, since this new version is completly new...

 

VaMPiRiC_CRoW,

hello again. Sorry that you had to post the same question twice, I completely (unintentionally) missed your post. More screenshots from me now.

Unnecessary? What exactly do you mean? A P2P application would need to have inbound rules, I have just reinstalled Comodo v2 to check how that version works with server apps - it gives me a popup for uTorrent to "act as a server". If I choose to remember that popup, Comodo places this rule in the application filter -



The lights are all green with uTorrent (no need for screenshots on this, I think). I just restricted the rule to specific port in v3, otherwise it is the same principle.

If I delete inbound application rules in v3, I get this in the logs (makes sense to me) -



and also red lights in torrent clients (that happens without "act as server" rule in v2 also). Which is not good. The screenshot shows blocked UDP only, as I didn't have any torrent running at the time - no transfer occuring.

Now, am I doing something wrong here?

 

Seer, no i don't have a proxy.

What VC is saying is that it should not need an inbound rule to function at its basic mode. Your application rules are not the same as the Global rules, if it still works as 2.4.
Global rules should be the Network Monitor, where the SPI is. Application rules work differently.
If it doesn't work just by answering pop-ups, something is wrong.

I rarely use an inbound rule (a true inbound) for Emule these days. Downloads are slower, but it's sufficient for small files.

 

Yes, you do have a proxy if you use avast!'s WebShield WebShield is a proxy, as I said, and all http comms go through it. Set your browser to use a proxy, your browsing should work then. If you need assistance, please let me know

The "basic" mode? There is no basic mode for server apps, either they work as server or they don't.

SPI has nothing to do with server rules.

Well, this is your preference, but in this way (without inbound rule), eMule doesn't work as a server application.

 

oh?

Of course it doesn't work as a server, that's the whole idea

 

I am looking forward to trying out the "production" version of V3 not the Beta since smarter users than me are running it and it will improve over time.

There is a market for suites, ZA , KAV NIS come to mind.

BUT I hope that the prediction on CFW becoming a suite in the sense of having a AV and an ASW is not proven out. For my needs I prefer to have a pure FW + HIPS and then the ability to let me mix and match AV's and ASW's at will. Best IMHO not to depend on 1 vendor for ALL our secuity needs.

So if we need an example from CP it would be ZA Pro minus the ASW piece and a few other bells and whistles like the vault.

There will be 2 markets:

1) suites for ordinary users (not power techi's) give me 1 solution I want to depend on that approach it is easy and simple!

2) The build our own suites by adding and replacing pieces as tools improve and vendors come and go as in the tradition of Wilder's layered best of breed approach.

So if I'm right the debate about which is best when both will exist and continue is how to say this , a waste of time

But this is just an opinion!

 

Seer,

Yes, if we have the Application Monitor enabled, we must have a rule to allow incoming traffic for that application, that is the same to allow that application to act as a server...

But I also added that rule and didn't worked, so must be a conflit with another program, since it works with you...

The SPI is just to keeps the track of the state of network connections...

 

Yes VC, that's a possibility also. After all, as you said, it's only a beta Of course, you have the port forwarded in your router (if you use one), I presume?

BTW, VC et al, WTF is this? -



Hardcoded rules in Comodo? Why?

 

Server rules need to bypass the SPI, so the unsolicited connections could be accepted by the server app. Thus the need for inbound rule.

Could you elaborate this please? I don't see the point (idea) in using a server application without server rules...

 

Edit it to block and you'll see it's not hard coded.

Exactly.

I think in this case you're hanging on the concepts too much. This is for my personal use. I'm just using Emule to download stuff.

 

Seer,

CFP at the beginning, let you choose to make a scan for known applications and then create rule for them.
That system file is needed to allow you to connect to the Internet, and of course that Comodo files are trustful...

I didn't try, but I think, and hope, that list will be empty if we choose not to scan for known applications...

 

Hi VC

I actually carefully looked where to skip this step. I never do such things, as I like to make my own rules. So, in short, I scanned nothing "trusted" with Comodo.

Are they indeed? LOL. OK...

Cheers

EDIT:

Have you actually installed this firewall? They can't be edited... or removed.

I am so sorry. I respect your opinion/needs

Cheers again

 

Heh, you should report it as a bug. It worked fine here. One of the first things i did.
It is not ready for prime time for sure, but we should report all this to help.

EDIT: i can't try it now, as i'm not in XP, but i think you can't edit the individual rules (below the process name), but you can edit by clicking the process name. Change it to custom and create the rules from scratch.

 

Yes, you are right, that is a bug. All of a sudden, my torrent rules became hardcoded as well

Oh, wait, svchost and system rules can be deleted now... WTF

OK, alpha was better than this. I believe any further discussion is pointless. This is an unpredictable version... behaves differently on different systems... we almost got into a flame war because of it.

Cheers guys.

EDIT:

Yes, but I haven't changed anything manually.

 

Seer,

I use that feature to have less alert windows about good applications...

I don't like annoying me with useless alerts...
That is why I don't like normal HIPS...

The alpha version didn't have a lot of the new features implemented, so...
I hope the next beta becames much more stable...

 

Hello.

OK, I have to apologize to anyone reading this thead and especially to lurking Comodo officials I was quick to call the rules "hardcoded". They are not, I see how that works now...

But actually the rulesets in application monitor are changing policies randomly! From "outbound only" to "custom" and back. Also, deleted rules are reappearing again Very strange. I don't touch the firewall, I just keep it opened in a VM and every few minutes I take a glance at it - it definitely has a mind of its own. I will install it in a FD-ISR snapshot when I find time and test it more. I will also try it on another (test) PC. If I find anything unusual (new or reoccuring), I'll report my findings here (not there).

Cheers to all.

 

I spoke too soon. I click on remember this action for the defense+, and it still forgets the rule on the next boot up.

 

Hey Seer I don't see you need to apologize for reporting and your learnings on these matters! People read your posts and check them out and gain!

BTW I pulled out of my own learning thread on CFW 2.4.15 because of this very issue, I called it "scrambling the rules" at the time and gave up on 2.4.
My hope is that this issue will be dealt with soon! It seems this piece of code on rules has "dementia" fouled up logic and can't remember what you told it to remember.

 

The newer beta version 3.0.8.214 released yesterday (8/23) with many bug fixes:
http://forums.comodo.com/cfp_beta_corner/cfp_308214_beta_is_now_available_for_download-t11950.0.html

 

I just tried out the updated BETA and I have to say its MUCH IMPROVED from the last beta. Looking very polished indeed. Last beta had too many popups but the by-default learning mode makes the HIPS so much more practical to use for most users.

 

One post un-related to this thread's topic was placed in this created thread for further comments.

Bubba