2 Tech:
If you want evidence, I will tell you how to reproduce the behavior:
http://download.drweb.com/drweb+cureit/The download link is down the page.
After clean install, or if you are still using the default rules, first set your Network Monitor rule TCP/UDP Out Any to LOG and you will see the problem: all you get is an alert for remote port 21, but not for the remote (destination) 64000-65535 range. I don't think a detailed analysis is necessary here: the logs will speak for themselves. The high remote port range is silently allowed without any alert popping up. COMODO does not warn, even though I set it to 'Very High Security'. I don't think I'll have to give anybody a detailed analysis of the implications remote port redirecting tricks might have.
P.S.:Nothing on my computer is trusted, so the "Don't check certified application-stuff" was DISABLED.
I'm not talking about MY ports. They are all closed even without firewall. No problem here. The allowed local (source) port range is 1024-4999. It's DrWeb's ports 64000-65535 I'm connecting to WITHOUT WARNING FROM COMODO. Now with firewalls like Jetico and Sygate you get a warning whenever your computer tries to connect to a remote (destination) port THAT HAS NOT YET BEEN DEFINED BY THE USER.
On the Application Level (Layer 7) Firefox (my default browser) has the following rules:
1. Firefox.exe
Destination: 127.0.01
Port: 1024-4999
Protocol: TCP In/Out
Allow
2. Firefox.exe
Destination: RANGE: xx.xxx.1.1 – xx.xxx.1.2 (my 2 DNS servers)
Port: 53
Protocol: UPD Out
Allow
(Local Ports were restricted by the Netmonitor rules to 1024-4999)
3. Firefox.exe
Destination: [Any]
Port: 80,90,443
Protocol: TCP Out
Allow
(Local Ports were restricted by the Netmonitor rules to 1024-4999)
When you go to that site and you start the download, you get a warning from COMODO about Firefox connecting to remote port 21 (which you allow) and the download starts, although it SHOULDN'T start before you allowed one of the random remote ports between 64000-65535.
Paul Wynant
Moscow, Russia