svchost is utilized by many applications, including various types of malware. For CF, if it is spawned by something either malicious or just Unknown it will also be contained as will any command line arguments that can arise from it (similar to any Lolbin); thus specific restrictions are not needed and should not be done.
That's great, thank you for the clarification
Im going to be fairly straight with this, as i posted for a reason. This is comodo's everything and has been. All their other products have always taken backseat to this. Look in their forums for abandoned, half baked applications. I hear everything from the bugs and crashes are myths to it having the ability to block stolen cert malware "which was ironically funny" I know of the breach because i was in the forums and using their products back then, which is another point i was trying to achieve here, im not new to it.
Sometimes, trusted applications end up on the "Blocked Applications" list. Right now, I have "OfficeClickToRun.exe" in there, and it has several blocked entries in the logs. I just remove it from the list and clear the logs. Another solution is to unblock the apps in Blocked Applications. Also, you can set auto-containment to block and firewall to allow, which will solve the problem without affecting the protection.Connections seem to be fine just hundreds in the logs within minutes if I don't create a rule.
Decided I'll just leave the automatically created Allow Outgoing rules for those that popped up in Blocked Applications and delete the others generated with the exception of default rules and turn back off the Create rules for safe applications. I can then just copy the rule for any others that subsequently show up being blocked. That way a rule isn't created for every application as this is only the case with a half a dozen applications
