How to Install Comodo Firewall

[Chiron]

Hello, for those of you who are using Comodo Firewall, or Comodo Internet Security, I've created a guide to show you how to configure it for maximum security with maximum usability.
How to Install Comodo Firewall

Please let me know of any questions or comments you have.

Thanks.

[Circe]

An excellent article & advice, I have used this set up on numerous PC's without any problems at all, Thank you Chiron

[Chiron]

Quote:

Originally Posted by Circe

An excellent article & advice, I have used this set up on numerous PC's without any problems at all, Thank you Chiron

Thank you very much.

Please let me know if you have any questions.

[1chaoticadult]

Definitely an excellent guide for people who use and need help configuring Comodo Firewall/IS.

[Blues7]

I agree...Chiron's guide was most useful for setting up Comodo's firewall.

I've only made a few additional changes to tailor (tighten) the protection.

Definitely recommended.

[Chiron]

Thanks.

[NSG001]

Yes most excellent guide Chiron.

@blues7
I thought you were a 'PF' guy

What 'tweaks' did you make to Comodo FW ?

[Blues7]

Quote:

Originally Posted by NSG001

Yes most excellent guide Chiron.

@blues7
I thought you were a 'PF' guy

What 'tweaks' did you make to Comodo FW ?

I am...but I'm only monogamous in my marriage.

(I still have PF running on my wife's machine...and I may return myself at some juncture.)

The main changes I've made are:

1. Added some programs to be run in the Sandbox as "limited".
(These are not apps which I have under supervision by Sandboxie.)

2. Changed the "firewall" to "custom" and ticked "create rules for safe applications" so that I would be alerted to outbound connections rather than having the firewall automatically allow "trusted" apps to connect to the internet. The very few popups I've received are clear and easy to deal with.

3. Per advice of kjdemuth here on Wilders, I've unticked the options to both automatically trust and run installers outside the sandbox...and to automatically trust the files of trusted installers.

This just tightens up the security a little above the settings that Chiron shared with us and (thus far) has allowed my system to run very smoothly and quietly in the current configuration (as shown in my signature).

(Just don't run "Process Explorer". For some reason it discombobulated my system last night and led to my having to restore an image. I had read something on the Comodo site about its vying with the firewall for access to those processes. It wasn't for the faint of heart. )

[NSG001]

Thanks all the good info blues7
I am still using OA free but may give CFW another try soon.

[Blues7]

Quote:

Originally Posted by NSG001

Thanks all the good info blues7
I am still using OA free but may give CFW another try soon.

You're welcome.

(OA is/was a longtime favorite but it just doesn't play nicely on my machine anymore. Comodo and PF both run quietly with low resource usage. So it goes.)

[No_script]

There is more you can do with Comodo.

Under Firewall Network Policies Slect and tick these

Block Temp Files
Block Exe's
Ask When a System process connects to the internet Outbound


There is more but I'll add it later when I get home.

[Blues7]

No script, can you provide more info as to exactly which tabs these rules go under as well as the methodology of adding them?

[NSG001]

CIS 5.10 now back on system using Chiron's guide,
But I always remove the Trusted Vendor List.

[Blues7]

Quote:

Originally Posted by NSG001

CIS 5.10 now back on system using Chiron's guide,
But I always remove the Trusted Vendor List.

I've thought of doing that but haven't thus far.

That said, I could swear I read somewhere that the program just replaces it during updates when removed. Is this the case?

[NSG001]

Quote:

Originally Posted by Blues7

I've thought of doing that but haven't thus far.

That said, I could swear I read somewhere that the program just replaces it during updates when removed. Is this the case?

Just rename the vendor.n file to anything else > create a dummy/blank vendor.n in notepad and copy into database folder.
I have never seen it repopulate before, but you can always monitor this.

[Blues7]

Quote:

Originally Posted by NSG001

Just rename the vendor.n file to anything else > create a dummy/blank vendor.n in notepad and copy into database folder.
I have never seen it repopulate before, but you can always monitor this.

Thanks for the tip. I may just incorporate this one of these days.

[Chiron]

Quote:

Originally Posted by No_script

There is more you can do with Comodo.

Under Firewall Network Policies Slect and tick these

Block Temp Files
Block Exe's
Ask When a System process connects to the internet Outbound


There is more but I'll add it later when I get home.

If I'm not wrong, these are configuration changes you manually made to specific applications. Is that correct?

Also, did you check the global option to "Create rules for safe applications" so you could go in and change their settings.

That said, I don't see how you are blocking temp files or blocking exe's with the firewall. Do you mean the Defense+ / Sandbox component?

What you are talking about for that could be accomplished by setting the sandbox to "Blocked" but I don't advise that (although I do mention it) for most users because they will never even be given the option to trust an application. It will just not work if it's not in the whitelist or the digital signature is not in the TVL.

Can you please clarify your configuration so I can better understand it?

Thanks.

[Dark Shadow]

Thanks chiron for the tutorial.One other thing I just found that comodo does not pass CTL (comodo Leak Test) with sandbox but gets a perfect score with Sandbox off.

If I leave Sandbox off does it effect the settings in the tutorial.

[Chiron]

Quote:

Originally Posted by djohn

Thanks chiron for the tutorial.One other thing I just found that comodo does not pass CTL (comodo Leak Test) with sandbox but gets a perfect score with Sandbox off.

If I leave Sandbox off does it effect the settings in the tutorial.

The leak test is problematic. It was actually designed before the sandbox was introduced and therefore doesn't test it properly.

I wouldn't worry about it.

[Dark Shadow]

Quote:

Originally Posted by Chiron

The leak test is problematic. It was actually designed before the sandbox was introduced and therefore doesn't test it properly.

I wouldn't worry about it.

Ok thanks.

[Blues7]

djohn, just for clarity's sake I believe that Chiron is recommending that the sandbox remain enabled despite the test score.

I'm sure he'll correct me if I've misspoken.

[Chiron]

Quote:

Originally Posted by Blues7

djohn, just for clarity's sake I believe that Chiron is recommending that the sandbox remain enabled despite the test score.

Yes, I do recommend that the sandbox remain enabled.

[Dark Shadow]

I turned sandbox back on.thanks guys much appreciated.

[No_script]

Quote:

Originally Posted by Blues7

No script, can you provide more info as to exactly which tabs these rules go under as well as the methodology of adding them?

Sorry I've been busy I'll try and get a tutorial up later with pictures. Thanks for the trusted vendor trick, never thought of that.

[AMIGA500]

Has the problem between the comodo firewall and the avast web shield been resolved yet?
any update on this please?