How to Install Comodo Firewall

[Chiron]

Quote:

Originally Posted by hogndog

One more question will that configuration hold true if i run the firewall alone using no antivirus? Just Sandboxie and Windows Defender

Tia..
Hogndog

Yes, although without an antivirus your chances of accidentally allowing a dangerous file access to your computer increase drastically.

Quote:

Originally Posted by hogndog

I went to the Comodo forum to download the firewall, well i downloaded 3 and all of them failed the MD5 Hasher check using this extension..

https://addons.mozilla.org/en-US/fir...hasher/?src=ss

I ran it three times just to double triple check, its not the extension because i downloaded some other applications just to be sure, well guys what should i do??

Personally, I wouldn't be too worried about it. Chances are high that the links have been updated but not the MD5 listed. This problem has happened before.

I wouldn't worry about it as long as you downloaded it from an official source.

[hogndog]

Thanks Chiron, now on to configuring it without having to use an antivirus..

[hogndog]

Install Comodo and set it up according to your directions... the first thing it zapped was that GRC Leak Test.. Flagged it as Malware then proceeded to clean it off..

Thanks..
Hogndog

[luciddream]

If people want to improve D+'s ability as an anti-executable, they may want to consider adding more file extensions under "File Groups" > Executables. Personally I consider several more things that could act as potential executable code than is on that list.

I personally don't really have to worry about it because I have the extensions in my SRP already. And speaking of which... the default list of file extensions in SRP (I use XP Pro so that's what I'm going by here) is a good frame of reference for which ones to add to Comodo.

You can find it in (I use classic view): Control Panel > Administrative Tools > Local Security Policy > Software Restriction Policies... then right clicking on "Designated File Types" and going to Properties. Granted the list is kind of overkill/paranoid. You don't have to add them all.

I compromise a bit with the .lnk extension. I remove it from the SRP list, as it can be a PITA, blocking your shortcuts. This creates a more user friendly default deny SRP. The compromise is that I add it to my Comodo list instead. So that if a shortcut ever does exhibit suspicious activity, D+ would flag it.

And you can do this mixing & matching with other extensions too. Remove some from your SRP list and add them to the Comodo one, for better usability. SRP & HIPS don't have to be mutually exclusive... they can co-exist together, even compliment one another.

For people that don't have SRP (Home versions), and/or don't feel like digging it up, I'll list the file extensions here:

exe, dll, sys, ocx, bat, pif, scr, cpl, com, cmd, lnk*, ade, adp, bas, chm, crt, hlp, hta, inf, ins, isp, mdb, mde, msc, msi, msp, mst, pcd, reg, shs, url, vb, wsc

* = my aforementioned "compromise"

[Chiron]

Quote:

Originally Posted by luciddream

If people want to improve D+'s ability as an anti-executable, they may want to consider adding more file extensions under "File Groups" > Executables. Personally I consider several more things that could act as potential executable code than is on that list.

I personally don't really have to worry about it because I have the extensions in my SRP already. And speaking of which... the default list of file extensions in SRP (I use XP Pro so that's what I'm going by here) is a good frame of reference for which ones to add to Comodo.

You can find it in (I use classic view): Control Panel > Administrative Tools > Local Security Policy > Software Restriction Policies... then right clicking on "Designated File Types" and going to Properties. Granted the list is kind of overkill/paranoid. You don't have to add them all.

I compromise a bit with the .lnk extension. I remove it from the SRP list, as it can be a PITA, blocking your shortcuts. This creates a more user friendly default deny SRP. The compromise is that I add it to my Comodo list instead. So that if a shortcut ever does exhibit suspicious activity, D+ would flag it.

And you can do this mixing & matching with other extensions too. Remove some from your SRP list and add them to the Comodo one, for better usability. SRP & HIPS don't have to be mutually exclusive... they can co-exist together, even compliment one another.

For people that don't have SRP (Home versions), and/or don't feel like digging it up, I'll list the file extensions here:

exe, dll, sys, ocx, bat, pif, scr, cpl, com, cmd, lnk*, ade, adp, bas, chm, crt, hlp, hta, inf, ins, isp, mdb, mde, msc, msi, msp, mst, pcd, reg, shs, url, vb, wsc

* = my aforementioned "compromise"

Thank you for pointing this out. With my advised settings any files are already protected from modification by any unknown files.

However, if anyone was trying to set it up as an anti-executable your advice would be very helpful.

[luciddream]

I wanted to share how I harden my rules for Web Browser under "Predefined Policy":

Rule 1 - Loopback

Allow TCP Out
Source Address - Type: IPv4 Single Address, IP: 0.0.0.0
Destination Address - Type: Network Zone, Zone: Loopback Zone
Source Port - Any
Destination Port - Any

Rule 2 - HTTP

Allow TCP Out
Source Address - Type: Network Zone, Zone: LAN
Destination Address - Any
Source Port - Any
Destination Port - Type: A Set of Ports, Ports: HTTP Ports

Rule 3 - DNS 1

Allow UDP Out
Source Address - Type: Network Zone, Zone: LAN
Destination Address - Type: IPv4 Single Address, IP: 8.26.56.26*
Source Port - Any
Destination Port - Type: A Single Port, Port: 53

Rule 4 - DNS 2

Allow UDP Out
Source Address - Type: Network Zone, Zone: LAN
Destination Address - Type: IPv4 Single Address, IP: 8.20.247.20*
Source Port - Any
Destination Port - Type: A Single Port, Port: 53

Rule 5 - Block Rule

Block IP In/Out
Source Address - Any
Destination Address - Any
IP Details - Any


* = Comodo Secure DNS servers (choose your own, naturally)

Not a big diff. from the default rule, but I like to tighten things however I can, even if it's minimal. There were a couple rules in there (I forget what now) I simply didn't need.

And this is assuming you have zones under "Network Zones" for both Loopback and your LAN.

[pintas]

Chiron, care to update your post on "How to Install Comodo Firewall" at www.techsupportalert.com with the new Comodo 6?

[JohnMult]

Chiron, I have one question only and you are propably the one that can answer it. I set up Comodo according to your guide (the only thing is that i did not install Antivirus) http://www.wilderssecurity.com/showt...52#post2127652. My main problem is that Defense has blocked my Windows Updates today, can you help me how to automatically allow them?

[pintas]

Quote:

Originally Posted by JohnMult

Chiron, I have one question only and you are propably the one that can answer it. I set up Comodo according to your guide (the only thing is that i did not install Antivirus) http://www.wilderssecurity.com/showt...52#post2127652. My main problem is that Defense has blocked my Windows Updates today, can you help me how to automatically allow them?

Set your firewall/D+ to learning for a few days and download/install/use whatever you like (that you know is safe!) and then just turn it back to safe/custom mode, whichever you preffer.

[Chiron]

Quote:

Originally Posted by pintas

Chiron, care to update your post on "How to Install Comodo Firewall" at www.techsupportalert.com with the new Comodo 6?

I will update it once the final version is released. I do not update it for Beta versions.

Quote:

Originally Posted by JohnMult

Chiron, I have one question only and you are propably the one that can answer it. I set up Comodo according to your guide (the only thing is that i did not install Antivirus) http://www.wilderssecurity.com/showt...52#post2127652. My main problem is that Defense has blocked my Windows Updates today, can you help me how to automatically allow them?

Something is not right here. It should automatically allow all Windows files. Did you by any chance tweak the trusted vendors list at all, or select the option to make rules for Safe applications?

If you did not do either of these then something is wrong with your program. Please run the diagnostics, and if they are not able to fix the problem then reinstall it by following the advice I give on this page. That should solve your problems.

If you have any more questions please feel free to ask.

Thanks.

[JohnMult]

I did the installation in 4 pc with the same configuration and only one passed the windows updates clean. I did not do either of these two options you mention (diagnostics did not find any problem)

[Sm3K3R]

Is this so called firewall still featuring the attack detection component ?

Last time i ve installed it (3 months ago) at default everything was passing thru it was like using the Windows firewall but with more calling home connections.

[Chiron]

Quote:

Originally Posted by JohnMult

I did the installation in 4 pc with the same configuration and only one passed the windows updates clean. I did not do either of these two options you mention (diagnostics did not find any problem)

Can you please let me know which changes you made to the configuration, which are different than those I advise in my article?

I think the key to understanding this is in your configuration.

[Okeyowon]

Thank you, Chiron, for your Comodo FW install guide. I've seen that guide before but didn't know that you were the author of it, nor did I know that you're also a member here.

[Okeyowon]

Quote:

Originally Posted by NSG001

Just rename the vendor.n file to anything else > create a dummy/blank vendor.n in notepad and copy into database folder.
I have never seen it repopulate before, but you can always monitor this.

Thanks for the tip. I was wondering if the whitelist can be edited instead? Seems like that would cut down on a lot of new alerts.

[S4m]

what is the difference btw the 3 configuration ? (proactive, internet security , firewall) does it just have to do with defense+? (i use comodo AV mostly for the HIPS only)

[Chiron]

Quote:

Originally Posted by Okeyowon

Thank you, Chiron, for your Comodo FW install guide. I've seen that guide before but didn't know that you were the author of it, nor did I know that you're also a member here.

Thank you.

Please let me know if you have any questions.

Quote:

Originally Posted by S4m

what is the difference btw the 3 configuration ? (proactive, internet security , firewall) does it just have to do with defense+? (i use comodo AV mostly for the HIPS only)

Please see the explanation on this page. Hopefully that will help shed some light on this.

[moontan]

Quote:

Originally Posted by S4m

what is the difference btw the 3 configuration ? (proactive, internet security , firewall) does it just have to do with defense+? (i use comodo AV mostly for the HIPS only)

if you are using only the firewall for example, then switching to Proactive will turn on D+ and the sandbox.

personally, i like to stay in the Firewall mode since it's the sum of all your tweaks and changes.
kind of like a Manual mode.

[AMIGA500]

I always use proactive security.Feel more secure this way.

[Okeyowon]

Looks like I failed the "TruStealth Analysis" at the GRC/ShieldsUp site -- should I work to change this or leave it be?

http://i1231.photobucket.com/albums/...psd6139b91.png

Quote:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2012-10-14 at 08:14:47

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
22 Ports Closed
4 Ports Stealth
---------------------
26 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be STEALTH were: 0, 135, 139, 445

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------

[JohnMult]

Quote:

Originally Posted by Chiron

Can you please let me know which changes you made to the configuration, which are different than those I advise in my article?

I think the key to understanding this is in your configuration.

Thanks for your interest in my case.
The only changes are:
1. Add Interenet explorer and Chrome in Network Security Policy (Web Browser)
2. Do not show firewall and defence prompts (Block)
3. Unrecognised files marked as "Untrusted"
The thing is that is blocking the downloads from Windows Update as Unrecognided files and marked them as "Untrusted"

[Chiron]

Quote:

Originally Posted by Okeyowon

Looks like I failed the "TruStealth Analysis" at the GRC/ShieldsUp site -- should I work to change this or leave it be?

http://i1231.photobucket.com/albums/...psd6139b91.png

These results are most likely due to your router. As long as you configured it as I advise in my article I would not be worried.

Quote:

Originally Posted by JohnMult

Thanks for your interest in my case.
The only changes are:
1. Add Interenet explorer and Chrome in Network Security Policy (Web Browser)
2. Do not show firewall and defence prompts (Block)
3. Unrecognised files marked as "Untrusted"
The thing is that is blocking the downloads from Windows Update as Unrecognided files and marked them as "Untrusted"

I'm not sure exactly where the issue is. Perhaps there is a firewall alert which has been blocked, and thus is stopped each time.

My advice would be to post this on the Comodo forum so someone who has a better understanding of the firewall help you much better than I am able.

[Chiron]

Comodo Internet Security version 6.0 was just released on the Comodo forums:
http://forums.comodo.com/news-announ...-t89185.0.html

However, please do be aware that this new version will probably not be pushed as an automatic update to the previous version for a few weeks.

I've therefore updated this article for the new version. Please let me know what you think of it.

[Morro]

Quote:

Originally Posted by Chiron

Comodo Internet Security version 6.0 was just released on the Comodo forums:
http://forums.comodo.com/news-announ...-t89185.0.html

However, please do be aware that this new version will probably not be pushed as an automatic update to the previous version for a few weeks.

I've therefore updated this article for the new version. Please let me know what you think of it.

Installing and configuring CIS v6 with the updated article went smooth, thanks Chiron for taking the time to do this.

[Victek123]

Quote:

Originally Posted by Morro

Installing and configuring CIS v6 with the updated article went smooth, thanks Chiron for taking the time to do this.

Can you comment on what, if anything, is different in the v6 firewall?