Comodo Screenshots - Your setup?

I was posting screenshots in another thread, and figured, while I'm at it... I wanted to see how other people set their Comodo FW/D+ up, at a glance. Feel free to include AV settings too if you use it. I'm actually curious to see how they look, in v5 especially. Never used it. And I realize the v6 ones will look a tad different.

And no, this thread isn't about "look at me, look at me". I'm curious to see how others roll, and also, maybe we can network and get some ideas here like we did in the Web Browser thread. So allow me to go first:

 

and last but not least (the last pic)... something I aim for, that is a tell-tale portrayal of attack surface (or lack there of). Nothing leaving ports hanging open on my box and/or listening in while it's in idle...

 

Heres a couple of screenshots of my set up.Not too certain if these are good or not.

 

Heres my sandbox exception rules - Direct access to unvirtualized download folder, Utorrent downloads, bookmarks and extensions.

The VPN rule forces CFW to drop any non-VPN connections

I have IE, WMP, Foxit PDF and .RARextractfrog set to always open fully virtualized

Just a few FW rules

 

Sorry, but the screenshot suggested to me a question: where is in CIS 6 " execution control " ? it's enabled/installed by default ?,

 

FW settings - custom with high alerts means I get notified of any connection attempt whilst CIS creates rules for safe apps reducing popups

HIPS settings - with the HIPS I use safe mode with create rules for safe apps for reduced popups while still alerting to all unknown apps

FW rulesets for standard, blocked and VPN-only connections

 

To my knowledge it is although this happens behind the scenes now using the BB in default mode
It's more apparent when the HIPS is enabled.

 

Comodo 5.10 FW+D

 

double

 

If it suits your wants/needs as an end user... they are good. It's not a one size fits all thing.

I appreciate the participation. I only briefly got to see v6 on a friends box, and didn't really play around with it much. I didn't like the new interface at all so didn't really give it much of a chance. I was happy to get home, and back to my 5.10 : )

 

Meh... you gotta go hardcore like me with Paranoid ; ) Really though, I never get popups anymore. But I went through about 2-3 weeks of pure hell to achieve this state, to get everything how I wanted it. I was seeing popups in my friggin dreams (no exaggeration).

 

Some firewall rules I used years ago, displayed in an Excel spreadsheet, when Comodo was in its infancy at version 2.x...

 

That's true dedication to the cause and a lot of popups
I would like to get the time to do this, it would be a great learning curve and a lot of online look-ups as I would want to understand everyrule

 

Yep... it costs you time/effort in the short term for long term gain of the same, plus security. It's just hardening now... no user interaction required.

The only popups I ever get now are svchost internet access requests once a month when I update Windows. I keep it blocked the rest of the month then remove that rule before updating... then reenable it after.

And also I'd rather learn myself by seeing what actions are necessary than looking it up online. I'll block an action and see if it was still able to carry out it's mission regardless. If so, that block rule becomes remembered. If not, I try it again and remember to allow the action. I do this for every process & app on my computer... lol, until they're all fine tuned. It is indeed irritating for about a month. Now all is peaceful and secure.

As for rules... I block all IP In, ICMP In & Out, TCP/UDP In... then have certain (Dest.) Ports I block TCP Out access to. Like common "no good can come of it" ones such a NetBios (137-139), 135 & 445 both Source & Dest., 1024-1029 (that's why many of my rules start at 1030), 1433-1434, 6776, 12345... the combination an idiot would put on his luggage port. And 49152-65535. And several more too I'm not listing them all.

Of course any app rules would override this. So it's like harness good/block bad.

I also block Explorer, plugin-container, WgaTray, svchost, IE, both Comodo services... I find it funny to use Comodo to block Comodo. Ping & Ping6. And use tight, custom rules for anything I do allow. No loose "Allow All Outbound" rules on my box. Nooo... too OCD for that.

 

Blocking all outgoing icmp will prevent you from utilizing ping or tracert command line utilities.

You could block outgoing types: 0, 3 & 11 (echo reply, destination unreachable & time exceeded respectively), but at least allow type 8, (echo request).

 

@doolhof,

I might be missing something because I can't speak or understand German, but you could probably reduce all those Block rules to one, simple universal Block rule, that governs in/out, all ports and all protocols.

 

Yeah I know... don't need/use it. I used to allow certain types of ICMP... like if I recall time exceeded, fragmentation needed, & dest. unreachable. But it just wasn't doing me any good. No networking problems as a result of just blocking it all.