Thread split - Comodo fw questions

Re: Comodo paying top ten reviews now?

in COMODO FW, how do you tell it to DISABLE all internet access for a particular process?

And is CFW a HIPS FW?

And does CMF stop drive by downloads?

And does CMF stop W7 registry alterations?

And what is COMODO protect the arp cache and Gratuitous ARP Frames? Should it be ON or OFF?

And what is Adaptive Mode under low System Resources?

And what is enhanced protection mode and why is it not selected by default and should it be?

 

Re: Comodo paying top ten reviews now?

btw, the help file is your best friend

 

Re: Comodo paying top ten reviews now?

Thank you guest for your reply and answering all my questions

But one last question remains, I still don't know how to block internet access for a particular process or program? How and where do I do that?

 

Re: Comodo paying top ten reviews now?

no problem

Firewall tab -> define a new blocked application -> select -> running process or browse (to your progs/proc .exe)

http://help.comodo.com/topic-72-1-284-2970-Define-a-New-Blocked-Application.html

 

Re: Comodo paying top ten reviews now?

I think I found another way..? I clicked on Defense+ tab > View Active process list > right click > Terminate and Block ? Does that do the same thing? Or something else?

And once something is blocked using the method you mentioned, where do I find them in case I want to unblock?

 

Re: Comodo paying top ten reviews now?

With your way, the process is already running, with my way you can block it before it run.

you can find it on "network security policy" under firewall tab

 

Re: Comodo paying top ten reviews now?

Mozart- By using D+ to block a program, you are blocking all aspects of that program. You really don't want to do that. Better to follow the instructions given by Polaris to just block network access of a given program.

If you find yourself wanting to give a variety of programs no internet access, you may want to set the Firewall to custom Policy (right click the Comodo icon-Firewall Security Level-Custom Policy). Then whenever a program tries to get out you can decide on a case by case basis. A pain on day 1, but after that no issue.

 

Re: Comodo paying top ten reviews now?

Thank you my friend

 

Re: Comodo paying top ten reviews now?

Cool thank you

 

Re: Comodo paying top ten reviews now?

i couldn't say better ^^ mine is set on Custom too.

 

Re: Comodo paying top ten reviews now?

So keep it on custom forever?

 

Re: Comodo paying top ten reviews now?

I do and always will.

 

Re: Comodo paying top ten reviews now?

Sounds like a good plan

And what about the Defense+? What you keep it on for that? Safe Mode? or Paranoid Mode?

 

Re: Comodo paying top ten reviews now?

Safe mode is best unless you want are ready to deal with tons of popups (Paranoid mode).

 

Re: Comodo paying top ten reviews now?

I put it on Paranoid and it should be called "NIGHTMARE". Wow, never load GIMP when Paranoid Mode is selected lol

But I assume keeping it on Paranoid mode is good idea? Just going through all programs once is a nightmare.

Wish they had a mode where everything is added to Paranoid mode automatically, and then you can start Paranoid mode AFTER everything existing on your PC has already been automatically added.

BTW, what's the Sandbox feature like? My Sandbox is disabled and turned off atm. Yours?

 

Re: Comodo paying top ten reviews now?

It depends how deep in the rabbit hole you want to go lol. I could personally deal with paranoid mode as I have in the past but I deem it unnecessary. Safe mode is enough for me. I have only used the always sandbox feature to limit rights on a few internet facing programs (such pdf reader, media player, browser, java).

 

Re: Comodo paying top ten reviews now?

But what happens if you have given access to an infected file which later begins doing stuff? Then Paranoid is the ONLY solution to make you aware of it, right? Because on Safe Mode, anything done by a "safe file" is learned and allowed. But what if that "safe file" ends up being a malware and starts doing stuff a few days or week after you installed it? See my point? That's why PARANOID is included and should be used IMHO.

For why else would they even bother to include PARANOID mode?

 

Re: Comodo paying top ten reviews now?

Not necessarily. Just because something is a safe file doesn't mean Comodo won't detect changes to a particular file. For example, I installed an update to media player (It even popped an alert for the installer). When I launched the media player, an alert popped up letting me know the file has been changed. Who says it won't do the same for an infected file. Paranoid mode is for advanced users who want to complete awareness of activity on their system.

 

Totally agree. Paranoid mode is way overkill without much benefit. For me what is more important is the Sandbox setting/Execution Control to either Untrusted or Restricted.

 

Re: Comodo paying top ten reviews now?

I didn't know about this setting, thanks! Do you use it and, if so, do you notice any different behavior from Defense + ?
.

 

Enhanced Protection Mode will assist CIS into hooking into a 64bit OS, thereby stopping some malware from getting past CIS (eg. the bypass userspace hooks by malware). I've seen reports of system freezes with it enabled while playing games. I can only assume that it is not enabled by default due to potential issues in some scenarios but that's only my conjecture. The benefit of having EPM enabled will in my opinion outweigh any risks.

In 32 bit systems EPM is from what I've seen without any value but also can cause issues. Comodo admits that there is a good potential for instability so it's not recommended here.

Personally I enable it on 64bit machines.

 

I thought EPM was enabled by default (even on 32 bit systems, like XP) when Proactive Security was activated following the reboot.

 

No it isn't. You can check this for yourself (if you have EPM activated):

1). Uncheck EPM
2). Set CIS to something other than Proactive Security
3), Reboot
4). Set CIS back to Proactive Security
5). Check to see is EPM is activated- Think you will see that it is not.

Also, a helpful hint that many aren't aware of- Open up the D+ tab and click on Trusted Files. A list will present itself. If you have had CIS installed for any length of time, files will be on this list such as installers, uninstallers, exe's from programs long uninstalled, Windows update files, etc- basically a BUNCH of junk.

You can clean this list easily- just click on PURGE. Comodo will match your trusted files list with things that actually still exist on your computer. For those invalid entries you will then have a option to delete them.

Certainly not necessary to do this, but if you every want to search for a trusted file it is nice not to have to wade through the trash.

 

Thanks, I didn't know about this cleanup option.

 

+1, thanks! Been using it for years and didn't know this.

PD