Comodo Firewall - Can this setup work?

I am running a security setup for a friend whom is on a tight budget.
I figured this setup out for him with only the minimum spending using Comodo Firewall:

FREE

Antivir Personal Classic
Comodo Firewall
Prevx1 "R"
System Safety Monitor
Spyware Terminator
Hostsman (MVPS)
CCleaner

FREE ON DEMAND\PASSIVE

Spyware Blaster (Immunized)
Spybot S & D (Immunized)
Harden-It

PAID

Raxco FD-ISR

What do you think, good enough setup? Haven't been familiar with Comodo Firewall, but everyone seems to be using it around here and its free. Don't know how to configure Comodo though, any advice?

dja2k

 

Here is a message thread on the set up of Comodo.

https://www.wilderssecurity.com/showthread.php?t=145704

You have quite a few programs listed. Just be forewarned that a potential incompatibility can exist between programs from different vendors.

 

Well that is the point of me listing them so that others can post if they have found incompatibility to be forewarned.

By the way, that link shows the basics, I need advanced like the other options that are in Comodo's advanced options. Its okay, I have asked over at the Comodo forum already.

dja2k

 

I am sure that you have prior experience with software to know that pitfall. But there are oft too many times when something goes bump in the night and all of a sudden things stop working.

There are many users of Comodo (I am not one of them) on this forum. I am sure they will be able to provide more information on the other options and settings regarding the firewall. Sorry that my post was superfluous.

 

iirc, prevx1 "r" isnt available for download anymore, and two HIPS isnt necessary either. other than that, setup looks good.

 

Like others have said, prevx1 is considered CIPS not HIPS, but besides the point.

Okay then drop Prevx1 and SSM, he has Ghost Security Suite (licensed AD and RD) already, and that should be enough. I would encourage him to buy Online Armor in the future when he has more money though. For now, I am setting it up and making a snapshot with FD-ISR so he won't screw up his system without having an immediate restore point I just hope he follows safe surfing since he doesn't have a web scanner.

I will setup Comodo firewall the best that I can since I am not truly familiar with its advanced options. Hey WSFuser, I remember you turned off some options in Comodo when you used it, which ones were they and why?

dja2k

 

Hold it. I see ghost Security Suite there. I'm not familiar with it, and if the suite has no firewall in it, never mind. But if it does, don't install another one as well. Two firewalls on the same pc won't live together. OThat aside, I installed Comodo and it runs automatic with only a few adjustments I made in the first half hour. It's the best. Don't repeat this, but I'd pay for it.

 

i turned of the "HIPS" part of Comodo, aka Application Behavior Analysis. my reason being i only like having one HIPS/CIPS.

also i left Component Monitor in learning mode. i enabled it once, but i didnt feel like answering pop-ups.

 

Let me add to the list:

Open a Limited Account to access the Internet
Install a NAT router

 

FREE
Antivir Personal Classic
Comodo Firewall
CCleaner & Cleanup!
Geswall or dropmyrights for internet apps
Cyberhawk

FREE ON DEMAND\PASSIVE
Spybot S & D (Immunized)
Ewido or A^2

PAID
Acronis True Image 7.0 now free:
http://www.acronis.com/mag/vnu-ati7

How experienced is this user?

I would look at Geswall or Cyberhawk and a anti malware scanner - on demand scanner is often free. Running with limited priv is a good suggestion GeSwall makes this fairly painless or dropmyrights - I prefer Defensewall but that is not free.

TI 8 and Paragon Drive Backup have been on magazine cover disks in the uk - TI7 and look in the newsagent

 

Not to sure about adding Geswall nor Cyberhawk. I personally don't like them and they sometimes crash, cause slowdowns, and\or cause BSOD errors with what I have read. I am not to familiar with Cyberhawk nor is he. Don't want that for him because I will not hear the last of it. Maybe add Geswall next built, bur for now let me add sandboxie. Also the rest of your opinions are great. I will think it further.

Gesc why did you remove harden-it and a host file. Those won't mess around with anything, but further give an extra layer of protection.

dja2k

 

FREE
Antivir Personal Classic
Comodo Firewall
CCleaner & Cleanup!
Ghost Security Suite (AD & RD)
Spyware Terminator (No HIPS)

FREE ON DEMAND\PASSIVE
Spybot S & D (Immunized)
Spyware Blaster (Immunized)
Ewido Micro Scanner
A-Squared
Harden-it
MVPS Host File (Hostsman)
Acronis True Image 7.0
Sandboxie
*ALL OTHER HARDENING

PAID
Nat Router

dja2k

 

It just came to my understanding by surfing around for answers that Comodo Firewall is not safe for p2p. Can anyone confirm this?

dja2k

 

I use Azureus (bittorent) without problems. I think, that my Aplication & Network rules are safe.

 

Can you post links to what you read?

Loads of info and you can ask questions directly here...

http://forums.comodo.com/index.php?board=50.0

 

Dammit can't find the link though it was around here. It was someone saying something that Comodo isn't for p2p something about server rules or something. Can't comment more as I don't want to post false information.

dja2k

 

Forgive me for asking, but where did you learn how to do those rules for your network monitor? Isn't your rule #4 and #7 duplicating ports since some of those in rule #4 are allowed in rule #7 with 1024-65535?

dja2k

 

I set Alert Frequency to High and then I have altered created rules.
Comodo's FAQ helped me to find out, how to set up Network Monitor.

 

Shouldn't your UDP and TCP in for p2p on your network tab be set to your IP address under destination?

dja2k

 

Anyways this is what I got so far for utorrent though I don't know how to setup the network rules.

 

I think, that you need to Allow in Network Monitor: TCP/UDP In Where the Destination Port is 52634.

Destination is meant to be the internet (look at the Activity - Connections) and the Source is the PC.
When I set up DNS servers as the Source IP and the Destination IP was set to Any, DNS was blocked:

Code:

Date/Time: 2006-10-12 10:26:53
Severity: Medium
Reporter: Network Monitor
Description: Outbound Policy Violation (Access Denied, IP = DNS Server IP, Port = dns(53))
Protocol: UDP Outgoing
Source: my IP:2495 (note, that the local port is not 53)
Destination: DNS Server IP:dns(53)
Reason: Network Control Rule ID = 8

To be honest, this destination vs source was confusing to me too when I switched from Outpost Pro.

 

Yeah I have that so far in the network rules letting my specific port inbound for TCP and UDP, but what I am confused about is how you got the rest of the rules on the top. I think what they mean by destination and source is your actual IP, which in my case is the static IP i have setup in windows because I am behind a router.

How did you go by replacing the default allow TCP\UDP OUT with the ones shown here? What is the difference between #1 and #2?



dja2k

 

You are right, when you have a router, you have to set up trusted zone.
TCP/UDP Out is fine, I added ports 1024 and up, just to make it a little tighter.
So I could set up eg. DNS rules (IP and port 53), which is bellow the port 1024.
There are some people, who use ports like 0 or 80 on p2p, I prefer to ban them.

#0 is for my first internet, which has different DNS Servers than my second net #1 & #2.
I did not show it, because I use the first internet and I do not want some hacker to block it.

 

So let me get this straight.

First rule is this,

UDP OUT - SOURCE ANY - DESTINATION IP+SUBNET IP - PORT 53

Second rule is this,

UDP OUT - SOURCE ANY - DESTINATION DNS (ROUTER IP) - PORT 53

Third rule is this,

UDP OUT - SOURCE ANY - DESTINATION SUBNET IP - PORT 67

Forth rule is this,

TCP OUT - SOURCE ANY - DESTINATION ANY - PORTS (Custom Defined)


I have internet access with this setup, can't be sure if thats what you have since I can't see the whole thing in the picture, but maybe you can correct me if I am wrong. Also, can you share all your TCP out ports, I can't see them all or better yet, how did you come upon those? By the way, thanks for keeping up with me, I appreciate all your help and when you feel that you have helped enough, just let me know.

dja2k

 

Netbios in Comodo?

What direction does netbios use, inbound or outbound and also is it tcp or udp for ports 137-139? I need to block this in the network rules because it seems system is listening on this ports by default.

dja2k