Discussion in 'other firewalls' started by Adric, Nov 20, 2007.
HIPS can be disabled during installation. I hate it too and i'm using only firewall.
I'm using Kerio 2.1.5 and SSM, the system impact feels like 0%, I really wonder what 'advantage' this Comodo stuff has ? I feel perfectly secure, my system is super-responsive, I don't know what I'm missing. Oh well, perhaps some people actually enjoy trying to "fix" the problems something like the always super-bugged Comodo stuff.
Besides, why are marketeers so eagerly luring everyone to their POS firewall ? What revenue to these guys make ?
Why are these firewall-testing sites so blinded by the sole example of leaktesting ? What about system impact, stability, and clumsy configuration of those ""Perfect"" tools ?!?
Seems like the ages of computer use are nearly over, today we fill most of our computer-time with clicking popups and buggers of our beloved Comodo firewall. Oh well, perhaps some now feel perfectly secure with their buggy thing.
Hmm. Many problems reported.
For my part, I installed it two days ago, had a problem with the updater, that was resolved after reading a comodo forum post about it-ironically by manually applying the update to ver 268 that wouldn't download automatically- and haven't had a problem since.
The help menu is comprehensive, and written in a way that is suitable for me- somewhat inexperienced in FW setup and a beginner/intermediate user - straightforward to understand.
It is in "training" mode, the only irritations I'm not sure how to deal with involve other applications creating temporary files during their own updates. I've found that looking at the "files waiting your review" list has reached a maximum of about 45. Selecting "purge" (with the checkboxes all unticked) will remove those that are no longer valid. The few that have remained I have been able to make a decision on without (much) confusion. Where uncertainty has occurred, I've simply left them for now, to find them not present after the next reboot, or investigated themn and moved them.
Using XP Home, S2, with Avast home AV (no problem at all) and SpywareTerminator, HIPS disabled. (Getting to many similar alerts form both programs.
I'll use this configuration for a time, read a bit more, test a bit more, then decide which of the HIPS to use. But as of now, Comodo's looking pretty good.
I installed with the firewall option, no D+ and set it for average user. No problems until I was using my Outlook 2003 reading and sending e-mails. When as I tried to send an e-mail I got a pop up saying Outlook wants to access the internet, so I clicked OK. The e-mail continued to try to send and I got another pop up, and similtaniously an Outlook error can't access STMP or something similar. Then the same thing kept happening over and over. To make a long story short, it's definetely caused by v3. Now I have v3 set to learning in safe mode, D+ disabled, and I clicked average user, so it's supposed to make default rules as far as I know. I have a feeling the Outlook rule has to be changed or something, but I haven't got a clue about that stuff. If someone can understand my problem, can they give me instructions to fix the Outlook send problem for me? Thanks
There are ways to configure email client (and other) rules, but possibly the easiest way- if somewhat messy- is to send a message again, say, a test message to yourself, and when the alert pops up make sure the "remember this decision" is ticked; bottom left of the alert window, and allow it. You may have to answer two alerts.
Similar thing happened to me, I think the email client "gets impatient" waiting for access, so says it can't send the message. Hasn't happened since.
Hopefully a guru will post instructions on how to safely create rules for this sort of event.
Thanks for responding. Every popup has already been checked to remember when it comes up. After trying to make it work several times I checked and each attempt was listed in the window where it's logged (forgive me I can't remember the name of the window at the moment.
This sort of thing tends to make us regular users feel a bit dumb.
Another thing you could try is to answer the alert using the menu within "treat this as" (options). One of the options is trusted application. I think it would be wiser to set rules for this program, though, using the protocols appropriate to it. I'm (sort of) happy to do that myself, but not knowledgeable enough to confidently advise someone else.
Have you asked this question at the Comodo forum? They're pretty helpful.
I haven't went to the Comodo forum yet, they're kind of snowed right now. I'll try the treat this as first. I'll post my results later. Thanks
i have not experienced a signle problem yet
How long should I have it on training mode I have all my applications good to go through it.
It's bad luck to say that.
Ok I'm not a techie, so someone please just answer me this question. Do the pending files in Comodo work or not while they are pending? And if they do work, then what exactly is "pending" before I approve them?
Anyone on their way to the Comodo forum please remember to ask them to do a maintenance release on 2.4. Don't forget to turn out the lights either.
Snapshot is from the excellent help file. To get straight to it, click on "what do these settings do" when you have the pending files window open.
Basically, in training mode, the files won't be blocked by defense+. Unless you move them to the block list. Suggest first, with no boxes checked, select "purge", to eliminate those that are no longer valid. Then look at those remaining. If in doubt, select "lookup". If no doubt, move them to the appropriate list.
Suggest also maybe not using Defense+ without having a wee look at the help files. I'm not a techie, either, I shouldn't even be qualified to answer this.
The help files are excellent (nudge nudge wink wink.)
Well, I tried it & it works okay. Comodo Firewall version is really excellent in my opinion.
Where do I find all installed applications allowed/denied internet access? I can see I can add a new trusted application and add a new blocked application but where do I find those already allowed/blocked within Comodo to review?
Comodo auto updated this morning, running with NOD32 v3.0 and the Defender + option and everything seems to be running fine.
Edit: CFP failed the leaktest, but I have to wonder if it's not NOD's fault?
Yup, that's how it works.
Comodo with defense+ disabled is the same that Kerio 2.15. A safer way is keep comodo in training mode but add internet programs to My Pending Files.
Just upgraded to Comodo Firewall 3. Does Defense + essentially replace BoClean or do I still need both running? They sound similar to me.
Do you mean ' firewall > advanced > network security policy > application rules'
BOClean detects, kills and cleans certain malware that it reads from its data base, "black list". Thus it works like a classic anti-virus yet targets not viruses per se but other kinds of malicious programs, like trojans, root-kits, and the like, stuff that a good AV will also target but which doesn't always. Thus, it is an adjunct to your AV. It's primary limitation is that it is based on a list that you must download regularly (done automatically, if you want); I don't think it has much of a behavior analysis heuristic function, but maybe it does.
The Comodo Defense + is a HIPs application (working together with the classic firewall features of CFP). HIPS will check executibles -- ALL .exe, .coms, and such files -- against a whitel list that you yourself help to build. If there is no rule to allow the executible to run, it will ask you to give your permission (to set a rule).
So the while the anti-malware BOClean and the HIPS function of Comodo 3.x may fulfill the same result -- stopping malicious programs from running -- they do it in different ways.
At least this is my rudimentary understanding. Others more expert can add something to this, I'm sure.
Hope it helps.
So now the question is do they both essentially work on the same programs? Would it be overkill to have both Defense+ and Boclean running at the same time?
Update: I tried the "treat this as" and chose trusted in the drop down menu with no success. According to the COMODO thread "outlook express" this seems to be affecting Outlook Express and Outlook as well. I have no problem in v2.4 and no outgoing mail in v3 so I think its a screwed up setting in v3 right? Luckily I have FDISR and have v3 on the primary snapshot and v2.4 on the secondary snapshot so I can go back and forth between versions. So far I have only seen opinions in the Comodo forum and no instructions of how to fix this.
Using Outlook with no problems, maybe affected by other software