Comodo PF Settings, help needed!

Hello!

I start to use Comodo Personal Firewall today and I need a help to make tightest rules ass possible. I use Stem recommendations when I install it but that doesnät help me to make rules or choose enabled/disabled settings.

ATM I have just click Allow Once and I don't like to do that allways. I don't like those popups so much.


-MikeNAS

 

http://forums.comodo.com/index.php/topic,2405.0.html
Here is a good read. Hope this helps.

 

Thanks. Just found that myself too =)


-MikeNAS

 

If you want "tight" rules in CF, you should go to security/advanced/misc and uncheck "do not show alerts for apps certified by Comodo", and raise the "alert frequency level" slider to the top (very high). Now, when you click allow and remember, it will set the IP and port for that allow, and not just any/any.
So now you can use the remember option...
You will get a lot of rules in App monitor, but after a while you can look at them and put some of them together, if they have the same parent and port.
If you have used CF for a while, you can delete some "loose" rules in application monitor, and start to make them tighter.
You can of course reinstall, and start alla over, and if you do so, I recommend using the latest beta. It has multilingual support and buffer overflow protection.
If you want a lot of popups you should not scan for known applications either.
I hope this helps.

 

Is Skip Loop Back 127.0.0.1 UDP/ or TCP supposed to be checked?

By default when I installed the UDP one is checked. Does this affect the Host file?

Thanks,

 

Hi Rilla927,

This is up to yourself, and how tight a ruleset you want to have.

I think the UDP loopback is skipped due to IE (which always used UDP loopback, but I think that IE7 no longer uses this. I can re-check, but dont have IE7 installed at the moment). If you have "skip" loopback checked(ticked), then you will not be informed of these comms at the localhost, if you have this option unchecked, then you will be informed of these comms, which can lead to more popups, and the need for more rules to be created. Whichever option you set, this will not directly affect the hosts file.

In some setups, allowing all loopback by default can be a security risk, as there is no monitoring of the comms at the localhost. This can be a real problem when using a localhost proxy, such as "Proxo", as there is then a need to control all access to the localhost, or any program can gain access to the internet via the proxy.

 

Hi Stem,

How are you

I'm using IE 6 right now. I d/l version 7 about a month a go and it caused problems. I didn't know at that time it was in beta yet, so I uninstalled it until they officially release it.

That would be cool if you could check to see if IE7 will be using it. If they will continue to use it then I will have to set up some kind of rule, cuz I don't like the idea of not knowning whats going on behind the scenes.

Stem what is your honest opinion about Comodo?

I d/l Process Monitor and I scene a lot of Buffer Overflows. Is this common place?

Thanks,

 

Hi Rilla927,

There have been a number of problem with IE7 beta, but I think most have now been sorted with the full release. (I dont use IE much, )

I have just restored from image to XP with IE7, having re-checked I find that IE7 does still require UDP loopback, so if you where to intercept UDP loopback, then you would need to create a rule to allow the UDP loopback for IE.

When it was first released, I did quite like the look of it, although I thought the fact that there was a need to set 2 rulesets, one for applications one for network would cause some problems for users. But this as now come to a point where most do now know how to set this up without too many problems. But, as the firewall as progressed to include more and more "leak test prevention" and dug deeper into the O.S. it as caused a number of problems on some of my setups with incompatibilities with some of my monitoring software and other security applications. I can see that Comodo is aiming at a full "suite", to protect the system as well as internet access, and good luck to them, but its not for me. Now dont misunderstand me, really from my point of view, I personally do not like the thought of one application looking after my PC safety, I do keep to a minimal, by this I mean I will use a (router/gateway), software firewall, an HIPS and an AV, and backup images, but that is about it (yes on occasion I do run programs such as Icesword etc, but this is more out of interest, and after I intentionally install some (possibly) dodgy software (just to see what as been installed, I do then revert to a full clean image)).

From Comodo? I am not sure of any problems the latest releases are causing, I have not installed Comodo for quite a while. I do know that Comodo does inject/change memory of running processes to control the system (as do some other security applications), this can done correctly or not, if not then lots of problems (some not so obvious) can/will happen.

Basically, from my standpoint on this. If you are to use Comodo, then be very careful as to what other security applications you install. You would of seen posts concerning Comodo+ProcessGaurd. Now post made at the Comodo forums where to discard PG, as Comodo would eventually cover this protection, for me this is a bad attitude, PG as been around a long time, and although some now think PG is limited in its protection, it still does what it says it does, and I would of thought that any security application would make some attempt at compatibilty with such a well founded security application, but hey, thats just my personal opinion.

 

A lot of the newer software coming out is shifting towards the "suite" structure and will have capabilities that overlap with other applications. Firewalls and antivirus programs with antispwyare capabilites, etc. When you have multiple applications that overlap certain functions, some kind of glitches usually eventually show up. I personally don't like too many fingers in the one pie. When you try to debug something and have too many things running at the same time, finding the solution often becomes more difficult. So I try to use the least amount of software that will provide enough protection.

Back over 20 years ago, there were multiple OS systems on hardware that were not compatible with each other. You know the eventual winner of that war. Software developers will have the same goal of "cornering the market". So if their programs are not compatible with other competing programs (in terms of function), that is not a major concern. They only need to try to get as much product name familiarity and distribution as they can. That is how it is with most other companies in other industries IMHO.

 

Okay I will find out about this rule.

You are right, cuz this is where I got jammed up in the begining.

That's a bummer.

I hope not. Or if they do keep the stand a lone FW available to people as well. I have never found a suite where I liked everything in it. I don't want to put all my eggs in one basket...so to speak. But that's just me.

Well understood, I agree.

In the begining when I first found Wilders I went crazy buying all this security software. It took me some time to understand I just needed the right combination of a few programs with a good imaging program. The best thing I ever did was buy a Buffalo Router also.

Honestly, I didn't know anything about it. There should be no reason why PG couldn't be run next to Comodo. PG is a good program. That's not professional by any means. I have PG & RegDefend but at the time I purchased (April 2004) them I had a hard time understanding them. When that happens I will put it down and go back to it when I feel it's time. I still use Worm Guard everytime I install Windows at any time.