Comodo Screenshots - Your setup?

Discussion in 'other firewalls' started by luciddream, Feb 23, 2013.

Thread Status:
Not open for further replies.
  1. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I was posting screenshots in another thread, and figured, while I'm at it... I wanted to see how other people set their Comodo FW/D+ up, at a glance. Feel free to include AV settings too if you use it. I'm actually curious to see how they look, in v5 especially. Never used it. And I realize the v6 ones will look a tad different.

    And no, this thread isn't about "look at me, look at me". I'm curious to see how others roll, and also, maybe we can network and get some ideas here like we did in the Web Browser thread. So allow me to go first:
     

    Attached Files:

    • CF1.jpg
      CF1.jpg
      File size:
      76.9 KB
      Views:
      778
    • CF2.jpg
      CF2.jpg
      File size:
      53 KB
      Views:
      775
    • CF3.jpg
      CF3.jpg
      File size:
      71.7 KB
      Views:
      770
    • D+1.jpg
      D+1.jpg
      File size:
      70.8 KB
      Views:
      777
    • D+2.jpg
      D+2.jpg
      File size:
      57.3 KB
      Views:
      772
  2. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    and last but not least (the last pic)... something I aim for, that is a tell-tale portrayal of attack surface (or lack there of). Nothing leaving ports hanging open on my box and/or listening in while it's in idle...
     

    Attached Files:

    • D+3.jpg
      D+3.jpg
      File size:
      59.5 KB
      Views:
      762
    • D+4.jpg
      D+4.jpg
      File size:
      68.2 KB
      Views:
      762
    • Pr1.jpg
      Pr1.jpg
      File size:
      23.6 KB
      Views:
      762
  3. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Heres a couple of screenshots of my set up.Not too certain if these are good or not.:D :D :D
     

    Attached Files:

    • 2.PNG
      2.PNG
      File size:
      58 KB
      Views:
      750
    • 3.PNG
      3.PNG
      File size:
      52.4 KB
      Views:
      754
    • Capture.PNG
      Capture.PNG
      File size:
      58.8 KB
      Views:
      749
  4. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    Heres my sandbox exception rules - Direct access to unvirtualized download folder, Utorrent downloads, bookmarks and extensions.

    The VPN rule forces CFW to drop any non-VPN connections

    I have IE, WMP, Foxit PDF and .RARextractfrog set to always open fully virtualized

    Just a few FW rules
     

    Attached Files:

  5. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    Sorry, but the screenshot suggested to me a question: where is in CIS 6 " execution control " ? it's enabled/installed by default ?,
     
  6. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    FW settings - custom with high alerts means I get notified of any connection attempt whilst CIS creates rules for safe apps reducing popups

    HIPS settings - with the HIPS I use safe mode with create rules for safe apps for reduced popups while still alerting to all unknown apps

    FW rulesets for standard, blocked and VPN-only connections
     

    Attached Files:

  7. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    To my knowledge it is although this happens behind the scenes now using the BB in default mode
    It's more apparent when the HIPS is enabled.
     
  8. doolhof

    doolhof Registered Member

    Joined:
    Dec 4, 2010
    Posts:
    13
    Location:
    NL
    Comodo 5.10 FW+D
     

    Attached Files:

    Last edited: Feb 23, 2013
  9. doolhof

    doolhof Registered Member

    Joined:
    Dec 4, 2010
    Posts:
    13
    Location:
    NL
    double
     
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    If it suits your wants/needs as an end user... they are good. It's not a one size fits all thing.

    I appreciate the participation. I only briefly got to see v6 on a friends box, and didn't really play around with it much. I didn't like the new interface at all so didn't really give it much of a chance. I was happy to get home, and back to my 5.10 : )
     
  11. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Meh... you gotta go hardcore like me with Paranoid ; ) Really though, I never get popups anymore. But I went through about 2-3 weeks of pure hell to achieve this state, to get everything how I wanted it. I was seeing popups in my friggin dreams (no exaggeration).
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Some firewall rules I used years ago, displayed in an Excel spreadsheet, when Comodo was in its infancy at version 2.x...
     

    Attached Files:

  13. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    That's true dedication to the cause and a lot of popups :eek:
    I would like to get the time to do this, it would be a great learning curve and a lot of online look-ups as I would want to understand everyrule :p
     
  14. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Yep... it costs you time/effort in the short term for long term gain of the same, plus security. It's just hardening now... no user interaction required.

    The only popups I ever get now are svchost internet access requests once a month when I update Windows. I keep it blocked the rest of the month then remove that rule before updating... then reenable it after.

    And also I'd rather learn myself by seeing what actions are necessary than looking it up online. I'll block an action and see if it was still able to carry out it's mission regardless. If so, that block rule becomes remembered. If not, I try it again and remember to allow the action. I do this for every process & app on my computer... lol, until they're all fine tuned. It is indeed irritating for about a month. Now all is peaceful and secure.

    As for rules... I block all IP In, ICMP In & Out, TCP/UDP In... then have certain (Dest.) Ports I block TCP Out access to. Like common "no good can come of it" ones such a NetBios (137-139), 135 & 445 both Source & Dest., 1024-1029 (that's why many of my rules start at 1030), 1433-1434, 6776, 12345... the combination an idiot would put on his luggage port. And 49152-65535. And several more too I'm not listing them all.

    Of course any app rules would override this. So it's like harness good/block bad.

    I also block Explorer, plugin-container, WgaTray, svchost, IE, both Comodo services... I find it funny to use Comodo to block Comodo. Ping & Ping6. And use tight, custom rules for anything I do allow. No loose "Allow All Outbound" rules on my box. Nooo... too OCD for that.
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Blocking all outgoing icmp will prevent you from utilizing ping or tracert command line utilities.

    You could block outgoing types: 0, 3 & 11 (echo reply, destination unreachable & time exceeded respectively), but at least allow type 8, (echo request).
     
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    @doolhof,

    I might be missing something because I can't speak or understand German, but you could probably reduce all those Block rules to one, simple universal Block rule, that governs in/out, all ports and all protocols.
     
  17. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Yeah I know... don't need/use it. I used to allow certain types of ICMP... like if I recall time exceeded, fragmentation needed, & dest. unreachable. But it just wasn't doing me any good. No networking problems as a result of just blocking it all.
     
Loading...
Thread Status:
Not open for further replies.