Comodo - split from thread: PC Tools Firewall

Discussion in 'other firewalls' started by aigle, Jun 10, 2008.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So i should allow this request without any worries.
     

    Attached Files:

  2. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Re: PC Tools Firewall

    If you answer Aigel's question with a "yes" should it also be set to "remember"? What does PC Tools fw do in this case?
     
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Re: PC Tools Firewall

    Comodo prompt shows a broadcast for NetBIOS nameserver. It is used to automatically discover hosts on a LAN. If you have a home LAN, you should allow it. If not, you may safely block this witn no side-effects. Better yet, instead of blockin rule, disable the service.
     
  4. kencat

    kencat Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    47
    Location:
    Ontario, Canada
    Re: PC Tools Firewall

    It depends on what Comodo does if you allow and remember it. If it creates a rule specific to the IP address stated, UDP, outgoing, and port 137..... OK.

    If it creates a general rule to allow "system" any and all comunications then I don't think it's ok, because you'll never be warned again if "system" wants to phone home via Rustock or the next malware wonder.

    I don't know anything about Comodo, but can you go to an advanced rules section? If so, a general rule could be modified (after accepting the alert prompts to create the general rule) to restrict access to only what is stated in the alert, to ensure anything different creates another prompt for analysis later.

    It's interesting that Comodo is treating "system" as an application in the alert, so I am assuming there would be an application rule for "system" somewhere in that advanced rules section (if any). That would be cool. I wouldn't mind seeing a screen shot of that.

    I've not seen my Kerio 2.15 alert me for "system" yet though, so there is no rule for "system" :doubt: Need to see if it's slipping through in another rule. AH! Probably because the LAN IP range is trusted in the Kerio Microsoft Networking tab. An external IP address should be flagged with an alert.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: PC Tools Firewall

    Here it is.
     

    Attached Files:

  6. kencat

    kencat Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    47
    Location:
    Ontario, Canada
    Re: PC Tools Firewall

    @Aigle,

    That's really neat how Comodo treats System as an application. Nice.

    The first rule "Allow IP in/out from IP any to IP any where protocol is any" if changed to ASK, could possibly bombard you with a gazillion popups because it'll catch "system" sneezing.

    Not knowing if you are sharing computers on a LAN or not, it's hard to know what will happen or how global rules take over or how they are setup.

    Typically you'll want to set up Allow and Block rules for the specific legitimate activities that "system" is trying to do. The ask rule for detecting illicit outbound attempts should be the very last one. It looks like a good last rule (from your screen shot) based on the "block and log all unmatching requests" would be "ask and log all unmatching requests"

    HOWEVER;why not try doing what you propose though and see what happens. There should also be a way from the popups to create a very specific rules based on the info in the popup.

    Hopefully another Comodo user will chime in here who can post some screenies of what should be in those rules for you.

    I may try Comodo as it looks better than PC Tools FW from that "system" standpoint. I've been playing with PCTFW to try to force it to give a "system" prompt but it won't. I'm finding some other strange behavior as well that I would like to post about later.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: PC Tools Firewall

    I blocked the pop up. Rules are like this now. No more pop ups for system.
     

    Attached Files:

  8. kencat

    kencat Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    47
    Location:
    Ontario, Canada
    Re: PC Tools Firewall

    Lol. No more popups for sure. Does the computer still work? Just kidding (I hope).

    The log will be interesting for you to look at and should show what activities are being blocked. If something is not working that was, you should be able to make allow rules (placed above that block rule) based on the log, to bring back any lost functions.

    I think you could delete the 3 rules below the first one, because the first one will prevent anything from getting to the lower rules anyway. Now, that's how it works in Kerio.......you Comodo guys correct this if I'm wrong.

    Whether these firewalls really help in the battle against malware or not, it sure makes you learn more about the computer eh?

    Appreciate the insight into CPF :thumb:
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: PC Tools Firewall

    PC was working without any problems but I am interested to see if thre are any alerts for system and I modified the rules to be a bit specific, rather than general. No more pop ups for system still.

    I think I can delete the last rule? Am I true?

    06-12_0017.jpg
    06-12_0018.jpg
     
    Last edited: Jun 11, 2008
  10. kencat

    kencat Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    47
    Location:
    Ontario, Canada
    Re: PC Tools Firewall

    I'ld agree on that. the 3rd rule is covering both directions, while the 4th is doing the same for only outbound.

    You could also be more specific on the 1st rule to specify the netbios port range of 137-139 for both local and remote, so that if events happen with IPs in the rule, but on different ports, it'll be alerted so you can check it out.
     
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: Commodo - split from thread: PC Tools Firewall

    This thread was split from the original "PC Tools Firewall" as all the Commodo posts were off-topic to that PC Tools thread. PC Tools Firewall is the topic in this thread.
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: Commodo - split from thread: PC Tools Firewall

    Thanks Bubba! :thumb:
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: PC Tools Firewall

    I will do. Thanks for the tip. :)
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: Commodo - split from thread: PC Tools Firewall

    I just had a look in OA free and found some default rules for system. Should I add them in CFP?
     

    Attached Files:

  15. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Re: Commodo - split from thread: PC Tools Firewall

    Look at Seer's post above :)
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: Commodo - split from thread: PC Tools Firewall

    Thanks, I have no home LAN but I use a DSL linksys modem with router built in and two other PCs( of friends) are connected to the same modem.

    What are the disadvantages of disabling netbios service? I don,t like to invite troubles.
     
  17. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: Commodo - split from thread: PC Tools Firewall

    Thanks, I will see that.
     
  19. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Re: Commodo - split from thread: PC Tools Firewall

    Hello,

    Looking up at the OA screenshot, looks pretty neat. They did cover most of what a typical home user would need: dns, dhcps, ntp, ssdp, netbios, although personally I would not use ntp and ssdp.

    aigle, depending on what your home setup is, if your home machines are all trusted, there's no reason to simply not allow traffic between them, and that's it.

    Mrk
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: Commodo - split from thread: PC Tools Firewall

    Thanks for the help.
     
Loading...
Thread Status:
Not open for further replies.