How do you set up your Comodo FW/D+ ?

Discussion in 'other firewalls' started by luciddream, Aug 4, 2012.

Thread Status:
Not open for further replies.
  1. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    How I personally have my Comodo FW/D+ set up:

    Firewall
    Stealth Ports Wizard - Block/Stealth all

    Custom Policy Mode
    > checked:
    - Automatically detect new private networks
    - Show Trustconnect alerts for unsecured wireless networks
    - Show Trustconnect alerts for public networks

    Alert Settings - Very High
    Enable alerts for - TCP, UDP, ICMP, Loopback - all checked.
    This computer is an ICS Server - unchecked.

    Advanced - Everything checked except the last/bottom one (protocols other than TCP/IP)

    Global Rules:
    Block IP In, Any, Any, Any
    Block ICMP In/Out, Any, Any, Any
    Block TCP/UDP In, Any, Any, Any, Any
    Block TCP/UDP Out - certain ports i.e. 137-139, NetBios & other potentially vulnerable ones

    I remove all the default "allow" rule(s)

    Defense+

    Safe Mode
    Trusted Vendor List deleted (vendor.n file)
    - Create rules for safe applications - checked
    Everything else - unchecked

    Execution Control - Enabled, the following checked...
    - Treat Unrecognized files as Untrusted
    - Do heuristic command line analysis...
    - Detect shellcode injections...

    The 2 Cloud options = unchecked

    Sandbox - Disabled, all boxes unchecked (Happy Sandboxie user)

    Monitoring Settings - All checked

    Under "Computer Security Policy", Defense + Rules tab, I customize settings for all apps, allowing only what's necessary and especially only granting keyboard access when needed (prevent against keyloggers). And also enable the "Protection Settings" for certain (key/internet facing) things, namely Firefox.

    I also apply cruelsister's "?:\*" tweak which can be found in Chiron's (excellent) thread on configuring Comodo in this forum.

    Password Protection Enabled

    ... how bout you? It doesn't have to be as detailed as mine. Any suggestions/things you'd like to add?
     
    Last edited: Aug 6, 2012
  2. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    deleted the TVL in comodo..?
    does that not get re instated with an update..?
     
  3. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    on another note i set up comodo more or less like the tutorial by chiron which can be found in the comodo forum and on gizmos freeware list.
    thanks.
     
  4. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Nope. It only did 1 time, during a major (version) upgrade. But for minor updates no, it doesn't come back.
     
  5. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I wanted to clarify here and list what I feel are some problem ports:

    123, 135, 137-139, 445, 901, 1025-1029, 1080, 1243, 1433-1434, 1900, 2869, 3150, 3389, 4444, 4899, 5000, 6129, 6776, 12345, 49152-65535.

    Example of a rule:

    Block TCP or UDP Out From MAC Any To MAC Any Where Source Port Is Any And Destination Port Is In [137-139]

    Many of them are ports used by known vulnerable processes/services, crap like NetBios over TCP/IP, ports commonly used by file sharing services, etc... basically ports that no good can come of connecting to on another machine. Except for that last range there... not really necessary, but I just do.

    And keep in mind this won't stop any programs you have from using those ports if need be to connect out, since your app rules will over-ride them. Harness good, block bad. Feel the flow... circular.
     
Loading...
Thread Status:
Not open for further replies.