How do you set up your Comodo FW/D+ ?

How I personally have my Comodo FW/D+ set up:

Firewall
Stealth Ports Wizard - Block/Stealth all

Custom Policy Mode
> checked:
- Automatically detect new private networks
- Show Trustconnect alerts for unsecured wireless networks
- Show Trustconnect alerts for public networks

Alert Settings - Very High
Enable alerts for - TCP, UDP, ICMP, Loopback - all checked.
This computer is an ICS Server - unchecked.

Advanced - Everything checked except the last/bottom one (protocols other than TCP/IP)

Global Rules:
Block IP In, Any, Any, Any
Block ICMP In/Out, Any, Any, Any
Block TCP/UDP In, Any, Any, Any, Any
Block TCP/UDP Out - certain ports i.e. 137-139, NetBios & other potentially vulnerable ones

I remove all the default "allow" rule(s)

Defense+

Safe Mode
Trusted Vendor List deleted (vendor.n file)
- Create rules for safe applications - checked
Everything else - unchecked

Execution Control - Enabled, the following checked...
- Treat Unrecognized files as Untrusted
- Do heuristic command line analysis...
- Detect shellcode injections...

The 2 Cloud options = unchecked

Sandbox - Disabled, all boxes unchecked (Happy Sandboxie user)

Monitoring Settings - All checked

Under "Computer Security Policy", Defense + Rules tab, I customize settings for all apps, allowing only what's necessary and especially only granting keyboard access when needed (prevent against keyloggers). And also enable the "Protection Settings" for certain (key/internet facing) things, namely Firefox.

I also apply cruelsister's "?:\*" tweak which can be found in Chiron's (excellent) thread on configuring Comodo in this forum.

Password Protection Enabled

... how bout you? It doesn't have to be as detailed as mine. Any suggestions/things you'd like to add?

 

deleted the TVL in comodo..?
does that not get re instated with an update..?

 

on another note i set up comodo more or less like the tutorial by chiron which can be found in the comodo forum and on gizmos freeware list.
thanks.

 

Nope. It only did 1 time, during a major (version) upgrade. But for minor updates no, it doesn't come back.

 

I wanted to clarify here and list what I feel are some problem ports:

123, 135, 137-139, 445, 901, 1025-1029, 1080, 1243, 1433-1434, 1900, 2869, 3150, 3389, 4444, 4899, 5000, 6129, 6776, 12345, 49152-65535.

Example of a rule:

Block TCP or UDP Out From MAC Any To MAC Any Where Source Port Is Any And Destination Port Is In [137-139]

Many of them are ports used by known vulnerable processes/services, crap like NetBios over TCP/IP, ports commonly used by file sharing services, etc... basically ports that no good can come of connecting to on another machine. Except for that last range there... not really necessary, but I just do.

And keep in mind this won't stop any programs you have from using those ports if need be to connect out, since your app rules will over-ride them. Harness good, block bad. Feel the flow... circular.