Installing New Vesion

[Guest]

[polygon]

First time I have posted on here so please excuse me if the question seems dumb!
I have downloaded the latest COMODO Firewall, do I need to uninstall the previous version before installing this?

[kail]

Hi polygon, welcome to the forums.

Yes, but the installer would automatically uninstall the previous installation anyway. It may be possible to upgrade CIS internally with the version you currently have and thus, save all your settings & rules. Unfortunately, the upgrade service is currently suspended and cannot be used. Which version of CIS do currently have?

[polygon]

Thank you for your reply Kail.
How do I check which version I have please? The one I have downloaded has the release date July 7th 2009 (which I see from an earlier posting is a typo and should be July 3rd 2009)
I cannot see how to check the version of the one which I already have. (Isn't ignorance wonderful!) But last night a message came up saying COMODO has an update and I clicked on it to install (This being after I had downloaded but not installed the newest version) This took a while to download and required a restart, so I am now wondering if it has installed the latest version anyway?
Thanks again, Regards, Polygon.

[Quill]

Open CIS from the system tray and select Miscellaneous/About. This will show version number and AV database information.

[polygon]

Thanks Toggie.
That brings up "3.10.102194.530
Is that the latest release?

[Dennis2]

Yes that is the latest version.
Dennis

[polygon]

Thank you Dennis.

[baptistul]

Hi all. i'd readed your posts and decided to uninstall CIS 3.9... and to install newest version,3.10....530,and I saw some new things,e.g. DNS .what it does mean ? another good thing it's that Intrusion attempts are solved !but still i don't know what Comodo's staff improved in this version.can someone explain? i also remarked that if it's configured according for maxi securities,immediately Intrusion Attempts apears in huge number!so i set it only in safe mode,both Firewall & Defence+. opinions? ideas? thanks

[EricJH]

About Secure DNS: https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/comodo_secure_dns_enabling_disabling-t41987.0.html .

Release Notes: https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/comodo_internet_security_310102194530_released-t41954.0.html .

What do you mean with improved intrusion attempts? Can you be more precise how you configured for maximum security? Show us a screenshot of your Global Rules for that matter. You see lots of intrusions. Can you show a screenshot of the firewall logs?

[baptistul]

Hi EricJH.by "improved intrusion attempts" i mean CIS in installation mode come with made rules,wich appears to stop Intrusion attempts,but if I configure CIS for maxi securities (according to FaZio93),that made rules("Block...") are gone and replaced by another rules("Allow...) and the number of Intrusion Attempts grow up in huge number,i.e. the old problem.I post firewall logs wich seems to be tons of Intrusion attempts,but firewall logs shows Intrusion attempts since I installed CIS 3.10.thanks for your attention

[HeffeD]

Hi EricJH.by "improved intrusion attempts" i mean CIS in installation mode come with made rules,wich appears to stop Intrusion attempts

CIS in installation mode doesn't stop intrusion attempts. It allows spawned child processes to run without asking the user for permission.

Often an installer will access many different registry keys or even run another executable. Without installation mode, the user will be given a popup for each and every one of these processes during a normal installation. A lot of people tend to get tired of clicking through a dozen or so popups when they are installing something.

By initiating installation mode, the install is allowed to do what it needs to do quietly. Meaning, no popups during the install.

[EricJH]

Here is some more information on the traffic on port 845:  

Microsoft-DS (Microsoft Directory Services) is a port used for file sharing. It was introduced with Windows 2000 and gives you the possibility to use SMB protocol (stands for Server Message Block, but is also known as Samba) directly over TCP-IP on port 445.

.

I think you are on a cable connection without a router and that you are seeing other user's computers communicating. Notice that all the source IP's are in a similar range.

Fist I would advice to tighten up your firewall by making yourself Stealth. Go to Fireall --> Common Tasks --> Stealth Ports Wizard --> choose Block all incoming connections, stealth my ports to everyone else --> Finish.

Now see whether you still these alerts. If they still occur we are gonna change the Global Rules to ignore this traffic.

[Quill]

What you're seeing is NetBIOS (137, 138 and 139) and SMB (445) traffic. If you're on a single computer you can add an Application rule for System, to block and not log these events. If you are on a LAN you will need a rule that allows these events and below that a block for all traffic other than LAN.

The easiest way to do this is to create a new port set (firewall/common tasks/my port sets) give the port set a name. Once the port set is created add the ports listed above.

Fine the Application rule for system and near the bottom add:

Block (don't log)
TCP or UDP
In/Out
Source Address = ANY
Destination Address = ANY
Source Ports = ANY
Destination Ports = The port set you created above

[Tags:]