How To Install & Configure CIS for Max Protection & Min Alerts [v6]

[Guest]

[Chiron]

If you would like to know how to safely install Comodo Firewall (or CIS), then please read my article:
How to Install Comodo Firewall

If anyone has any comments they can leave them either on that site or below. Either way I'll respond to any comments and consider your suggestions for future changes.

Thanks.

[JJasper]

Hi Chiron

I have put my CIS 4.1 Complete in this configuration.  I like it except when doing the leaktest ( CLT ) I still get physical memory as vulnerable.  I have D+ in Safe Mode and Firewall security in Custom Policy Mode.  Any thoughts on how to get this leakest 100%.  Would putting the firewall in Safe Mode as well make the difference?

I previously had CIS config. set to "Firewall Security" and it passed all the leaktests, but I have always preferred ProActive, so if there is a way to set it I will be happy. 

John

[Chiron]

Can anyone comment on what the difference is in 'Firewall Security' that could lead to different results for the test?

I am still vulnerable to 'Impersonation: DDE' according to CLT. This is with the configuration given above.

Edit: It appears that switching to 'Firewall Security' configuration automatically disables the sandbox. This explains why CIS would pass the leaktest in the 'Firewall Security' configuration.

[JamesFrance]

I am trying this too on Vista.   I get an immediate D+ alert when opening CLT requesting unlimited access and if I choose Sandbox I then score 340.   If I allow access most fail after denying the few further alerts.

[JJasper]

I guess I should have mentioned that I am on XP 32 bit SP 3.  Strange - this morning I got 340.  I must have needed the extra reboot to get the 100%.

Good....... I think I will keep this config.

John

[intrepid44]

I just set mine to  these settings we will see how it works out.

[Chiron]

Also, does anyone know if there is any loss in security if I also disable UAC and Windows Firewall?

It just seems to me that both of these are redundant.

[pabrate]

Great configuration 
Only thing I've added is in firewall, 'Create rules for safe applications' is checked and Alert settings are at high.
However, I still have 320/340 (DDE and Coat fails).
Altough, maybe I should reboot and try then, will let you know if that really helped to score 340 

[JamesFrance]

I have been using Symconsent on Vista instead of UAC, but I can't find it now on Symantec,so maybe it has been withdrawn?   It still alerts for updated programs but remembers your regular actions so reduces the alerts.   It would be good if we could safely disable UAC and I think that we could do that now, unless it would be possible for a rogue problem to be added to Comodo white list by mistake.

[Chiron]

I am trying this too on Vista.   I get an immediate D+ alert when opening CLT requesting unlimited access and if I choose Sandbox I then score 340.   If I allow access most fail after denying the few further alerts.

This is the way it's supposed to work. If you choose allow you are saying that you trust this application and are providing it complete access to your computer. Therefore, your leaktest score should be pretty bad.

Only thing I've added is in firewall, 'Create rules for safe applications' is checked and Alert settings are at high.

I thought that including "Create rules for safe applications" automatically made the rules, which you could manually edit later. Other than this aren't all applications in Comodo's safelist automatically allowed complete access to your computer? The computer should be no more or less secure with this option checked. Right? (Please correct me if I'm wrong)

Also, with setting the alert settings to high, does this mean you will be alerted to more applications or you will get more alerts for each program? What I'd like to do is minimize the number of alerts you get, but maximize the security. If each program only gets one alert than this should be sufficient. (Once again, correct me if I'm wrong)

[pabrate]

I thought that including "Create rules for safe applications" automatically made the rules, which you could manually edit later. Other than this aren't all applications in Comodo's safelist automatically allowed complete access to your computer? The computer should be no more or less secure with this option checked. Right? (Please correct me if I'm wrong)

You are right.
I checked that option so I can see the rules that are created and modify something if I think there is a need for that.
For example if that option is not checked, internet browser is set to allow everything outbound.
In this case I just modify it to use predefined policy for Web Browsers.
Other reason is that I want to see all apps that are using internet access.

Also, with setting the alert settings to high, does this mean you will be alerted to more applications or you will get more alerts for each program? What I'd like to do is minimize the number of alerts you get, but maximize the security. If each program only gets one alert than this should be sufficient. (Once again, correct me if I'm wrong)

More alerts for each program (for every port that program is using)
However, I can't notice more alerts than Low setting because Auto-Create rules is doing that job.
As I can see, difference is with Auto-Create rules, with default Low setting Comodo create rule which allow outbound for every port, with High setting it creates rules for outbound just for ports that program is trying to use.
With Very High setting you will have all that but with every IP address app is trying to connect.

[mouse1]

BUMP to top

[Chiron]

Has anyone had any problems with configuring Comodo Firewall to "Block all incoming connections and make my ports stealth for everyone else"?

I ask because I'm considering changing my advice to this from the current "Alert me to incoming connections and make my ports stealth on a per-case basis".

Just send me a PM letting me know how it works for you. Thanks.

[HeffeD]

Has anyone had any problems with configuring Comodo Firewall to "Block all incoming connections and make my ports stealth for everyone else"?

This is the configuration I've always run and I've never had a problem. I don't use any P2P applications though.

[EricJH]

I am always using "Block all incoming connections and make my ports stealth for everyone else".  No problem with it. You just need to poke holes in the Global Rules when you run a p2p or another program that needs server rights.

[Tags:]