* Home Help Search Login Register  

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 23, 2013, 09:53:21 PM

Login with username, password and session length

663846 Posts
70593 Topics
145225 Members
Latest Member: rafacand

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Security Products & Services
| |-+  Comodo Internet Security - CIS
| | |-+  News / Announcements / Feedback - CIS
| | | |-+  Why can we write rules of D+ like Firewall Global Rules?		 « previous next »
Pages: [1] Go Down Print
Author Topic: Why can we write rules of D+ like Firewall Global Rules?  (Read 2389 times)
cgzn
Comodo Member
**
Offline Offline

Posts: 33
« on: January 29, 2009, 11:01:34 AM »
     We know that, in the D+ part, "Allow" has  higher priority to "Block", So we have difficulty to write a rule like that: Allow explorer.exe to execute all exe of systemroot except cmd.exe.
 
     However, if we can set up similar rules like Firewall Global Policy, it's easy. In fact, we can write a rule:

     Block              %windir%\system32\cmd.exe
     Allow              %systemroot%\*

     just put "block cmd.exe" above "allow %systemroot%\*", it's convinient to solve the problem.

     Can we get improvement next version of CIS?
Logged
tcarrbrion
Star Group
Comodo's Hero
*****
Offline Offline

Posts: 668
« Reply #1 on: January 29, 2009, 03:28:40 PM »
This can be done. Create a file group with just explorer.exe in it and block cmd.exe. You will also have an individual set of rules for explorer.exe. Make sure this is below the group rule in computer security policy and allow %systemroot%\* in it. The block rule now has priority as it comes first.

File groups are great for global or complicated rules.
Logged
cgzn
Comodo Member
**
Offline Offline

Posts: 33
« Reply #2 on: January 29, 2009, 09:48:51 PM »
Quote from: tcarrbrion on January 29, 2009, 03:28:40 PM
This can be done. Create a file group with just explorer.exe in it and block cmd.exe. You will also have an individual set of rules for explorer.exe. Make sure this is below the group rule in computer security policy and allow %systemroot%\* in it. The block rule now has priority as it comes first.

File groups are great for global or complicated rules.

Thanks for your answer. what you say certainly solve the problem, but i think what i suggest is more convinient than yours, isn't it?
Logged
tcarrbrion
Star Group
Comodo's Hero
*****
Offline Offline

Posts: 668
« Reply #3 on: January 31, 2009, 07:04:06 AM »
Most of my rules are blocking whole directories with the odd allowed exception and that would be harder to do your way round. I block execution of everything under c:\users and c:\appdata. This means nothing can be executed in any directory where a limited user can write making the system very secure. There may be exceptions in these directories that need to be run.

It might be possible to let all single program rules have precedence over wildcard rules but this might be more complicated to understand and people might get it wrong.
Logged
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.037 seconds with 20 queries.
Powered by SMF 1.1.18 | SMF © 2006, Simple Machines Design by 7dana.com