Author Topic: How To Install & Configure CIS for Max Protection & Min Alerts [V7]  (Read 67516 times)

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
If you would like to know how to safely install Comodo Firewall (or CIS), then please read my article:
How to Install Comodo Firewall

If anyone has any comments they can leave them either on that site or below. Either way I'll respond to any comments and consider your suggestions for future changes.

Thanks.
« Last Edit: April 14, 2014, 08:44:46 PM by Chiron »

Offline JJasper

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1655
Re: How to Configure Comodo Firewall for Maximum Protection
« Reply #1 on: June 16, 2010, 07:07:25 PM »
Hi Chiron

I have put my CIS 4.1 Complete in this configuration.  I like it except when doing the leaktest ( CLT ) I still get physical memory as vulnerable.  I have D+ in Safe Mode and Firewall security in Custom Policy Mode.  Any thoughts on how to get this leakest 100%.  Would putting the firewall in Safe Mode as well make the difference?

I previously had CIS config. set to "Firewall Security" and it passed all the leaktests, but I have always preferred ProActive, so if there is a way to set it I will be happy. 

John

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: How to Configure Comodo Firewall for Maximum Protection
« Reply #2 on: June 16, 2010, 07:23:18 PM »
Can anyone comment on what the difference is in 'Firewall Security' that could lead to different results for the test?

I am still vulnerable to 'Impersonation: DDE' according to CLT. This is with the configuration given above.

Edit: It appears that switching to 'Firewall Security' configuration automatically disables the sandbox. This explains why CIS would pass the leaktest in the 'Firewall Security' configuration.
« Last Edit: June 17, 2010, 01:37:39 AM by Chiron »

Offline JamesFrance

  • Comodo's Hero
  • *****
  • Posts: 1275
Re: How to Configure Comodo Firewall for Maximum Protection
« Reply #3 on: June 17, 2010, 02:45:17 AM »
I am trying this too on Vista.   I get an immediate D+ alert when opening CLT requesting unlimited access and if I choose Sandbox I then score 340.   If I allow access most fail after denying the few further alerts.
James

Offline JJasper

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1655
Re: How to Configure Comodo Firewall for Maximum Protection
« Reply #4 on: June 17, 2010, 11:57:55 AM »
I guess I should have mentioned that I am on XP 32 bit SP 3.  Strange - this morning I got 340.  I must have needed the extra reboot to get the 100%.

Good....... I think I will keep this config.

John

Offline intrepid44

  • Comodo's Hero
  • *****
  • Posts: 223
Re: How to Configure Comodo Firewall for Maximum Protection
« Reply #5 on: June 17, 2010, 12:14:21 PM »
I just set mine to  these settings :-TU we will see how it works out.
WINDOWS 7 64 BIT 8 GIGS RAM 750GIG HARD DRIVE
CIS5 COMPLETE  DEP(enabled) UAC(enabled) SEHOP (enabled)

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: How to Configure Comodo Firewall for Maximum Protection
« Reply #6 on: June 17, 2010, 06:20:42 PM »
Also, does anyone know if there is any loss in security if I also disable UAC and Windows Firewall?

It just seems to me that both of these are redundant.

Offline pabrate

  • Comodo Loves me
  • ****
  • Posts: 110
Re: How to Configure Comodo Firewall for Maximum Protection
« Reply #7 on: June 17, 2010, 06:35:02 PM »
Great configuration  :-TU
Only thing I've added is in firewall, 'Create rules for safe applications' is checked and Alert settings are at high.
However, I still have 320/340 (DDE and Coat fails).
Altough, maybe I should reboot and try then, will let you know if that really helped to score 340  :D

Offline JamesFrance

  • Comodo's Hero
  • *****
  • Posts: 1275
Re: How to Configure Comodo Firewall for Maximum Protection
« Reply #8 on: June 18, 2010, 02:26:08 AM »
I have been using Symconsent on Vista instead of UAC, but I can't find it now on Symantec,so maybe it has been withdrawn?   It still alerts for updated programs but remembers your regular actions so reduces the alerts.   It would be good if we could safely disable UAC and I think that we could do that now, unless it would be possible for a rogue problem to be added to Comodo white list by mistake.
James

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: How to Configure Comodo Firewall for Maximum Protection
« Reply #9 on: June 18, 2010, 02:01:23 PM »
I am trying this too on Vista.   I get an immediate D+ alert when opening CLT requesting unlimited access and if I choose Sandbox I then score 340.   If I allow access most fail after denying the few further alerts.
This is the way it's supposed to work. If you choose allow you are saying that you trust this application and are providing it complete access to your computer. Therefore, your leaktest score should be pretty bad.

Only thing I've added is in firewall, 'Create rules for safe applications' is checked and Alert settings are at high.
I thought that including "Create rules for safe applications" automatically made the rules, which you could manually edit later. Other than this aren't all applications in Comodo's safelist automatically allowed complete access to your computer? The computer should be no more or less secure with this option checked. Right? (Please correct me if I'm wrong)

Also, with setting the alert settings to high, does this mean you will be alerted to more applications or you will get more alerts for each program? What I'd like to do is minimize the number of alerts you get, but maximize the security. If each program only gets one alert than this should be sufficient. (Once again, correct me if I'm wrong)

Offline pabrate

  • Comodo Loves me
  • ****
  • Posts: 110
Re: How to Configure Comodo Firewall for Maximum Protection
« Reply #10 on: June 18, 2010, 02:50:32 PM »
I thought that including "Create rules for safe applications" automatically made the rules, which you could manually edit later. Other than this aren't all applications in Comodo's safelist automatically allowed complete access to your computer? The computer should be no more or less secure with this option checked. Right? (Please correct me if I'm wrong)

You are right.
I checked that option so I can see the rules that are created and modify something if I think there is a need for that.
For example if that option is not checked, internet browser is set to allow everything outbound.
In this case I just modify it to use predefined policy for Web Browsers.
Other reason is that I want to see all apps that are using internet access.


Quote
Also, with setting the alert settings to high, does this mean you will be alerted to more applications or you will get more alerts for each program? What I'd like to do is minimize the number of alerts you get, but maximize the security. If each program only gets one alert than this should be sufficient. (Once again, correct me if I'm wrong)

More alerts for each program (for every port that program is using)
However, I can't notice more alerts than Low setting because Auto-Create rules is doing that job.
As I can see, difference is with Auto-Create rules, with default Low setting Comodo create rule which allow outbound for every port, with High setting it creates rules for outbound just for ports that program is trying to use.
With Very High setting you will have all that but with every IP address app is trying to connect.

Offline mouse1

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11847
BUMP to top

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Install & Configure Firewall (5.0 / 2011) for Max Protection & Min Alerts
« Reply #12 on: December 26, 2010, 03:09:48 PM »
Has anyone had any problems with configuring Comodo Firewall to "Block all incoming connections and make my ports stealth for everyone else"?

I ask because I'm considering changing my advice to this from the current "Alert me to incoming connections and make my ports stealth on a per-case basis".

Just send me a PM letting me know how it works for you. Thanks.
« Last Edit: December 26, 2010, 04:32:14 PM by Chiron »

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: Install & Configure Firewall (5.0 / 2011) for Max Protection & Min Alerts
« Reply #13 on: December 26, 2010, 04:01:17 PM »
Has anyone had any problems with configuring Comodo Firewall to "Block all incoming connections and make my ports stealth for everyone else"?

This is the configuration I've always run and I've never had a problem. I don't use any P2P applications though.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24876
Re: Install & Configure Firewall (5.0 / 2011) for Max Protection & Min Alerts
« Reply #14 on: December 26, 2010, 08:37:10 PM »
I am always using "Block all incoming connections and make my ports stealth for everyone else".  No problem with it. You just need to poke holes in the Global Rules when you run a p2p or another program that needs server rights.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek