Author Topic: Current 2.4 Solutions to Firewall issues  (Read 83617 times)

comicfan2000

  • Guest
Was I attacked?
« Reply #30 on: January 25, 2007, 06:59:13 PM »

comicfan2000

  • Guest
Comodo not loading at Windows startup
« Reply #31 on: January 25, 2007, 09:18:20 PM »
  Question

I have just installed Comodo Firewall and everything is going pretty well, the only problem I am having  is that it doesn't load at Windows startup. When I check the task manager I have cmdagent.exe running but not cpf.exe, its not even in Msconfig (Startup).
I would have thought that it would have started automatically when Windows starts.

Do I have to add it to my Startup folder?.




Answer

There were many steps to try to get here so simply posted another link...

http://forums.comodo.com/index.php/topic,5710.msg42214.html#msg42214

comicfan2000

  • Guest
Emule\Bittorent tutorials here...
« Reply #32 on: January 26, 2007, 03:50:15 PM »
 There are some great rules and tutorials\discussion concerning Emule\Bittorent here...

http://forums.comodo.com/index.php/topic,411.0.html


Paul

comicfan2000

  • Guest
GRC Stealth Test Question
« Reply #33 on: January 27, 2007, 02:40:27 AM »
 Question


I have read all the related posts but i still cannot understand what is going on. I cannot pass the Stealth test at GRC.com unless my router's firewall is enabled. If it is disabled I get several ports simply closed or even open (the results are in the attached file). Does this mean I am not fully protected without the router's firewall enabled?

Answer

 
 No, it does not mean you are not fully protected.  If you chose Automatic for CPF's installation,  have not altered those core rules created by default in the Network Monitor, or in some other way altered CPF's security configuration (meaning that you've gone into Security/Advanced and changed CPF's settings; I'm not referring to adding Application Rules), then you are protected.

The online tests are not the best indicator of security, although they point users in that direction.  They all tend to give different results.  For instance, at work, I fail GRC's "stealth" test, but pass PCFlank's just fine; and I know for a fact I have no open ports.

Running a resident scan, such as SuperScan 4 is a much better indicator of the state of your security.    SuperScan is a free utility available here:  http://www.foundstone.com/resources/proddesc/superscan.htm.  You will set it to scan 127.0.0.1 (your system localhost).  You can also scan other computers on your LAN, your own IP, router, etc, but the primary thing is you want to make sure your computer is secure.

If you find that any of your ports are indeed open, Foundstone also has a free tool called FPort, available here:  http://www.foundstone.com/resources/proddesc/fport.htm; it shows what application owns the open port, processes, etc.

Hope that helps,

LM

PS:  It should be noted that the caveat to CPF's protection status is that the user has not reduced the security created by CPF's default settings - if the user installs on Manual to pick their own setup, or changes CPF's advanced security settings, the protection may be compromised.  This does not mean that settings cannot be changed; only that in changing, we need to make sure we know what we are actually doing...




   o would it be clever to disable hardware firewall or should I leave it up to enhance security?

Leave your hardware firewall active, my friend!  It improves your security.

The hardware firewall's purpose is to keep attackers out, and it is much harder to breach (provided you have changed the default password to a new, strong password).  However, it will not stop anything you are downloading onto your computer, since you are authorizing the transfer.

A software firewall's purpose is to keep things in (malware, personal information, etc).  If you do get a virus/trojan, and it tries to hijack your system to get back out (for any purpose), the firewall should identify and stop the attempt (or give you a warning, so you can choose to stop it).  Most software firewalls, in addition, also have measures to help keep attackers out as well, but that is not the primary purpose.

So, use both your hardware & software firewalls, for better security!

LM

[attachment deleted by admin]

comicfan2000

  • Guest
Visble Ports
« Reply #34 on: January 27, 2007, 02:43:44 AM »

comicfan2000

  • Guest
Comodo Firewall and Utorrent
« Reply #35 on: January 27, 2007, 02:50:06 AM »
Question

Brothers, do you know if there is some advice for using Comodo and Torrent program together?

I started to use Comodo and I like so much. I made test from web and results were good.
But when I started Torrent, the up was 0 for many minutes until begin to change a little bit... Someone knows why?
Comodo get better something in web connection?
Let me know..

Other thing: Why does appear in "Component monitor" the note "Learning"? How can I learn to configure this item? While I don't get this, there is any danger ou harm to me?

Thanks for atention.



Answer


You should keep component monitor in learning.

About Torrent.
Set a port in your torrent program, let's say 51234
If there is settings like UPnP and random ports, uncheck them.
Now you should open a port in network monitor.
Network monitor works like a router, so you have to "forward" port(s),
like you do in a router, for apps like Torrent/P2P.

Go to Network monitor (security/network monitor).
Right click on your top rule and add/add after.
Do these settings.

Action : Allow
Protocol : TCP or UDP
Direction : In
Source IP : Any
Destination IP : Any
Source Port : Any
Destination Port : A single port : 51234

If it doesn't seem to work, restart CF or reboot your PC.

Always remember to place your allow rules you make, above the default block rule.
Network monitor reads the rules from the top to the bottom.

Also check the log in activity/logs and try to see which rule that blocks your app.

Aowl


Thanks so much for your help.
I believe my dial up connection is better now. A port is open and allowed.

Thanks for your patience.

I'm liking a lot Comodo Firewall. It seems more stable than ZA. This last is a past in my pc.

Regards...



comicfan2000

  • Guest
Alerts not disappearing
« Reply #36 on: January 27, 2007, 02:53:15 AM »
Question

I am new to firewalls but am learning in a hurry!

I am currently running a laptop off-line, while I work on cleaning up an infestation of mal/adware.

My installation of CPF pops up two alerts, both warning me of

Generic Host Process for Win 32 services is trying to act as a server.
Application: svchost.exe
Parent: services.exe
IP Listen Port: [in one case] ms-rpc(135) - TCP
                       [in the other] listen(1025) - TCP

Although my configuration settings are defaulted to alerts disappearing after 120 sec, these two alerts just stay on the screen.

At the moment I do not want to make any decisions about allow/block, because I am still trying to identify and clean up other processes that are trying to access the internet.

Can anyone advise me:
1) whether I should allow/block these? and/or
2) whether they should/will disappear if I do?

Thanks in advance.


Answer

It is fine to allow them, they are parts of Windows, and the parent seems fine. If you are not completely sure you can click allow or deny without selecting the Remember option this way you can choose another option later when the component needs access again.


Thanks, Justin, especially for the very quick response!

comicfan2000

  • Guest
BSOD with update.
« Reply #37 on: January 27, 2007, 03:10:33 AM »
Question


I got a BSOD after 2.4 update.

Answer


First go here>

http://www.personalfirewall.comodo.com/

1. Download the 2.4 version and save it to disk.

2. Now, if need be unhook from the internet, or enable XP after this for a quick fix. Uninstall 2.3, restart the system.

3. When OS is loaded, close down other security softwares if need be, I didn't have to but some may conflict. 

4. Do a restart and all should be well. It worked for me and have since had no BSOD.

 Cheers,

 Paul

A note: stopping ctfmon.exe may have been more coincidence in my case than fact but I did open task manager and stop the process but most likely this does NOT have to be done.


 P.S. Thank you to Aowl for the help on this one.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek