Hi, new to comodo firewall and i have a couple of questions;
first is, since installing it, something keeps running, or creating an icon in the systray but immediately disappears so i have no way of checking. This only started since installing comodo so i’m assuming it’s something to do with comodo. When it runs/creates the icon it steals focus temporarily and causes some games (eg BF2) to minimise which makes playing annoying. It does this maybe every half hour so, but haven’t timed it.
second question is, i’ve noticed applications such as internet explorer get allowed, even though there aren’t specifically mentioned anywhere, is there a way to turn this off? I know comodo has a list of applications it knows etc, but i’d prefer to be able to disallow everything no matter what comodo thinks is safe
Hi and welcome,
The tray icon is likely to be CFP updater. You may turn off automatic updates if you do not want CFP to update automatically.
Secondly, CFP has a ‘saflist’ of files that it sees as safe. These are automatically allowed onto the internet. You may also turn this off to receive alerts should you wish - under the advanced settings in the security section. CFP also detects some malware that may attempt to access the internet and automatically blocks them.
that’s fixed both problems, cheers
just one other question now, is it possible for the network rules to override application rules? e.g. can i set it so anything can access DNS in/out even if a specific program is blocked or there are no rules for it?
Glad that helped.
About the rules:
CFP rules work as follows (quoted from Egemen):
- Incoming Connecions
1- Network monitor applies filtering if success it passes to application monitor
2- Application monitor checks the target application, if allowed passes to
3- Advanced security analysis monitor(component monitor + application behavior analysis)
if these 3 steps are passed, application receives the connection.
The order changes :
1- Application monitor
2- Advanced security monitor
3- Network monitor
Therefore, as application rules would be applied first in your example, network rules would not be overrided. Also, whether or not it was an inbound or outbound connection, the application monitor would still block the connection if the program was blocked.
Hope this helps,
Everything works in context, as per Egemen’s explanation. Things don’t get “overridden;” they work in conjunction. While you can create a Network Monitor rule to Allow In/Out for Port 53 (DNS), this isn’t going to help you if there’s not an Application Monitor rule to Allow a specific application Outbound UDP on Destination Port 53.
Conversely, if you create an Application Monitor rule to Allow “abc.exe” UDP Out for DestPort 53, but don’t have a rule to at least Allow UDP Out in the Network Monitor, you’re still not going anywhere.
The layered security filters thru connection attempts as Egemen stated; however all conditions must be met or it’s a no go. Think of it as a series of “if-then” statements. If any part of the series is broken, the next step won’t occur; instead, it’s all blocked.