A few questions regarding CIS

Hi everyone

Ok so I still dont fully understand some of the options of CIS, so I thought to ask for help.

  1. The option Blocked Zones, how does it work? What are the rulez created by comodo when I put a Network Zone in the Blocked Zones. I put my Network Zones there, even Loop Back Zone, and I still have internet acces. So whats excatly its blocking? Only incoming connections? Sharing files? Does Blocked Zones adds extra security if it is used properly?

And should I put my Loop Back Zone in the Blocked Zones for extra security? I read on google this is a trusted zone. So I suppose I dont have to.

  1. When I connect my cable modem surfboard for the first time, CIS, detects a new network and gives me 3 options.

a) Home
b) Work
c) Public IP

Well I am connected from my home, so the most logical thing would be to choose option HOME, however, this option create a system aplication rulez, and global rulez tabs, that sais:

a) Allow system to Receive Requests if the sender is in [Home #1]
b) Allow all incoming requests if the sender is in [Home #1]

I think this option is only for networks that you actually trust %100, cause actually you are allowing incoming connections, and this is great news for hackers.

So in my case this does not help me at all, cause I dont trust the networks I am connecting, when I connect my motorola surboard cable modem for the first time, this networks are from my ISP.

So I always have to chose in this step, Public IP. Am I doing it right guys?

  1. In the network Zones tab, if I click on one of the networks for example loopback zone, it sais edit network zone, and I can change the name, and there is also a ceck mark, that it sais PUBLIC NETWORK.
    I was wondering what this option does? If I put the check mark on, it will make any diference when CIS have to take actions, or it will add extra security for a network that I dont trust?

  2. And finally…

In HIPS+, when I open I exe file of a program, and CIS does not have it in the whitelist servers. So it gives me a pop up, with a red alert, telling me that the program asks for FULL ACCESS to your computer, so it sais:

a) Allow
b) Block
c) SandBox

Ok, usually in this case I would chosse SandBox. Right? The problem is that the program needs internet acces in order to start. So If I choose SandBox, the program wont start. And I have to choose ALLOW in order to make it work. Is there any way I can make this procedure more secure so I dont have to give FULL ACCES rights to the aplication I dont trust? After this I go to Defense +,Computer Security Policy, Defense +Rulez, and I block Acces rights with a custom policy for the untrusted aplication. Am I doing it right?

Thanks guys for any help on this :slight_smile:

Hello. I can nswer question # 2.

Yes, when you are selecting “Home” or “Work” CIS creates 2 global rules that allow all in and out connections to \ from this network (however you still have to accept incoming connections on application level (application rules) and outgoing connections for unknown programs), and “public” doesn’t create those rules. there is no dfference between “home” and “work”. So, yes you’re doing it correctly, unless the network is your LAN \ network you trust choose Public. Kind of misleading if you ask me, I’d prefered Trusted \ Untrusted network selection.

Thanks to you, now I know I am doing it right. This one solves me other questions related to this. You are right I also prefer a pop up that would say Trusted \ Untrusted network selection. Obviously having in mind to make things simple, specially for new users of CIS (noobs, rokies, etc). But for geeks pros its ok, lol hahaha :slight_smile:

Many thanks :slight_smile:

If we opted for “home” when we first answered the alert from Comodo but would rather have it set to “public” so as to treat even our home network as “untrusted”, what are the steps necessary to make the change?

Can you advise of any practical repercussions in doing so?

Thanks in advance.

Okay…I got part of my answe to my question in the last postr directly from Chiron…

…I was able to make the change by going to to Firewall-Network Security Policy-Network Zones and edit my “home” by selecting the box “public network”.

So now my question is, should the same box (“public network”) be selected in “Loopback Zone” as well?

Thanks in advance.

Loopback zone is usually the 127.0.0.1 address, which is your own PC, so in most cases it’s considered a trusted network…as far as I know. Things like local proxy servers use loopback connection, I think.

Thanks for your reply. I wonder what the ramifications are for opting one way or the other with “loopback”?

I hope others will chime in here.