A list of Best firewall/defence+ policies for popular applications

Hi Everyone.

I read the uttorent settings in the FAQ thread:
https://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/tutorial_for_utorrent_with_comodo_firewall_3-t15677.0.html

That custom policy looks awesome. It allows the program to work but also adds an extra layer of security that prevents exploits to be abused.

I believe this level of configuration is possible for many applications.

My suggestion is that we start building a list of custom policies for a bunch of programs. These could be configured to allow and block behaviour for common applications.

For example:

A game has no business modifying files other than its save-files, it might want to connect to its site to check for updates or “phone home”

Using the community rules could be built to allow the updater to do its work in the game folder, and allow the game to edit\create\delete its save files. Finally the application should be allowed to update but no phone home.

We could set the exact ip adres that it contacts to, the community would update the IP if it changes.

What do you guys think? Maybe eventually Comodo could add these peer-reviewed profiles to CIS.

Great Idea!

You guys go ahead and do that and when ready I will pass this to dev team!

Melih

Okay let’s start building the list! (:m*)

Josh

I’m not good with the advanced rules yet so all i can do is suggest some applications to start with:

Utorrent and Emule already have nice rules, maybe they need updating?? i believe they don’t have defence+ rules yet

Programms that come to mind are:
-Microsoft Office
-All the browsers(opera,firefox,internet explorer, chrome(ium), safari)
-Foxit reader(had some exploits in the past so could use the extra protection)
-ahead nero
-Imgburn
-Windows live messenger
-Windows media player
-Frostwire(and clones)

They key idea here is to create rules that:
-Allow the program to do what it needs to do(Defence+)
-Block all other behaviour(Defence+)
-Allow network connections only where needed, preferably restricted to a single ip(Firewall)
-Block all other network connections(Firewall)

The result is programs that are safer from exploits, privacy level is increased but no-phoning home.
The best part though is, no-pop ups from the application! (and a silent CIS is what we’re all looking for right?)

Good so Far. :-TU

Josh

Okay lets try this hopefully simple example:

Notepad.exe

Defence+
Block everything except:
-Must be able to read\write from all drives including network drives
-access to its settings registry keys
-access to the text clipboard read/write
-access to the printer

Firewall
Block everything inbound and outbound but still allow read/write to network shares

Can anyone else share? ;D Thanks…

Josh

That’s my wish as well. :-TU
It looked like Comodo considered it at some point. The 3.0.22 ThreathCast beta was able to export CFP rulese in a xml format (but it wasn’t able to import it back :'()

If anyone need to provide a textual representation of his rules there is Comodo Firewall Pro Configuration Reporting Script .

To post specific application policies it is needed a good deal of Copy & Paste though please make sure to enclose your policy text [nobbc]

 between 

[/nobbc] tags.

Yes, that would be great… Then Comodo could set up a database with rules for applications and games, so that people don’t have to configure everything manually.
These could be in a special format or something, so that they don’t totally replace the current rule set.

I think it is a great idea, since sometimes is hard to figure out what does an application need to do, and what it doesn’t need… In special, IM apps, like windows live messenger, windows live messenger plus (a non-microsoft package to extend wlm capabilities), g-talk, skype, pidgin…

Another interesting tools:

  • GnuPG
  • GPGshell
  • OpenOffice

Way to go J2897!

Does anyone know how to apply a rule to a program in the firewall when that program is not trying to connect to the network? (trying to create a deny all network access rule for a program that never accesses the network)

Don’t you need to add this rule to make it secure??


Action = Block (enable Log as a firewall event if this rule is fired)
Protocol = IP
Direction = In/OUT
Description = Block and Log All Unmatching Requests
Source Address = Any
Destination Address = Any
IP Details = Any

But the point with these rules is to block possible exploits and reduce pop-ups.

these programs are never supposed to do anything else than download updates from their host site. So blocking every other connection attempt looks like a VERY secure and smart idea to me

Usually yes, it would take a new version of the program to change the download url. That new release would stop working and we/comodo would update the preset for that program.

Thast because you are one of the few people who reads and then understands what Comodo is asking.

I hope you add the full block to the profiles you made in this thread, but you are free to leave them out on your local setup. Not having the full block makes the exploit-protection useless for 99% of users

The goal is to create complete and watertight profiles(where possible 0 pop ups ever).

This is a good thread :wink: !!

Alright, I have something for Advanced WindowsCare Personal (Advanced SystemCare 16 Free: Top PC Cleaner & Optimizer for Windows) → I don’t know how to put it in the way you guys do, so hopefully, someone will expand on this:

Advanced WindowsCare DOES NOT need to connect to the internet other than to display its AD and UPDATE.

I believe Acwl.exe (or something like that) is its ad-engine and can safely be blocked. As for its update engine, I’m not completely sure.

Can anyone elaborate on this?