That custom policy looks awesome. It allows the program to work but also adds an extra layer of security that prevents exploits to be abused.
I believe this level of configuration is possible for many applications.
My suggestion is that we start building a list of custom policies for a bunch of programs. These could be configured to allow and block behaviour for common applications.
For example:
A game has no business modifying files other than its save-files, it might want to connect to its site to check for updates or “phone home”
Using the community rules could be built to allow the updater to do its work in the game folder, and allow the game to edit\create\delete its save files. Finally the application should be allowed to update but no phone home.
We could set the exact ip adres that it contacts to, the community would update the IP if it changes.
What do you guys think? Maybe eventually Comodo could add these peer-reviewed profiles to CIS.
I’m not good with the advanced rules yet so all i can do is suggest some applications to start with:
Utorrent and Emule already have nice rules, maybe they need updating?? i believe they don’t have defence+ rules yet
Programms that come to mind are:
-Microsoft Office
-All the browsers(opera,firefox,internet explorer, chrome(ium), safari)
-Foxit reader(had some exploits in the past so could use the extra protection)
-ahead nero
-Imgburn
-Windows live messenger
-Windows media player
-Frostwire(and clones)
They key idea here is to create rules that:
-Allow the program to do what it needs to do(Defence+)
-Block all other behaviour(Defence+)
-Allow network connections only where needed, preferably restricted to a single ip(Firewall)
-Block all other network connections(Firewall)
The result is programs that are safer from exploits, privacy level is increased but no-phoning home.
The best part though is, no-pop ups from the application! (and a silent CIS is what we’re all looking for right?)
Defence+
Block everything except:
-Must be able to read\write from all drives including network drives
-access to its settings registry keys
-access to the text clipboard read/write
-access to the printer
Firewall
Block everything inbound and outbound but still allow read/write to network shares
That’s my wish as well. :-TU
It looked like Comodo considered it at some point. The 3.0.22 ThreathCast beta was able to export CFP rulese in a xml format (but it wasn’t able to import it back :'()
Yes, that would be great… Then Comodo could set up a database with rules for applications and games, so that people don’t have to configure everything manually.
These could be in a special format or something, so that they don’t totally replace the current rule set.
I think it is a great idea, since sometimes is hard to figure out what does an application need to do, and what it doesn’t need… In special, IM apps, like windows live messenger, windows live messenger plus (a non-microsoft package to extend wlm capabilities), g-talk, skype, pidgin…
Does anyone know how to apply a rule to a program in the firewall when that program is not trying to connect to the network? (trying to create a deny all network access rule for a program that never accesses the network)
Don’t you need to add this rule to make it secure??
Action = Block (enable Log as a firewall event if this rule is fired)
Protocol = IP
Direction = In/OUT
Description = Block and Log All Unmatching Requests
Source Address = Any
Destination Address = Any
IP Details = Any
But the point with these rules is to block possible exploits and reduce pop-ups.
these programs are never supposed to do anything else than download updates from their host site. So blocking every other connection attempt looks like a VERY secure and smart idea to me
Usually yes, it would take a new version of the program to change the download url. That new release would stop working and we/comodo would update the preset for that program.
Thast because you are one of the few people who reads and then understands what Comodo is asking.
I hope you add the full block to the profiles you made in this thread, but you are free to leave them out on your local setup. Not having the full block makes the exploit-protection useless for 99% of users
The goal is to create complete and watertight profiles(where possible 0 pop ups ever).
Alright, I have something for Advanced WindowsCare Personal (http://www.iobit.com/advancedwindowscareper.html) → I don’t know how to put it in the way you guys do, so hopefully, someone will expand on this:
Advanced WindowsCare DOES NOT need to connect to the internet other than to display its AD and UPDATE.
I believe Acwl.exe (or something like that) is its ad-engine and can safely be blocked. As for its update engine, I’m not completely sure.
!!