A very specific question [hard to define in a few words]

Hi everybody.
I’ll keep this as short as possible, so sorry for skipping introductions and such.

I’d like to know how to setup Comodo’s Firewall to scan for ALL apps that try to access Internet
and display detailed information on what IP’s and URLs they are trying to access.

So, no “trusted” websites, and only outgoing communication.
How does one do this in CIS?

Thanks.

To set Firewall to alert for all applications:

[ol]- Go to main CIS GUI

  • Click Tasks next to the green arrow in the top-right corner
  • Expand Firewall Tasks and click Open Advanced Settings
  • A new window should appear and you should already be at the Firewall Settings tab - At the top of the options you should see Enable Traffic Filtering, set it to Custom Ruleset
  • If you truly want alerts for ALL applications then you should also go to Application Rules which you can find in the left menu, then remove all present rules.
  • Click OK on all relevant windows.[/ol]

To set Firewall to show alerts for all IPs and Ports:

[ol]- Continuation from step #3 in instructions above

  • In the new window that appears, look near the middle for Set alert frequency level and set it to Very High
  • Click OK on all relevant windows.[/ol]

To set Firewall to only allow outgoing requests:

[ol]- Continuation from step #3 in the first instructions above

  • In the left menu, click Global Rules
  • Check if you have a rule that says something like Block All Inbound Traffic, if you do then you most likely already have this set up, if not follow below instructions.
  • Right-click anywhere in the list and click Add

[li]Action: Block

  • Protocol: IP
  • Direction: In
  • Source Address: Any Address
  • Destination Address: Any Address
  • Source Port: Any
  • Destination Port: Any
    [/li]
  • Make sure that the newly create rule is at the top of the list (the higher up it is, the higher priority it has)
  • Click OK on all relevant windows.[/ol]

The firewall alerts will only show you IP addresses though, no URLs. CIS has a webfilter though but it doesn’t display alerts in the same way, it displays an in-app block screen instead of the website you expected to see.

To add also set alert frequency level to very high to have alerts for all IP’s and ports

I was going to mention that as well but I forgot. >_<
Edit: Added it to the instructions.

As I run CIS like that I notice it more :slight_smile:

There is always a difference between what they want and what they actually need :slight_smile:

Exactly what I was looking for. Thanks peeps, you sure have a nice community here :slight_smile: