Hi guys
I haven’t read the manual yet (maybe that will answer my question) but I’m just wondering what the difference is between application and network monitor rules. They seem very similar in design. From a visual side of things it looks like network monitor rules apply to any application and application rules allowing you to specify a process. Would leaving the application / parent applications blank be the same as a network monitor rule?
Network rules control what information/traffic can flow. This creates the basis for the “network”, without concern over what application.
Application rules control the applications attempts to get access, but answering Allow to an application with no network rule that allows for the behaviour, results in no access.
Sorry, I’m a little confused (doesn’t take much ???) by your reply. So your saying that if I don’t have any network module rules in place then no applications (via a network module rule) will be able to make outgoing or accept incoming connections?
Btw, thanks for your quick reply :D.
G’day,
Application rules are about WHO is trying to get out.
Component rules are about the extra application bits (DLLs etc.) of an executable trying to get out.
Network rules are about HOW those things are trying to get out.
CPF executes the outbound rules in this order - application - component - network. The logic behind it is (in laymans terms), I want to start application W (application rules are checked) and it uses DLL X and y (component rules checked) and it uses protocol Z (network rules checked) to access the internet.
Hope this helps,
Ewen
Hey Graham,
That’s right - the network rules are what determines what can go in and what can go out. No rules - no access - thats the purpose of a firewall - to control the flow of data in and out of your PC. Luckily its not as hard as it sounds, and once you’ve done it once, you’ll get it!
Have a look at
www.embsolutions.com.au/cpf_rule/index.htm
This is a flash based tutorial on how to manually set basic network rules with explanations on what each step does. This was prepared with a slightly older version of CPF, but the principles remain the same. This tutorial will be redone when Version 2.3 is released to the public.
Hope this helps,
Ewen
Thanks for the link Ewen :). I actually checked that link out earlier, good job :D. The strange thing is, I don’t have any network monitor rules (I deleted them) but I’m still able to connect via my application rules after being prompted.
I should note that I’m also a SKPF4 user (on another computer) and was compairing CPF to this firewall. It seemed to me that the application monitor module was similar to application behaviour blocking with the network security module thrown in. That was why the network monitor module was confusing me :).
Hey Graham,
Consider this, if you don’t have any network rules at all, what is stopping inbound traffic? You should have a rule that says
Action : Block + LOG
Direction : IN
Source : ANY
Remote : ANY
Port : ANY
This rull will prevent unsolicited inbound requests.
Cheers,
Ewen
The tutorial was interesting, but I am not sure I fully understood it. I have attached a screen shot of my network rules. I did not create these so I presume that they were created either as defaults or automatically during installation. I have a router to connect to the internet but no local network.
Are these the correct rules for my system? Do I need any others?
Thx
[attachment deleted by admin]
They’re OK, but I’d move rule #2 up to position #0.
hth
ewen
Thx
Panic by moving #2 to position #0 is as good as eliminating the rule #1.
Just leave the rules as they are.
Shouldn’t CPF drop connections to non-listening ports but prompt for listening ports? I’ll add your block and log rule into network monitor. Thanks for your help Ewen.
Hi guys,
So which is it, move it up or leave it as is? ??? and why does moving it up eliminate rule #1? ???
Thx
CPF “reads” the rules from the top to the bottom.
At your image:
The rule #2 “allow IP out” means that every kind of outgoing trafic is allowed (ICMP protocol included).
The rule #1 “block ICMP out” means that the specific ICMP outgoing trafic will be blocked.
If you put number #2 higher than number #1, then this mean that “allow ip out” rule will have the priority over the “block ICMP out” rule.
Gotcha.
Thx
Hello everyone. Just wondering if the avnotify exe. in Antivir PE can be blocked by Comodo Firewall to prevent Notifier Window from popping up during Antivir updates. I use Application Behavior Blocking to do this with SKPF, and from what I read here, I should be able to do this with Comodo too. Also is it fairly easy to do? I am anxiously awaiting the next release of Comodo, as I have used it in the past and loved it. Unfortunately it was just a little too heavy on my PC, so I had to uninstall it. I hope this is the proper thread to be asking this. Of course I’m not too worried about my post, since both you Graham1 and you r2baruch have been kind to me in my other posts elsewhere before. Thanks ahead of time guys.
You can use CPF for blocking it from accessing the internet. It’s a very easy thing to do.
The current beta version of CPF is resource friendly.
Unfortunately, CPF cannot determine which processes are allowed to start or not (like SKPF4’s application behaviour blocking). This would make an excellenet addition to the firewall though.
Thanks guys. How about ProcessGuard Free with Comodo? I know it can block Notifier. Graham1, I believe you told me you use SSM Free, but have you tried the new version of PG free yet? I unfortunately couldn’t use SSM Free, as it presently doesn’t work on a Two User Account, but have used the older version of PG Free and liked it. I guess one of us, meaning YOU, (LOLOLO) should post about having an Application Behavior Blocking Feature for Comodo under the Wish List Forum. Take care and thanks.
I haven’t tried PG free but I’ll probably stay with SSM free as I find that product is perfect for me :).
I guess one of us, meaning YOU, (LOLOLO) should post about having an Application Behavior Blocking Feature for Comodo under the Wish List Forum. Take care and thanks.
I did post about this feature in another thread, not sure whether it was the wishlist thread though.