Application Behaviour Analysis

If I’ve got the basic v3 firewall installed, but not Defense+, am I still protected by what in v2 was called:

  • Process memory injections
  • Invisible processes
  • Parent application change
  • DLL/Code injections

In other words, is it possible for my firewall to leak, since Defense+ is disabled?
or still: is the basic v3 firewall stronger than the v2 firewall with behaviour analysis enabled?

I am afraid that to be leak proof you will need to have Defence+ enabled.


What I’m looking for is a firewall that does its job of protecting you, without you endlessly being nagged by security prompts each and every time they use their computer for the very purposes it was built for.

In this respect, I’d better go back to v2 anytime that to go on with Defense+, and so if the former is more protection-efficient than the “plain” version of v3, that is, without the anti-malware.

I find that the new firewall with defence+ enabled is no noisier than the old 2.4 firewall. Granted the first half hour after installation it gave quite a few pop ups whilst I got it used to my commonly used applications but since this I have had no problem really. On installing a new application there are one or two pop ups but I find this no more annoying than the UAC pop ups in Vista. As the safelist grows I think there will be less pop ups and I am certain the developers are looking into ways of making things easier for new users.


Yes, thanks for the raving, but the question I’ve been asking myself:
what is better, “full” v2 or “basic” v3?

Is somebody in the possession of a precise answer?
Share it! :wink:

Thats for you to decide twipley? do you want the best protection with the least hassle(v2) or do you want your computer protected for the future(v3) where user and computer have to do a bit of learning.The power is in your hands :wink:

Regards Matty

If you want a form of HIPS such as Defence+ then V3 is better.
If you want a great firewall that is currently leakproof but does not have HIPS then V2 is better. V3 without Defence+ is not leakproof. However, V3 will protect better against future exploits (Leaks) than V2 and V2 is no good with Vista. Hopefully Comodo might develop V2 further for users of windows 2000 but I am not sure about this.

If using XP or Vista I believe that to be best protected against attack both now and in future V3 is the best solution.


For itself, the help file sounded like the basic firewall had some kind of leak-protection by itself:

“The Comodo safe list is a signature database of more than 1,000,000 applications that have been certified as safe and free of threats to your system. If the profiler detects these applications on your system, it can create allow rules to automatically allow that application internet access. This option is both convenient and secure because your favorite programs will be able to connect right away but you will still be warned immediately if the application attempts to connect in a suspicious manner (for example, if a trojan has hijacked the program in order to sneakily connect - you will be alerted).”

Moreover, the main reason I’m reticent to use Defense+ is that each and every time I install an application, I move to the “installation mode”, which (as I see it) removes the anti-malware protection.

I don’t think the install mode removed the anti-malware protection. If it works like I expect it works, it only allows the installer to write files etc.I may be wrong here though. You are running the installer presumably as you gave it permission to execute, and changed to installer mode. So you want it to write out what it’s doing.

The rest will still have to follow the standard procedure/rules in Defense+. At least, that’s how I’d write it to work.

Yea, but I want it to protect myself especially when I’m running executable files, and that’s precisely when I’m turning on to the install mode.

I’m sadly going back to v2, because, you know, I’d like to be protected even while installing programs. I mean, even with the mere “basic” Defense+ protection you often have to switch back to the installation mode, thus losing the protection one would like to be constant.

What I’d like to see implemented in v3 is the ability to monitor only what is really necessary, so that the paranoid user can feel protected at all times, i.e. even when installing programs.

Just my two cents,

Well, currently I’ve returned happy with v3, easy-to-understand GUI, having taken the habit of verifying the trustworthiness of executable files before execution, and all is going fine. :slight_smile: