Are all ports closed automatically when you first install Comodo?

Sorry, I realize this question is such a “n00b” question, but I just want to make sure I’ve set up the firewall correctly.

So, I’ve installed Comodo and put a few ports in the “port set” list. Is this the equivalent of the Windows firewall exceptions list? And if so, does that mean that all other ports are closed?

Also, there are those two “Define a new trusted/blocked application” things. Well, what happens to the applications that you don’t put on either of those lists? Does Comodo just ask about them when they try to connect to the internet?

Finally, if Comodo itself keeps ports closed, what does the Stealth Port Wizard do?

Is there a sure way I can figure out if my firewall is working well enough for me to disable my windows firewall? An online test or something?

Again, sorry for all the questions. If they’re already answered somewhere else, please direct me to them. I appreciate any help you can offer. Thanks!

Sorry, I realize this question is such a "n00b" question, but I just want to make sure I've set up the firewall correctly.;

Welcome to the forum. Please, never apologise for asking questions.

So, I've installed Comodo and put a few ports in the "port set" list. Is this the equivalent of the Windows firewall exceptions list? And if so, does that mean that all other ports are closed?

May I assume you mean ‘My Port Sets’ If so, this is not an exception list, it’s a facilitator for making rules easier to create for applications that require access to multiple ports. For example an email client may require access to ports 25, 110 143 etc. There are two ways of creating rules for this application:

1. create a separate rule for each port the application requires.
2. create a port set, define the ports in the set and assign the set to a single rule.

With regard to ‘closed ports’ think about it this way. CIS firewall works by using two sets of rules, Application rules and Global rules, thus:

Applicarion —> Application rule —> Global rule —> Internet
Internet —> Global rule —> Application rule —> Application

For an application to access the Internet it will need a rule, no rule no access.

Also, there are those two "Define a new trusted/blocked application" things. Well, what happens to the applications that you don't put on either of those lists? Does Comodo just ask about them when they try to connect to the internet?

Two things here. You can, if you wish, ‘pre-define’ rules for applications. That is you can create a rule for an application that you wish to allow, or you can define a rule for an application you wish to deny.

Alternatively, you can create rules ‘on the fly’. How many rules you create will depend on the settings you establish in the ‘Firewall behaviour settings’ section.

Finally, if Comodo itself keeps ports closed, what does the Stealth Port Wizard do?

The easiest way to answer this is by pointing you to the help section. Click on the ‘Stealth ports Wizard’ then click on the ‘What do these settings do’ link, bottom left.

Is there a sure way I can figure out if my firewall is working well enough for me to disable my windows firewall? An online test or something?

There are potentially myriad ways you can test, it depends how much time and effort you wish to spend. If you simply wish to see if you are ‘stealthed’ check out:

https://www.grc.com/x/ne.dll?bh0bkyd2

If, however, you wish to perform a various ‘leak tests’ there is an abundance of information here in the forums.

Again, sorry for all the questions. If they're already answered somewhere else, please direct me to them. I appreciate any help you can offer. Thanks!

No worries. Hope I’ve helped a little. Please feel free to ask more questions.

Hey, thanks a lot for such a thorough explanation, not to mention a warm welcome. I have just a few other questions to clear things up, if you don’t mind.

Also, what should your global rules be for maximum protection? Here’s what mine look like now:

Allow IP Out from IP Any to IP Any where protocol is Any.
Allow ICMP In from IP Any to IP Any where ICMP message is FRAGMENTATION NEEDED.
Allow ICMP In from IP Any to IP Any where ICMP message is TIME EXCEEDED.
Block and log IP In from IP Any to IP Any where protocol is Any.

To me, that looks like a bunch of gibberish. Well, I assume the first deals with outgoing info from your computer, and the last deals with incoming stuff to your computer? The middle two, though, I have no idea. Is there a guide on this somewhere, or could you explain it?

Thank you so much, in advance.

The Global rules you have listed are fine and will protect you. As noted, the first rule allows applications and services ‘out’. The two ICMP (Internet Control Message Protocol) rules are used by applications such as ping and tracert. The last rule blocks all attempts to gain access and will also create a log entry so you can see what’s happening.

For the most part just leave these as is. They will do everything you need. The only consideration will be if you use an application that needs inbound communication. As an example, uTorrent. This will need some additional entries in the Global rules section to work correctly.

If you have problems with an application communicating correctly, check the firewall logs first. If these don’t help, please feel free to post on the forum.

Thanks again for all of your time and answers. I really appreciate it.