Beginner questions regarding Defense+ and/or leak protection

First of all: Hi to everybody in this great forum / community! :slight_smile:

Yesterday I’ve surfed through the internet and found this great firewall challenge ( - external link: matousec), when I was looking for a new firewall solution.
Because I never was happy with any firewall solution before and I’m behind a NAT router, I simply used the Windows Firewall. No, I never was happy with it either but kept it activated - more like “better than nothing”.

In order to answer my questions below you probably need to know more about me (my skills) and the operating system: I’m using Vista x64 and I’m an experienced user. Most of the time I was surfing without an antivirus and firewall without receiving any ad- and spyware or viruses. I’ve always trusted the best solution available: Brain v2.0. ;D

Because that’s a bit silly and I’m about to reinstall my operating system now it’s the time to try new software, which also can mess up my system (no offence!) - so I’ve tried also Comodo Firewall Pro and I’ve no other words, than: (L)

The last night I’ve only slept a few hours always keeping reading through the User Guide and the forum. Thanks to the great community in the last 12 hours I’ve found everything needed regarding the firewall configuration…

…but the Defense+ module still demands a few answers, so I start with a basic question:

  1. I undestand the need for Defense+ and never thought to deactivate it… however I’m thinking of partially deactivate the Defense+ module… so can anybody (experienced users preferred) explain me what’s the difference between the setting “Firewall with activated leak protection” and “Firewall with Defense+”?

Yes I already know things like… “leak protection activates some, but not all defense+ functionality” or that “the protection with it is similar than with v2.4”.
But can anybody give me an example for “Certain monitoring and file/folder protection is, however, disabled under this configuration”?
In other words: I simply would like to know which features I loose when switching to the “firewall with leak protection” mode. Thanks…

  1. The second and already last question (again regarding the defense+ module): What are the recommended settings for key operating system executables like: explorer.exe, svchost.exe, rundll32.exe, dllhost.exe, …?

I see for example, that svchost.exe is treated as “Installer or Updater” by default. Why? Why not as “Windows System Application?”

What are your settings especially for the three bold marked applications above?

Thanks for helping me out… I love you all guys / of course women too, although my girlfriend wouldn’t be that happy reading that? ;D



  1. Easiest way to see the difference in modes is to go to miscellaneous/manage my configurations/ and select the one you are interested in. You can look at the settings for the mode, then switch to the other mode and compare the settings there. These modes are handled in CFP3 by the databases.
  2. Svchost is used by Windows Updater, among other things, and needs to execute other programs-which Windows System Applications don’t get to do without asking. And there are probably some other similar reasons. The defaults are set up to safely cut down on the volume of popups in some cases. You can change any of the defaults and see if you are happy with the volume of popups-most settings just ask.

Thanks for your fast answers!

  1. I didn’t know that the difference of these two modes only lies in the configuration of Defense+… lol, I didn’t even thought about that simple solution.
  2. I see… after reading a bit further I realized that the firewall settings (especially for explorer.exe and svchost.exe) are of much greater importance than the defense+ settings (excluding the fact, that it’s important to react, which applications they are allowed / disallowed to start).

Well… thanks for helping me out!