Hey guys, I’ve been using Comodo FW w/Defense+ for a few months now and love it. Even read the manuals and most of the related posts. I can’t seem to find any solid advice on configuring outbound rules to prevent any trojans phoning home though. I’m about to install latest version so would be really grateful for some help here.
Looks like the default installation is to “allow all outbound” unless otherwise configured (talking about the global rules here) – would it make sense to start a clean install with a block all outbound rule instead, then install my programs and then just go through and run them to answer the prompts in order to override the global block all? Or is there is a better way of doing this?
I’m using Port Stealth and following all the advice I’ve picked up but can’t seem to nail down the best method for allowing my day-to-day programs (they don’t change that much) the access they need while capturing outbound calls of any hidden malware I might pick up along the way. I’m doing a clean OS install as well so the field is wide open! Fairly new to all this so forgive me if I’m overlooking something stupid. Thanks a lot!
Outgoing traffic is handled by Application Rules. For Safe Files rules will be made automatically in default settings.
If you want to be alerted for each program set the Firewall Behaviour Settings to Custom.
The logic behind it is as follows.
Unsolicited incoming traffic first sees Global Rules and then Application Rules. That is blocked unless Global Rules tell different. That’s what we want from a firewall; no traffic coming in we didn’t ask for,
Outgoing traffic first sees application rules, giving the user the opportunity to block. Then the Global Rules will allow outgoing traffic as we basically want to connect to the web.
Please also read this chapter on Global Rules in the online help.
Thanks for that. So your saying that any unrecognized communication (ie. not originating from one of my trusted or installed and pre-configured apps) will be blocked from outbound connecting since it’s not recognized within the “Comodo Firewall Application Rules?”
I’m asking within the framework of Leak testing, to assure the inability of malware (say that came in through my browser) to “phone out” and communicate the fact that’s it’s penetrated my initial defenses. Please let me know if I’m interpreting you correctly and I’ll be on my merry way. Thanks again!