Block all outgoing connections without alerts / warnings

cv7845ki · August 7, 2008, 3:44pm

Hi,

I am a long time user of Zone Alarm but am looking to switch my personal firewall.

After testing some, Comodo seems to be what I’m looking for, however I’m struggling to get it set up exactly as I would like.

My preference for setting up ZA was to use the advanced program settings to deny any program from accessing the internet / acting as a server etc. This would then be the default setting and ZA would not alert me about any program (old or new) – I would have to go into the program list and manually switch the cross to a tick if I wanted to allow the relevant access. For internet, this wasn’t many apps and wasn’t as time-consuming as it maybe sounds.

In Comodo, I have set up a global rule to block outgoing connections and set the behaviour to custom, which does what it says, but I cannot find a way to override the setting to allow some programs outgoing access. I would have thought each app would appear in the application tab giving me other option to allow outgoing access. I don’t have to add each app manually?

Is this something Comodo can do and if so, can anyone give me an example or suggest an alternative?

Thanks,

system · August 7, 2008, 4:16pm

If you use a global rule to block all out, you will need to add a global rule to allow each individual application. This is because the global rule will block all of the outbound that are allowed by the application rules. An alternative is to add a block all rule as the final application rule instead. Then if you have an individual application rule to allow a browser, mail program, … it will never get to the block all, since the application rules are evaluated top to bottom. And the block all will silently block all of the applications not allowed by your earlier rules. You can also choose whether to log the blocks or not.

riggers · August 7, 2008, 9:04pm

You should end up with “Application Rules” like below,then you can change the rule to ask if you wan`t an app not listed to connect out.
You should also change Firewall/Advanced/Firewall Behaviour Settings/Alert setting to at least “High”

Regards,
Matty

[attachment deleted by admin]

cv7845ki · August 8, 2008, 11:54am

Hi, thanks for the replies,

I think I understand you correctly, but won’t this way still require me to go through the process of adding each app that I want to give access to? Will the blocked apps be available to edit somewhere in Comodo, so that I can easily switch between deny/allow (using two different rules, I guess)?

Here’s what I have done:
– Firewall behaviour settings > security level: custom
– Firewall behaviour settings > alert level: high

– Network security policy > application rules:
---- select > file groups > all applications
---- network control rule: block / outgoing / log ticked / any

This blocks all applications, and if I run, say, Opera, outgoing is blocked. I can go in to application rules and add a rule to allow, and then move this above the block all rule, and everything is as I want it (and I think as you have outlined?).

However, I am looking for an option whereby Comodo logs that Opera tried to dial out before I add it to application rules, and adds it to a list – I could then make the switch in one click from the list without having to search and add the apps.

This is the one thing which keeps me tied to ZA at the moment. For example, if I install something, it’s easy to open ZA, tick the app for internet access, let it update or register, then lock it back down with an X

I guess I can live with adding each individual rule if this isn’t possible, but it seems like there should be a way to do it…

Thanks