How To create a predefined Policy in Defense + which will help you to block intent Access of a particular program ,
for example i don’t want a program which don’t have proper signature to access internet ,
of course i can do it with firewall , but is it possible with Defense + ,
there are only Four Predefined policies which don’t include what i want
When Customizing a new policy i can see many option which include DNS Client service i have marked the attribute as block , but no luck .
is there any way to do this , please help i am using COMODO for two years and i don’t know how to block internet access with defense + ,
i Know how to do it firewall and i know one method in which you edit groups and creat a new group and set it to block in firewall but BUT I WANT TO CREATE A PREDEFINED POLICY IN DEFENSE + EXCLUSIVELY TO BLOCK INTERNET ACCESS OF A PARTICULAR PROGRAM
As far as I’m aware, you will not be able to create a policy in Defense+ that blocks internet access, because that is the job of the firewall.
As you’ve already figured out, you can create file groups in Defense+ and block that group in the firewall, but that’s as close as you’re going to get.
If i’m not mistaken, to block internet access through Defense+, you have in the application rule (or in this case in the predefined rule) to block in the access rights :
DNS client service
Device\Adf\Endpoint in Protected Files & Folders
4 HKUS keys for internet settings : proxy enable, proxy server, proxy override and saved legacy settings in Protected Registry Keys
The easiest way is to set temporarily Defense+ in paranoïd mode, launch one of the program you want to deny internet access to and answer block and remember for the elements I mentionned above. This way you have the template to make the rule for your Predefined policy.
when you create your Predefined policy, click on “customize”. A window will open allowing you to grant/deny the access rights you want (see 1st attached image).
In the access names, go to
“Protected registry keys”, click on “modify” then on “blocked registry keys” and add the 4 aforementioned ones (see 2d attached image)
“Protected files and folders”, do the same but add Device\Adf\Endpoint (see 3d image).
You can mention as registry keys :
“\Software\Microsoft\Windows\Current Version\Internet Settings\Proxy”
“\Software\Microsoft\Windows\Current Version\Internet Settings\Connections”
it will be easier. Don’t forget the asterisks.
To enter these 2 registry keys, just add 2 keys from the registry (anyone will do), right click each, then chose modify and type the 2 aforementioned ones.
:-TU Done .
I created a predefined policy and modified it . Protected registry Keys [ blocked ]:
HKUS\S-1-5-21-473914189-1061325093-1451321557-1000\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKUS\S-1-5-21-473914189-1061325093-1451321557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKUS\S-1-5-21-473914189-1061325093-1451321557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKUS\S-1-5-21-473914189-1061325093-1451321557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKUS\S-1-5-21-473914189-1061325093-1451321557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKUS\S-1-5-21-473914189-1061325093-1451321557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings \SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections Protected COM Interface:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
C:\Windows\System32\svchost.exe Windows massage :
windows massage
C:\Program Files\Mozilla Firefox\firefox.exe Protected Files and folders :Device\Adf\Endpoint [ Need help , i just copied and pasted what you posted , please explain a little bit ] DNS Client services : Blocked
but there is a little bit problem : if you run a application whose rules in Defense + is as mentioned ,if you ask to update that program , the firewall alert pops up and ask for the permission if you click yes , the app is still connects to internet and and says to there is an Update click Yes to update .
it means In firewall we still need to Block that app , that's what i don't want , i want to block that app in such a way it is not allowed to connect internet this way , i don't want involvement of firewall .
I failed to figure it out what that program do before it try to connect internet , i am stuck with final step .
is there any way , even if allow to connect to internet through firewall , it is still not able to connect cuz Defense + is blocking it , I am stuck with this final step .
First, I forgot to mention that if you are running win7, you must also add “\Device\Nsi” (not the case for win XP). Device\Adf\Endpoint and \Device\Nsi are for access to Windows Socket Interface. You’ll find info on WinSock here Winsock - Wikipedia
If you want to be sure that no part of a program could connect, make a group with the folders of the program in c:\Programs and C:\Program Data and apply your policy to this group.
To make a group : Defense+ > Computer Security Policy > Protected files & folders > groups > add > A new group > give it a name > apply > go to the new group > right click “add files here” > add > select the folders of the program > apply > apply.
My fault Ronny. It was of course correct in the image of a CIS window I posted earlier in this topic, but I reverse letters when I typed it! :embarassed:. Must be dyslexic some time. Thanks for making the correction.
† Jesus Christ †
Boris You are A genius , I think if someone wants to Block internet access of a Particular App , he
should read this Thread . I tested the Whole thing with VLC media Player and it says " An error Occurred while checking for updates " That is Just Awesome , I didn’t even have to use firewall .
I done Exactly what you said in earlier Post , those three Images were Very Useful . And later added \Device\Nsi to protected File and Folder . I also added " * " in " Allowed Applications " of ’ Run as executable ’
For those Who Don’t know how to add those HKUS keys mention by Boris , read his all post and do like what he said ,
set "defense + in paranoid mode , launch any’ trusted application ’ and when defense + window pops of for permission click yes or not [whatever you need to do ] but don’t forget to tick remember my answer box , now you go back to defense + plus and open the settings for particular app and Copy those keys "
All things work 100 % . And also create groups in Defense Plus so you can deploy rules on multiple programs or All programs in one or many folders .
Thanks to Boris Once again .
