I did it once using Comodo Interrnet Security V5.12 [ previous version ] This linkhttps://forums.comodo.com/defense-sandbox-help-cis/block-internet-access-with-comodo-defense-t85876.0.html
I Want to do it one more time with comodo internet security version 6 [ see image ].
There are various problems , I shall post step by [ may take 5 threads ]
I want to add \Device\Afd\Endpoint in blocked zone of PROTECTED FILES AND FOLDER OF A PREDEFINED POLICY
,in previous version i just clicked brows and aded the \Device\Afd\Endpoint
but in this new version there is no option to brows in Protected files and folders [ see image ]
Now how i am suppose to add this , is there any way ???
I did it before , i don’t use firewall to block internet access of a particular software ,
defense + is 100% guarantee and worry free . and sometimes firewall fails to do this [ in some exceptional condition , but it happens ]
When you want to add an allowed/blocked file in a HIPS application rule, just click on add > files, it is the equivalent of browse in V 5.
For the registry keys that you will have to block, it will be easier to make a group in “Registry protection” and then add it to the Blocked Registry Keys in the application rule. Reason : in V 6 you can add and remove registry keys in the app rule but you can’t edit them. In “Registry protection” groups you can edit them.
Should not be much of a problem (at least, not on my system).
Advanced Settings > File Protection > Groups
I have a group (predefined by CIS ???) of Windows Sockets Interface (but you can make one easily yourself); this has the \Device\Afd\Endpoint string in one of the two interfaces listed so this can be added under the Modify parameter in the Ruleset’s Protected Files / Folder dialog. (See the attached pics below)
Also, you can just use the Add > File selection (in the first post), select any file, click ‘Open’, select that entry and double click on it (or right click and select Edit). In the text box that opens, delete the location string and replace it with \Device\Afd\Endpoint and click OK.
Any ideas how you actually block and terminate a connection with this version?I know its within killswitch somewhere.
Also what would happen if malware prevented killswitch from opening ,then i would need another program to terminate a connection.
An option within the GUI would be a better alternative just like 5.12. :o
I think Kill-switch don’t provide enough information to analyze the situation , and its not handy too.
There is no option in Kill-switch to terminate a connection , they don’t think its a necessary feature and i also never used it too often , but i would like to see this feature .
Its impossible for a malware to block KS from opening. You need to start a new Thread about this topic .
KillSwitch allows you to close any connection which is active. This can be found under the Network tab. Right clicking on an active connection will provide the option to close it. However, note that this option is only possible for active connections. Those which are just listening cannot be closed for obvious reasons.
Kill an active process via Killswitch right-click. Before having Killswitch I did it with Process Hacker though some cannot be terminated effectively. Have not tried other active process’ yet in Killswitch though.
Sorry for late Post ,
here is the new predefined Policy [ Named it : blocked internet access ] Run An executable: allow all applications Protected COM interface: Block C:\Windows\System32\svchost.exe
Protected registry keys: Block the following keys [ copy paste as it is including * \Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections \Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable \Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer \Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride \Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
Protected files and folders : block \Device\Afd\Endpoint
you can also block Windows Socket interface [ you can find it under rotected files and folders if Proactive config is enable ] But some applications may not work .
Block DNS Client service.
and set everything in allow state for ex . Tick on allow for process termination , note you need to set everything to aloow .
Done.
If there is anything left or you want me to add anything new , please post .
