Can Comodo log all outgoing traffic from a specific Software?

BrownChiLD · April 3, 2014, 12:26pm

Hi Guys,

I’m investigating a software behavior, and I wanted to see what IP/Domains the app is connecting to (to see if it’s sending data to an address it’s not supposed to… i dont need to log the data it’s sending i just need to log all its outgoing connections…

If comodo can’t do this, what can?

regards to all

TJ

SanyaIV · April 3, 2014, 1:29pm

You can, or well you’re supposed to be able to do it anyway, set up an application rule for the application and then add the rules you want for it and then tick the box that enabled logging.

To see what has been logged then go to the logs and filter for only that application.

Edit: If you want I can make a video example.

worldwidewiretap · April 3, 2014, 1:38pm

Also BrownChiLD, If you are just wanting to see what these software are connecting to at the time of their use, simply click your active connections button in your comodo interface to monitor which ip’s they are connecting to and how many bytes in or out of your system is being tunneled.

BrownChiLD · April 3, 2014, 3:08pm

ahh yes, I actually use Sysinternal’s process explorer for this, very handy… however i can’t be looking at it all the time, need to “catch” the software when it does it randomly (as i suspect) … so logging all the connection’s it’s made throughout the day would be ideal… tnx tho!

ahh great idea… i didnt realize it was that easy lolz but thanks man… much appreciated!

rhgtyink · April 3, 2014, 3:12pm

Microsoft Network Monitor 3.4 can monitor per application network traffic.
You can download it here: http://www.microsoft.com/en-us/download/details.aspx?id=4865

BrownChiLD · April 4, 2014, 3:51am

Thanks ronny but does that “log” the connections per application? or is it just LIVE VIEWING? I couldnt find answer to this question from the product page itself…

jenny66 · April 4, 2014, 4:17am

[b]Set alert Frequency level[/b] - Enabling this option allows you to configure the amount of alerts that Comodo Firewall generates,.......

Level - Very high - doesn't help? http://help.comodo.com/topic-72-1-522-6314-Firewall-Behavior-Settings.html If you want more control. If about it a question? ??? Edit: Also FW - to put on the user mode.

rhgtyink · April 4, 2014, 9:31am

It’s live viewing, but you can also ‘save’ the capture to file(s).
Something like Wireshark but NetMon is capable of determining which process caused which traffic.

BrownChiLD · April 4, 2014, 4:21pm

hmmm… interesting indeed. I’ll definitely check it out, thanks a bunch!