I have to say that CIS4 does seem to be causing quite a few alerts/events. Considering I upgraded from V3 with default settings except where I have allowed something I would have expected my PC to be clear of issues. I have allowed the internal network but now cant print to a network printer. Skype seems to be producing a large number of events between the laptop and PC I use in my home network. Am I better off going back to V3 and do away with the extra hassle.
Attached is a snapshot of Skype being blocked. What am I doing wrong? Thanks
[attachment deleted by admin]
Can you show a screenshot of your Global Rules (this is for the printer issue)?
The rule for Skype is probably somewhere below the All Applications rule. Move it to a place above the All Applications Rule and make it, for the ease of testing now, Trusted Application (when things work you could tighten up the Skype rule if you want to).
Each application that is under the All Applications rule is subordinate to that rule; that rule only allows outgoing traffic and blocks incoming. Hence why you see the Skype traffic.
Screenshot attached. Couple of things to mention. I have CIS4 with default settings Apart from a couple of days ago it was set up with SafeMode as the Security Level. I changed it to training mode two days ago. Any application (known) that has prompted an alert I have allowed and remembered where possible. Applications Sandboxed have been allowed to run out of the Sandbox when prompted. I have also attached Defense+ Computer Security Policy Application Rules.
One difference I note is that in CIS3 there would be many more specific applications listed in the Application Rules under Network Security Policy in the Firewall
[attachment deleted by admin]
I checked you Global Rules and at first sight they look absolutely fine when I assume the IP address of the printer is in either one the Orange zones. Please make sure that is the case.
I noticed that D+ doesn’t hold a rule for Skype. May be it got automatically sandboxed. See if you see a rule for Skype in My Pending Files. If it is there you can move it to My Own Safe Files.
Please take a look in the Firewall rules as described in the above:
The rule for Skype is probably somewhere below the All Applications rule. Move it to a place above the All Applications Rule and make it, for the ease of testing now, Trusted Application (when things work you could tighten up the Skype rule if you want to).
Each application that is under the All Applications rule is subordinate to that rule; that rule only allows outgoing traffic and blocks incoming. Hence why you see the Skype traffic.
First the HP printer is attached to the USB port of the PC that has CIS4 installed - so i assume then its in the same network. The Orange 1 & 2 networks were created when I had no internet and tried another router to make sure it was not me. I have now deleted those entries
There is nothing at all in the D+ pending files.
How can i check what is Sandboxed? I attach a sample copy of the D+ events logs which shows several Sanboxed as LIMITED even though I have selected not to run in the Sandbox
There is nothing in the Firewall Application Rules relating to Skype or any other application. If I had been prompted to allow it I would have - on the basis I guess Skype is trustworthy! I also attach a copy of the Application rules
[attachment deleted by admin]
In the default settings CIS will not make rules for Safe Application (that means it will apply a standard outgoing only rule but will not make entries in the Application Rules list). As a consequence Skype doesn’t show up.
Step 1 is to make let it make rules for safe applications: Firewall -->Advanced -->Firewall Behaviour settings–> enable “Create rules for safe applications” . After this Skype will be in the list. Then move Skype to a place somewhere above the All Applications rule and make it Trusted for now. The reason for moving is that when a program is under the All Application rule it will follow that rule and won’t allow incoming traffic.
I changed the rules for safe applications: Firewall -->Advanced -->Firewall Behavior settings–> enable “Create rules for safe applications”
As a test I installed a couple of applications - reinstalled Skype as well - and updated a few others to see what would happen.
Unfortunately nothing did - I went to Firewall>Advanced>Network Security Policy>Application Rules and NO additional rules have been created.
That’s odd. Did you close down and start Skype after the enable “Create rules for safe applications”?
I did along with about three other applications. Am I better to start from scratch - reinstall Comodo and change the default on Comodo to get it working better? Thanks
Starting fresh and clean makes sense. You can run this clean up tool after uninstalling and rebooting.
Clean Install and also ran a couple of registry cleaners to make sure nothing left over - also got rid of some hidden Comodo Folders reboot etc etc.
Installed with Default settings -New network allowed for File & print Sharing - then changed Firewall to training mode and create rules for Safe Apps. Stealth Pots wizard set to stealth except items in my zone. Under Firewall Network Security policy Created My Router rule to ignore some ICMP messages where host is unreachable.
PROBLEMS
Opened several applications - no new rules created for Safe Applications.
Summary Page for CIS shows 1 threat detected in Virus Defense but nothing in the log,quarantine or pending files to tell me what it is!
NB
I have set training mode and create rules for Safe Apps in both Firewall Behavior settings and D+ settings.
Every time I boot up Virus Defense tells me there is 1 threat - but there is no way of finding out what it is!!
Bring back CIS3 - never had all these problems with that version - where can I download it?
Thanks
Thanks - will leave CIS4 for a while till it settles down.