Comodo and drive-by-downloads?

Does Comodo Firewall automatically block drive-by-downloads or does it just generate a pop up with allow or deny?

Also are thinks that are logged as medium or high in the log have they been automatically blocked?

Also if I allow a program to access the internet but somebody trys to send a hijack attempt or trojan through that connection will it still be stopped by rules built into the firewall?

use Comodo Memory Guardian for that pls…
its designed just for that kind of attacks (called Buffer Overflow attacks)


Do you know anything about Port = xfont(7000)) and what Xfont is?

If you want to search info about a port look at

Port Application Protocol
7000 “xfont” (X Windows font server) tcp
7000 BAT.Boohoo.Worm tcp
7000 Exploit Translation Server tcp
7000 Kazimas tcp
7000 Remote Grab tcp
7000 Spyboter tcp
7000 SubSeven tcp
7000 SubSeven 2.1 Gold tcp
7000 W32.Gaobot tcp
7000 W32.Mydoom tcp
7000 W32.Mytob tcp
7000 file server itself tcp/udp

thanks mate for that link :slight_smile:

I know in the post above that Melih said to use Memory Guardian, but I was wondering if Comodo Firewall blocks incoming trojans/worms as I noticed in the logs it points out that port x is used by trojan y does that mean in can figure out when to block something from the rule list its just a lot of these viruses use internet explorer to attack and I just wanted to know if the firewall can tell the difference between a valid connection and one being used to attack (based on packets or something)

Both CFP 2.4 and 3.0 RC1 require you for outbound traffic to specifically authorise unknown applications/components. So, in sense, you’re protected assuming you do not authorise it. Unsolicited connection attempts (inbound traffic) are blocked by default anyway.

As explained in previous posts, drive-by-downloads are caused by BO (Buffer Overflow) exploits. Neither CPF 2.4 or 3.0 RC1 protect directly against BO exploits. They’ll both probably detect the short term impact of a BO attack… a new EXE/DLL/whatever will probably get their attention, and specially so with CFP 3’s Defense+. That would also detect the unauthorised writes to protected areas (both disk & registry) and notice any process terminations/creations and driver creations. Even memory access. Oh yea… whilst CFP 3 cannot stop a BO it would certainly notice it very quickly, if not instantly… and probably before it manages to do anything IMHO.

Now CMG (Comodo Memory Guardian) actually detects & stops BOs from happening. CMG is currently in Beta testing. Once it’s done, it’s technology will be exported to CFP 3. This might be after CFP 3s release, the timing isn’t clear. I Don’t know about 2.4, but they might since W2k users can only run 2.4. So, they may wish to port it to 2.4. Of course, there’s nothing stopping you from using CMG now & get BO protection. CMG is very stable. I’ve had no trouble with it myself. Although your mileage may vary, I think there are some possible conflict issues.

It’s always worth remembering to tell all your security software, if they can be configured so, to ignore each other… no point wasting resources in having them monitor each other & if 2 or more security apps jump on the same thing, at the same time… well, the results are often not very pleasing.

Well kail explained pretty much everithing ;D
The only thing I would like to add is to not use internet explorer for general surfing + in order to look at DLL loaded in a process you ned to set V2 component monitor to on.