Comodo changed security policy on its own


I have the newest version of Comodo.
Not sure if this is the proper place for this thread, please excuse.

Today I got paranoid because I noticed that the firewall policy was set on “custom policy mode” instead of the “safe mode” that I always have.

I have never changed it on purpose, and I am 99.5% sure that I haven’t changed the setting by accident either.

I noticed this new state, because I had suddenly zero “intrusion alerts” while normally I get tens of them per hour (sometimes even hundreds - but I have a dynamic IP, and from my understanding these intrusion atempts are connection attempts from computers previously connected to my IP or massive port scans - I have NO hardware firewall at all so they all get blocked by Comodo)

anyway, i got paranoid that either a bug or -even worse- a hacker, changed my firewall policy today morning (im the only person using my PC). I was scared because I assumed that whilem in “custom policy mode” the firewall was turned off (i had no idea what “custom policy mode” means, but from what I am reading now, it is not less safe than “safe mode”, right?)

anyway, theres a chance that I simply got ‘lucky’ and had no intrusion attempts for that hour (to recap - i noticed no itrusion attempts for a whole hour after I got online, and then i noticed the policy is “custom policy mode”) and I over-reacted immediately :slight_smile:

is it possible that it’s been changed by a bug? i cant imagine really a hacker suddenly changing it… i mean if a hacker wanted, he’d just disable the firewall instead of applying “custom policy mode” IMO (im not a tech guy at all, i dont even know if its possible foir a hacker to get into my PC and change my firewall settings (and do other, much bigger harm), assuming firewall, defense + maximum security and Avira are running).

also, speaking about bugs, I noticed that around 3 times in past 6 weeks it happened that after whole day running the PC comodo reported around 56-60 running processes, instead of the usual 35-40 for me. when i clicked on the details, I only saw these 38 or so… and then I experienced a comodo crash and a message about a bug and question if I intend to report it…

anyway, im very sure i never had 57 processes running, especially since at the same time windows was showing only 39 and comodo was saying there are 56-60 but didnt list them all… after the crash and re-openiong Comodo 2 minutes later, it was back to normal, reporing around 37 processes.

perpaps my problems with lack of virtual memory, often reported by my windows, contributed to the bugful running of this application (my pc is 5.5 years old)

so the second part of my post should go to Bug Report I guess, not sure about the first half.
as said , I am very sure i didnt change the policy from “safe mode” to “custom policy mode” ever, but i hope no harm was done either… i got curious and changed manually later to “custom policy mode” again and did the GRC scan and apparenlty the ports are stealth in “custom policy mode” as well…

I also did scans with Avira, super anti spyware and malwarebytes and they didn’t find anything…

sorry for the LONG post, heh :o

Moving the Firewall security level from Safe mode to Custom Policy would not be done by a hacker as it is tougher security level. May be a guardian angel…? (:NRD)

Iirc CIS doesn’t refresh the process list on a real time basis. You probably see stuff that has already closed.