COMODO Config

COMODO looks good (:CLP) but at the same time, it sometimes gives more promts than other firewall :THNK, how do i configure it to allow progs and remember it? isit becos the port used is different?

1 prog that hangs is Rakion http://rakion.softnyx.net/ and i get tons of prompts everytime i “Debug” in Visual Studio even though i allowed them. i know some router config since i am taking CCNA but its Cisco routers… and i am not too good in that either, so any guides? maybe not the “manual”?

Are you playing Rakion, or modifying it?

If you change the application, the file signature will no longer be the same, and the firewall will give you an alert. This is extremely frustrating to developers, but unfortunately at present there’s no way around it. Comodo is aware of the difficulty this presents, and will hopefully provide a solution with the next version of the FW (v3).

If you’re playing, you may need to forward some specific ports in the router and allow them in Network Monitor. However, you won’t see prompts/alerts for this, so it doesn’t sound like that scenario is very likely.

LM

for Rakion, i am playing it. or rather my brother is. i saw the COMODO log and saw that it blocked a file can’t remember which. then i allowed the file in COMODO. but it still hangs while trying to open Rakion. Alt+Tab doesn’t seem to bring me out to allow it thru COMODO but Alt-F4 quits the prog quite successfully. but then i can’t see which prog it blocks … except from the log

As for Visual Studio i am developing

Where is the Alert Frequency level?

Each level of AF creates/adds more detail to the popups and subsequent rules. For gaming, it is probably advisable to set it to Very Low so there’s only one alert per application, thus minimizing alerts/popups.

If it’s at High, for example, it will include Application, Protocol, Direction, Port, and at Very High will add IP Address to the mix. You can see where this would add more alerts… But Alt + Tab should refocus to the desktop to show the alert.

LM

but will it be save? to put to very low?

Absolutely. The rules are applied either way, and that’s the key thing; the main part of Comodo’s security comes from the fact that it has a layered format - Network Monitor, Application Monitor, and Advanced Analysis Monitor (combination of Component Monitor, Application Behavior Analysis, Advanced Attack Detection & Prevention, etc). The key thing is that you do not want to disable Application Behavior Analysis (ABA); as long as that is enabled, you can set Alert Frequency to Very Low and have no fear. As a matter of fact, the lead developer for the firewall has stated that he keeps his on Very Low so as to only get one alert per application; with ABA enabled, he will be alerted if something tries to hijack an application in any way, which is what we want to know.

Think of the AF Level in relation to having a lock on the door to your house (your computer). Ultimately, if someone living in the house (an application) leaves, you don’t care where they go, if they go on foot/car/bicycle/etc, when they go, why they go, or even if they return. There is a certain level of trust, or else you wouldn’t have given them a key (installed and granted internet access). What you want to know is if a “friend” (malware) who came visiting has put a gun to their head and demanded to be taken to the bank to withdraw cash (this is what ABA monitors).

Does that help?

LM

thanks for your answers (:CLP)

but it only works disabling application monitor. although i allowed the programs that may cause problem, the exe bin files - found to be blocked in the log.

Will you do this:

Open Activity/Logs. Right-click an entry and select “Export to HTML.” Save the file and reopen it; it will open in your browser. Highlight a section of the log (maybe 6 entries) that show the blocked application. Right-click and Copy the highlighted section. Then Paste into your next post here.

We’ll see what’s being blocked, how it’s being blocked, and tweak your rules to match…

LM

ok very later reply but anyways…

Warcraft 3

Date/Time :2007-10-07 13:47:13
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (war3.exe)
Application: C:\Warcraft 3\war3.exe
Parent: C:\Warcraft 3\Frozen Throne.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\Warcraft 3\war3.exe is an invisible application

Date/Time :2007-10-07 13:47:13
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (war3.exe)
Application: C:\Warcraft 3\war3.exe
Parent: C:\Warcraft 3\Frozen Throne.exe
Protocol: UDP Out
Destination: 165.21.83.88::dns(53)
Details: C:\Warcraft 3\war3.exe is an invisible application

Date/Time :2007-10-07 13:47:06
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (war3.exe)
Application: C:\Warcraft 3\war3.exe
Parent: C:\Warcraft 3\Frozen Throne.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\Warcraft 3\war3.exe is an invisible application

Date/Time :2007-10-07 13:47:05
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (war3.exe)
Application: C:\Warcraft 3\war3.exe
Parent: C:\Warcraft 3\Frozen Throne.exe
Protocol: UDP Out
Destination: 165.21.83.88::dns(53)
Details: C:\Warcraft 3\war3.exe is an invisible application

Rakion

Date/Time :2007-10-07 13:20:18
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (rakion.bin)
Application: C:\Softnyx\Rakion RSS\Bin\rakion.bin
Parent: C:\Softnyx\Rakion RSS\NyxLauncher.exe
Protocol: TCP Out
Destination: 202.57.111.182::40017
Details: C:\Softnyx\Rakion RSS\Bin\rakion.bin is an invisible application

Date/Time :2007-10-07 13:17:32
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (rakion.bin)
Application: C:\Softnyx\Rakion RSS\Bin\rakion.bin
Parent: C:\Softnyx\Rakion RSS\NyxLauncher.exe
Protocol: TCP Out
Destination: 202.57.111.182::40000
Details: C:\WINDOWS\system32\dinput.dll has loaded C:\WINDOWS\system32\dinput.dll into C:\Softnyx\Rakion RSS\Bin\rakion.bin using a global hook which could be used by keyloggers to steal private information.

There’s another post concerned with a game made by the same company which was solved a couple of days ago. Perhaps you could run the same application the user mentioned here to see if it makes any difference.

There’s also mention of a server maintenance on their site over the past few days which may also have affected your ability to play.

For WC3, it’s being blocked for “invisibility” reasons. Open the application rule to edit, go to the Miscellaneous tab, and select the box “Allow invisible connections.” That should take care of those alerts (might be others, but that’s it for that…).

For Rakion, same thing about invisible connects. Also, the dinput.dll warning, you need to Allow w/Remember. As I recall, this dll is used by the game controller input source (ie, joystick). Yeah, it uses a global hook. If you want to play the game…

LM

After allowing “Invis” connections, Warcraft 3 still hangs, … any ideas?

Take the above steps again, and let’s see what it’s doing now. Sometimes we have to go in stages…

LM