comodo firewall or cis

new here so firstly, hi to all.
please be gentle with me guys as not used comodo before so have no real idea about it.

have used zonealarm free up til now on my windows XP drive (i dual boot XP and Windows 7 ultimate), but it seems to becoming a less desirable product, hence the switch to comodo firewall. as i have an A/V and use various malware cleaners, i just downloaded and installed the firewall. was that the sensible option or should i have installed the cis? would i have had the option of not installing parts i didn’t want to use? apart from not needing the A/V, what advantages are there of installing more than just the firewall?

have seen several topics and guides about cis install but none about the firewall only. are there any?
although i have become more disillusioned with zonealarm, it did give me the option of allowing/stopping both inbound and outbound internet access for each program. how do i achieve this with comodo without having to make my own rules (never done this and dont know how, sorry)?

i guess a complete idiot needing a complete idiots guide. basically, i would like to be protected, whilst being able to chose what programs i want to have internet access from and to my machine.

anyone able to advise me, please?

under “more” in the user interface you find a help book. with many points to click, so you can choose what your question is.

generally, if you never made rules yourself, 99% of all programs which you want to have access to the internet will run perfect with a rule for that program “allow OUTgoing UDP+TCP”. then reuquested answers can come IN, without having a ingoing rule. Usually your pc requests something from the internet, even if you use a email collector program or windows updates for example… all what you need is requested. as long as you are not running a server or use p2p.
and use the stealth port wizard “hide me from everyone” to get no questions about UNrequested INgoing attempts anymore.

also there are some guides to give examples of settings for firewall.
Gizmo's Best - The best of Gizmo's Freeware from a user of this forum.
there are others here, on top of this section where you posted in :wink:

i use a more “secure” setting, as i am fine with little interrupts of “useabillity” while making a whole setting. then my comodo is silent too :slight_smile:

but i think, this all will help you to make your own decisions. and if you want to decide everything yourself, choose custom policy for firewall, instead of safe policy which generates rules itself.

go one time through each window to enable or DISABLE what you (dont) want to have (i disable cloud and sandbox, and i dont mark “trust trusted vendors” ect).

hi clockwork.

many tnx for reply. have been through the various settings and changed a couple of things, including disabling the ‘cloud’ stuff. will see how things go. getting requests now from progs as i open them, but defining my answers to be remembered.

as i use the firewall only, am i missing out on much in the way of protection and what advantages would i find if i used, say, defence+? couldn’t see the ‘leak test’ part i read about. wondered where that is and best way to set it up (if i need it), as sometimes will have to make myself visible, you can guess why ;). hope you dont mind the further questions.

If you’re using only the firewall, I’d definitely enable D+ unless you are already using another HIPS product.

defense+ asks you, if for example “explorer exe” tries to run a program.
it can protect you from automatic running virus. (avoid trainings mode, it generates rules for everything running while in that mode).
only allow things that you know, and be suspicious about suddenly happening events.
when the question is “explorer exe tries”, NEVER treat explorer exe in this first question “as trusted”. because you would not get the question for any explorer exe action again. explorer exe question is the first buffer, you see what i mean? :slight_smile:

defense+ can run in safe mode, and with the white list you dont get too much questions.

right click on the comodo icon, to switch to proactive mode under configuration. thats the most secure setting. its the “whole suite ground setting”, and you still choose the specific additional settings for firewall and defense+ (firewall: custom policy; defense+: safe mode)

tnx for further replies, guys. much appreciated. have enabled the 'defence+ (safe mode) and the ‘proactive security’, which i assume is the HIPS part? firewall is in ‘custom mode’ as also suggested. will test now and report any problems.

just downloaded the leak test from the forum and tried it. score was 30/340, which i assume is pretty dismal? suggestions now as to what i need to change to improve things, without isolating myself entirely from the ‘net’? sorry guys, not meaning to be a pain but…

i disabled the sandbox from comodo, because its meant to avoid just questions. to reach that, it allows suspicious things to run inside (maybe even this test). i use a standalone sandbox, where i choose what runs. in all other cases defense+ stops things, like it should.

when you run a leak test, comodo asks questions, right?
i see, as you want to use this test, you might have allowed these questions. but to test your defense+, you should stop answer with “allow” from the moment when the test is running.

i didnt used it myself lately. try it again. allow explorer exe to start the test. and then look what is asked. try to start to say “block” as early as possible (or say nothing :smiley: ). and then your score should become 340/340 :slight_smile:

your answers are part of the protection!

(about proactive security: my example was the question of “explorer exe tries to run something”… this question was missed as i tested the last time “internet security”. i think, proactive is using all(!) aspects of defense+, while the firewall is full too)

And one thing, dont forget to make a port scan. to see if your firewall setting is good. all ports should be closed or stealthed. there are online scans… choose one which is suggested by a trusted magazine or site :wink:

probably being extra thick here guys.
when i open the ‘leak test’ program, double click to run it, click ‘allow’ in comodo defence+ (or program wont run) then click on test, i get the result (txt file attached). from what i saw, only had 1 chance to say ‘block’ in comodo whilst ‘leak test’ running. obviously not get things set up right, but dont know what to change.
need more help guys, sorry.

[attachment deleted by admin]

if i run the leak test in ‘sandbox’, i get the result attached below, which looks pretty good. however, running in ‘sandbox’ must surely be defeating the object of the leak test?
so, what do i need to change guys?

[attachment deleted by admin]

what i did:
i went through all windows and tabs of comodo and enabled all levels of protection of defense+ (not sandbox, not cloud), or increased them with moving bars.

everything what can be changed is visible :slight_smile:

just make sure that you dont miss a window.

when you would describe all your settings, i could tell you what to change. but you will notice that it would be a big work to describe all settings and places :slight_smile: .

enable and increase all (checkboxes and moving bars). simple as that :slight_smile:

(i dont suggest the sandbox, and i would not use the cloud things!)

i tried to make the test again. but as i didnt find a download from comodo direct, and as my antivirus was beeping when i tried to download it where else, i didnt. but i had allways good results. and i just did what i suggested you to do :smiley:

tnx clockwork. sorry to keep taking up your time. just re-ran the tests and got 320/340, not sandboxed as far as i can tell as turned that off and unticked everything under ‘sandbox’, except show notifications for automatically sandboxed processes’ and ‘automatically detect installers/updaters and run them outside sandbox’. also didn’t set password under ‘parental control’. did try the defence+ ‘paranoid’ mode but drove me crazy, ha ha. gone back to safe mode. changed nothing else under the ‘more’ tab sub headings. the two ‘vulnerable’ bits now are ‘impersonation:explorer as parent’ and ‘impersonation:coat’. not bad now. will reboot machine and see if anything changes when test is re-run and post back.

tnx for your patience

all stayed the same on test re-run. so will continue to monitor. as i have installed the software on my XP partition, wondered how it will run on windows 7? eg, is there any ‘slow down’ when opening IE8 or Firefox? worth using instead of windows 7 firewall?

your pc is better than mine as you can run windows 7. if i tell you, i dont have slow downs, you for sure will not have one too. (use 64bit version if you have 64 bit OS).

i am not sure about windows firewalls. i think they have only inbound protection. they would never protect you against leaking out.
they might be better today, but still, i would always use a whole firewall.

i dont know why your test fails in two categories. maybe you missed one increasing, or missed one checkbox. but anyway:
security products should only be little helpers. the basic security “product” is your behaviour and choice. as long as your firewall is closing all holes (in and out, look carefully for the right settings!), and as long you dont run malicious software, you should be fine. even if a test isnt 100%.
i set all high, use this and that additional, but i look each time very carefull what i am about to run. important is that no one can connect to your pc from outside… because then its only you who can make mistakes :slight_smile:

to be honest: defense+ never had to save me from anything, i still use it out of routine. it gives you control about what happens. and when you one day put a usb stick in your pc, and your antivirus tells you about an autorun virus… well, no worries, defense+ had stopped it (most possible) if it had tried to run allready. if you keep using the comodo sandbox on the other hand, it might have running inside it, and dropping things. thats why i disabled the sandbox. i use a standalone sandbox. without “automatic allowing to run features”. and i let defense+ ask.

compared to other products, one or two test point failures are still better than them :smiley: … there are expencive products out there which reach under 5% from 100%. comodo usually reaches 100%.

i looked again through all settings. since version 5 there are some things not more there. for example that you could define what kind of things defense+ should warn you about… exe, bat, dll… this seems to be predefined now.
as my tests were with version 3 and 4, i dont know how my results would be today. but the settings that are in version 5 are easy to see. all are marked, all are set high here. if my result would be not 100% now, i couldnt change it myself. its in comodos hands :smiley:

First of all I don’t recommend dual booting like win xp and win7.

Take the complete CIS.


tnx for further replies and advice guys. really appreciated.
i run dual boot because of a couple of programs that just dont seem to run right on windows 7. i am sure that eventually they will be updated so they will (no doubt just in time for windows 8!), but in the meantime need to keep XP.
will image my windows 7 partition (using 32 bit. still too many things not right with 64 bit system for my liking) and then install comodo. if it runs as you suspect, ie no slow downs, i will be happy. windows 7 firewall is much better than the one in XP, but tend to agree with you, clockwork, not how it should be, really.
will post back results and any problems if encountered.
tnx again

First of all I don't recommend dual booting like win xp and win7.


I double boot on 2 separate harddisks xp…and xp, in order for the first to run cis3 and the second cis5.

And so what?

just an update guys. install comodo exactly the same on windows 7 as i did on XP. all ok so far. also did a leak test and stealth port test through gibson site. leak test passed but stealth port test failed on ‘ping’ test (ICMP?). dont know why or how to correct the problem. settings are the same as XP so will use same checks tomorrow on that drive and see result. will also use the leak test from here as well on windows 7 and let you know what happens.

hi again. well, all seems to be fine on Windows 7 atm. ran the CLT and got full marks! dont know what the difference is between CLT and the Gibson leat test/stealth port test or why that says my pc failed a ‘ping’ test (my pc answered?). exactly the same result on the XP partition. any suggestions as to problem and cure appreciated.

anyway, am obviously much better protected than before, so got to be good, right?

next thing is i came across comodo free VPN on the ‘net’. dont know if there is a separate forum for that but gonna look. if not, or i cant find (duh!!) can i post questions here?

help received from here has been extremely good and i am very grateful to all, especially clockwork. tnx again.

The ping issue is largely documented in this forum, so let us make it short:

-set in firewall global rules blocking rules for icm echo request and echo reply
-run the stealth ports wizard in order to be “invisible”.

-If not enough, check your router settings, there might be one to disable ping requests.
-If not enough again, and if you only have a computer (or for testing purposes), set if such an option exists your router as DMZ for the tested computer.
-If still not enough, it means that your router, and not your computer, is actually tested, and that you always shall fail GRC.

tnx for reply, brucine. i think things are getting a little above me now. said previously that this stuff is new to me. i am inclined to leave things as they are atm and see how it goes. if i try to go too far when not understanding what i am doing, wont be helping myself. considering what comodo is doing now in relation to what i had (only windows firewall on windows 7), i am pretty happy.

tnx again to all