I am new to firewall software. So, please don’t flame me :X
about the comodo firewall, i just create some rules in the “Applications Rules” for my trusted applications.
Now, for the global rules, i only use the (block icmp in from ip any to ip any where icmp message is ECHO REQUEST)
Let’s say if my computer is infected with spyware/virus and it will send out my pc information or maybe letting someone to hack into my pc.
Do i have to stealth all of my ports and block any incoming connections in " Global Rules" to block it?
or my current setting will be able to block it too?
Welcome to Comodo!
First, there are plenty of rules configurations out there that trusted folks here have posted, but everybody’s systems are different and therefore so is the rules they need.
Basically if you’re worried about Spyware getting your info out, this means you aren’t thinking about keeping it out in the first place. In case it does happen tho, CFP will alert you if a new process is trying to access an outside port. Usually it can alert you if this process is a known Spyware process but in many cases it can be “Unrecognized” and you have to do a little work before you allow or deny it.
When the popup alert comes up asking what you want to do with a certain process’s attempt to contact the outside, if you click on the process name it will bring up that process’s properties page. Many times this is enough as theis also tells you who owns this process and you may recognize it as legit. However, if you don’t recognize it then Google is your friend…simply Google the process name and there should be plenty of info on it. If Google returns NO info at all, that’s ALWAYS a bad sign which means it’s a new and unknown malware process and you should submit it to Comodo for analysis.
Most of the time you can find exactly what the process is and who owns it very easily using Google, and this will tell you whether you’re infected or not. Of course you need a top notch AV product running and good quality Anti-Spyware program too, if you are prone to getting infected. What securtiy apps do you have installed?
Hi, so does it means comodo firewall will alert me if there’s any incoming/outgoing connections made by the unknown applications, unless i create rules for the application whether to block or allow it, then it wouldn’t alert me anymore, right?
before i was using eset smart security 3, but i need to allow any connections made by the ekrn.exe. So i select it as a trusted application,but when i view the active connections, all connections are made by the ekrn.exe. ( for example, when i’m using firefox, it isn’t showing up in the active connections).
I thought it is because of incompatible, so i switched to kaspersky AV, but same result.
Is it ok to allowed or make it as a trusted application? If i allowed it, does it means the ports which are used by the ekrn.exe or avp.exe are vulnerable to hacker attack?
This is my current rules for the AVP.exe. Is it ok?
[attachment deleted by admin]