COMODO Internet Security 2025 Premium

Could someone or does anyone know how to answer this question for me?

As long as you have file lookup enabled, any application that gets executed and is signed by a trusted vendor, that vendor will be re-added to the vendor list with its rating. For example you remove Google from the vendor list and then run chrome, it will run without being blocked and Google will be added to the vendor list.

3 Likes

Add Category - CIS
Tag - Beta Corner

Pin it

What is this mysterious phrase?
Explain your mantra!

Hello Everyone,

Why doesnā€™t CIS 2025 enable IPv6 filtering when it detects native IPv6 network?

Intermediate users are not aware that IPv6 is disabled by default and follow this default configuration.

Any malware attempt to connect on IPv6 will be silently allowed or will the containment be able to detect it? If anyone has done any testing could you share @cruelsister have you done any testing with malware connecting on IPV6?

Also, if legitimate applications can use svchost on native IPv6 to connect, malware can too and again the connection will be silently allowed (without IPv6 FW alert), which is very insecure (and bad).

Everything that is in containment it cannot harm the pc and it does only harm to the virtual hard drive called VTRoot which is the folder for the containment

No point worrying about ipv6 as by default the firewall allows all outgoing connections because the firewall is set to not show alerts allow requests. But there is a wish request to enable by default ipv6 filtering.

3 Likes

Hello, but was the request made by one of the forum moderators @EricCryptid in June 2018 considered?
Has what he said about IPV6 been implemented yet?

Do I need to leave this box checked for added security?

image

No it hasnā€™t been implemented yet, in fact the default configuration hasnā€™t been changed/updated in a very long time. Also firewalls canā€™t block applications using scvhost to connect out, that is prevented by either hips or containment.

Edit: only if your isp provides native ipv6.

3 Likes

If I donā€™t know or Iā€™m an intermediate user who doesnā€™t know if the ISP provides IPv6.
Is there a problem with checking this box or will it not change anything?

Depending on how your global rules are setup, enabling ipv6 filtering will limit or block ipv6 connectivity.

1 Like

Does the ā€œFilter IPv6 trafficā€ setting provide complete support for native IPv6 without requiring any rules in global rules with both stealth mode options?

In the past people had issues with connectivity when they enabled that setting, until they added certain icmpv6 global allow rules when they used stealth ports mode, Iā€™m not sure if the same issue would occur when using alert to incoming connections. If you have native ipv6 connectivity you can try it with both modes.

3 Likes

I used to add the ICMP global rules but havenā€™t in recent times and just let Windows Firewall filter it since CF doesnā€™t disable windows firewall. It probably doesnā€™t matter being behind a NAT Router with Firewall anyway.

2 Likes

your router probably already blocks that, but if youā€™re using a VPN that has support for IPv6 you may want to enable that feature.

1 Like

Iā€™m not seeing connectivity issues with websites or programs when I use any of the stealth mode options with the IPv6 filtering setting. I also get firewall alerts for IPv6 connections from unrecognized programs. Anyway, I disabled IPv6 in the network adapter as there is no clear info about IPv6 filtering with Comodo Firewall.