Comodo Proactive Security and System Files

As well as the IP address and Location question, I now have a few options of the type of protection to install.

The recommended setting is “Proactive Security”, but does this include Comodo’s Anti-Virus?

The other options are “Firewall Security” and “Internet Security”.

Until my AVG anti-virus subscription runs out, I’d prefer to Not install the Comodo anti-virus, to avoid the risk of a clash between the two, but I don’t know if this is the right option to exclude the anti-virus.

Prior to this, I did a manual scan (as it didn’t start automatically, which I thought it would) which came up with no bad files but asked me if I’d like to take action or ignore several system files. As I have no idea if any are unsafe, I ignored them, hoping my computer isn’t at risk.

Tomorrow I will set about opting for the “Optimum Defense” level, which Chiron recommends to be the most suitable for novice users, giving higher protection than the basic firewall which includes the Sandbox.

If you don’t want to use the AV, I would recommend not installing it to begin with.

Click on the Customize Installer link, and deselect the AV.

Where is the Customize Installer link, unless you mean the option that asks you which components you wish to install?:

(Install COMODO Anti-Virus option not listed, which must be exclusively for CIS users)
Install COMODO Firewall
Install COMODO GeekBuddy
Install COMODO Dragon

The only option I installed from the above was the Firewall.

One of the others recommended me to install just the Firewall (so as to not clash with my AVG anti-virus) until my subscription expires before replacing it with the Comodo anti-virus and complete Comodo Internet Security. I have since switched to Proactive Security mode.

Puzzlingly, some pop-up appeared after my computer loaded up stating “Thank you for installing COMODO Firewall”, etc; “Now is the time to start familiarizing yourself with your certified GeekBuddy technicians”. Below these messages are “Firewall” and “Geek Buddy”, but unless this is a standard screen, I didn’t install the GeekBuddy, and this pop-up was persistent for some reason, taking about 5 minutes before it cleared.

I got my first alert today for an svchost.dll file, but didn’t know whether to accept or block it, and after the above pop-up cleared, I found that the Alert had disappeared.

Are there any particular System files in alerts that I should watch out for to ensure I don’t accept them?

As far as I know, all the system files that prompt for action in the Alert and Scan section are safe, but I am unsure.

Update:

I am gradually working my way through the set-up of my firewall.

Working my way through Chiron’s excellent guide, I’ve done a scan.

The guide confirms that I don’t have the anti-virus installed, as Scan automatically switched to Rating Scan, which would only work manually, if the anti-virus was installed.

As I don’t have the anti-virus installed, I’ve skipped over the Anti-Virus section, thus not clicked on “Update”, but under Security, no “Anti-virus” / “Scan” options are listed but these are:

“Defense+”, “Firewall” and “File Rating”.

Not sure why this pop-up keeps surfacing claiming that I’ve installed GeekBuddy. I’m assuming it’s a standard pop-up that appears whether or not GeekBuddy is installed. It also has the option to not show again.

In “Programs and Features”, it states I’ve installed Comodo Internet Security, even though I clicked on the “Comodo Firewall” install from the Comodo web site. Again, I’m assuming this is a standard installation that is listed as “Internet Security”, irrespective of whether the whole CIS or just components of it have been installed. I feel confident of this, due to getting verification that I haven’t installed the Anti-Virus section.

I’ve now completed the main recommended settings from the following link, skipping over the Anti-Virus and other optional settings sections to keep things simple. I can always incorporate some or all of the other optional settings another time when I’ve got more used to the Firewall:

As I’m new to this, I’ve not yet made use of the Virtual Kiosk or Shared Space sections of the Firewall, but it looks like I’m up and running.

As you’re running alongside Avast you should add all of Comodo’s files to the exclusions of Avast.

I’ve found out how to make AVG exclude specific files, but where are the Comodo files located for AVG to exclude?

If there is a way of instructing AVG to exclude a set of Comodo files, instead of having to manually add lots one by one, that would be better, but I’ve never done this before.

Does the “Virtual Kiosk” relate to “Virtual”?

There is a “Start Virtual Mode” in Ice Dragon.

In the Sandbox, I’ve found these options:

“Run Virtual Kiosk”

“Run Virtual”

“Open Shared Space”

I’ve followed your instructions from the link but thought I’d ask about the above, as I’ve never used the above facilities.

Once per day I am getting a pop-up with a different IP address to my own asking me if “I am at Home”, “I am at Work” and “I am at a Public Place”.

How do I remove the unwanted IP address?

In “Network Security Policy”, under “Network Zones”, this appears:

“Loopback Zone” -

"IP in [127.0.0.1 / 255.0.0.0]

Is it safe to remove the above without affecting my ISP and Firewall settings, which differs from the contents of this link?

http://help.comodo.com/topic-72-1-142-359-Network-Security-Policy.html

I don’t recall “v6” being activated before, so Comodo must have added this. I don’t know what difference it makes between having and not having “v6” running, but I’ve left the settings as they are.

I’ve never used AVG, but I assume it allows you to exclude entire folders (often adding a * after the folder location will tell it to exclude everything inside the folder).

Yes, this is the fully virtual environment which Comodo Firewall (CF) includes. Any programs run inside it, including browsers, will be run in an environment which cannot affect the actual computer. The same goes for any applications downloaded or run by the browser when it is run virtual.

I’ll let someone else comment about this, as I am not 100% sure. My thought is that it’s probably fine (assuming it’s the same IP address which appears each time), but it’s best to wait until someone who understands more about the Firewall can comment about this.

No adverse effects at present with my AVG anti-virus, but I’ll hold back on exclusions for the moment, to ensure that I do this correctly, to avoid no Comodo files being excluded or incorrect files accidentally being excluded instead of or as well as Comodo files. As soon as I get the opportunity to replace the Firewall with the full Internet Security suite, I will be able to incorporate Comodo’s own anti-virus, but as it’s very common for two different anti-viruses to clash due to competing with one another, I felt it best to place safe.

During the Installation, there was an option to allow Comodo’s DNS servers. As I’ve confirmed from two different program facilities that, at least at the moment, my local ISP is the fastest and nearest for my area (although I have Comodo’s DNS servers activated by default, solely in Ice Dragon), I didn’t install the Comodo one.

Will the browser and other programs inside the Sandbox still be protected, even with the use of my Local DNS settings?

Am I correct in thinking that Comodo has added IPv6 to be activated?

I feel sure that it was just IPv4 that was activated before.

Should I untick “IPv6”?

I have ticked “Enable malware domain filtering (Comodo Secure DNS)” in Ice Dragon, but when I check my DNS settings, there is no sign of Comodo’s DNS servers, just blanked out hyphens representing my local ISP’s DNS servers

Lastly, does this mean that the DNS filtering overrides that of my local ISP’s DNS server?

As to the additional, unexpected extra IP address pop-up, which only appears upon first loading of my computer each day, I’ll await further information on this. The only visible one (upon navigating around the Firewall settings) is different from this and my own server’s IP address, is Loopback Zone. I’ll retain this until it’s confirmed if I should keep or delete it, so as to avoid any unintentional connection problems.

Yes, your computer will still be protected from infection. However, there will be no Comodo technology protecting you from accessing dangerous sites.

You can activate this.

This will filter all traffic while you are using Ice Dragon through Comodo’s DNS servers, but no other. Therefore, it may be a good way for you to see if there are any problems with the speed.

Yes, if it is activated.

I’m sure someone will be able to help you with this.

I don’t know what that means. What is your own IP and what is the pop-up?

If or when Comodo’s DNS servers are located nearer to me, I’ll keep them in mind. It’s just that, as the nearest and only UK Comodo DNS server is a few hundred miles away, they would heavily slow down my connection.

What’s the difference between having IPv6 enabled or disabled?

IPv4 was definitely activated originally.

Since installing the Comodo Firewall, I have had three alerts, all automatically sandboxed:

One from VLC – Reported to be an “unrecognized program” which closed VLC Media Player. I then reopened it, anticipating it to be blocked. It still worked, but without sound. I then reloaded, this time with the sound restored.

Was I allowed access because it was quickly realized to be a safe program? I checked “Quarantine” but couldn’t find any sandboxed items.

Should VLC have remained sandboxed?

Prior to reloading VLC, I ticked the program, but didn’t click on “OK”. The right click options (which I didn’t activate) were:

Add
Move to
Remove
Lookup
Submit
Delete file
Purge

Not expecting the Sandboxed vlc.exe file to end up in a Safe location after I clicked on “Lookup”, I can’t be sure if vlc.exe has been confirmed safe due to the “Lookup” or it was quickly established to be safe.

Conime.exe – This pop-up appeared twice, both times instantly sandboxed. This one appeared as I scanned “DW Helper” (Video Download Helper) in the “Documents” folder, but later when not scanning DW Helper.

I suspect conime.exe is bogus, as according to the Internet, the genuine “conime.exe” file is located in the System32 folder. It appeared in my “DWHelper” folder (Video Download Helper) under “Documents” while I scanned the whole folder.

The pop-up with unknown IP addresses, asking me if I’m at home, at work or in a public place has surprisingly Not appeared today.

I’d rather not delete this IP address or the Loopback Zone IP address (both different from my own ISP’s address) until I know whether it’s safe to do so.

I am a bit confused.

Although I have “Enable malware domain filtering (Comodo Secure DNS)" ticked, there is no sign of Comodo’s DNS servers in my TCP/IP connections.

Are Comodo’s DNS servers redundant, despite the Comodo filtering being activated?

In other words, even though I have “Enable malware domain filtering (Comodo Secure DNS)” ticked, does this mean that Comodo’s DNS domain filtering will only work if I literally add in Comodo’s DNS servers into my TCP/IP connection?

Either way, I’ve not noticed any speed deterioration in my browsing.

For security reasons, I can’t divulge my ISP’s IP address, but it’s completely different from the pop-up’s IP address which previously prompted me once a day if I’m at home, at work or in a public place.

The Loopback Zone IP addresses are also different from the aforementioned prompt’s IP address and my own ISP’s one.

Surprisingly, since today, the Loopback Zone prompt hasn’t prompted me, so as far as I can tell, the non-ISP IP addresses are not being contacted any more, but I won’t delete the extra IP addresses until I’m 100% sure that they’re safe to remove, in case they break my connection.

A couple of hundred miles is geographically close on the world wide web.

What’s the difference between having IPv6 enabled or disabled?

IPv4 was definitely activated originally.

Since installing the Comodo Firewall, I have had three alerts, all automatically sandboxed:

One from VLC – Reported to be an “unrecognized program” which closed VLC Media Player. I then reopened it, anticipating it to be blocked. It still worked, but without sound. I then reloaded, this time with the sound restored.

Was I allowed access because it was quickly realized to be a safe program? I checked “Quarantine” but couldn’t find any sandboxed items.

Should VLC have remained sandboxed?

Prior to reloading VLC, I ticked the program, but didn’t click on “OK”. The right click options (which I didn’t activate) were:

Add
Move to
Remove
Lookup
Submit
Delete file
Purge

Not expecting the Sandboxed vlc.exe file to end up in a Safe location after I clicked on “Lookup”, I can’t be sure if vlc.exe has been confirmed safe due to the “Lookup” or it was quickly established to be safe.

If look up says it save you can trust that.

Conime.exe – This pop-up appeared twice, both times instantly sandboxed. This one appeared as I scanned “DW Helper” (Video Download Helper) in the “Documents” folder, but later when not scanning DW Helper.

I suspect conime.exe is bogus, as according to the Internet, the genuine “conime.exe” file is located in the System32 folder. It appeared in my “DWHelper” folder (Video Download Helper) under “Documents” while I scanned the whole folder.

Conime.exe belongs to Windows: conime.exe Windows process - What is it? .

The pop-up with unknown IP addresses, asking me if I’m at home, at work or in a public place has surprisingly Not appeared today.

I’d rather not delete this IP address or the Loopback Zone IP address (both different from my own ISP’s address) until I know whether it’s safe to do so.

I am a bit confused.

Are you using a wired or wireless connection to your router?

Although I have “Enable malware domain filtering (Comodo Secure DNS)" ticked, there is no sign of Comodo’s DNS servers in my TCP/IP connections.

Are Comodo’s DNS servers redundant, ldespite the Comodo filtering being activated?

In other words, even though I have “Enable malware domain filtering (Comodo Secure DNS)” ticked, does this mean that Comodo’s DNS domain filtering will only work if I literally add in Comodo’s DNS servers into my TCP/IP connection?

Either way, I’ve not noticed any speed deterioration in my browsing.

DNS is about looking up the IP address belonging to a url (something like www.comodo.com). So a look up will only be active when you go to a site. So you will only see it right after you told your browser to go to another website. But first the browser will look in Windows DNS cache , when it finds an IP address belonging to url there the DNS servers won’t even be requested.

As such DNS lookup is not a big influence on speed; once the name has been translated to an IP address your browser connects to the web site. Since that happens faster than loading a website you are not likely to see a performance difference when using another DNS server

Montana. Please make separate topics for separate questions.

With various topic you jump from the original question at hand to others that come to your path. Often those questions are not related to the topic at hand and the direct result of inquiries into your computer. The common denominator is that you see something you don’t understand must be therefor related. That is what makes your topics go all over the place. This makes topics hard to follow as 5 or so unrelated subjects need to be handled

In this topic we started with the question about a compatible av with Comodo AV. We are now at the same time dealing with questions about:
VLC media player alerts
alerts for conime.exe
questions about DNS
questions about New Network alerts

All those questions have their own angles of inquiry. Having them together in one topic creates confusion and making it hard to focus.

Making separate topics for separate questions will help all of us focus on separate issues.

When starting a new topic answer to the questions asking for additional information by members and moderators and don’t go wander about on your computer looking for things that you are also not understanding and brining those to the table. Only answer the questions at hand and stick to them.