Component monitor

Hello. I have been using the Comodo firewall for almost two years. (Version 2.4.18.184.) The other day, for no particular reason, I was looking at it, and I noticed that the component monitor has been in the “learning” mode for all this time. Is there any advantage (or disadvantage) to turning it on, or should I just leave it alone?

Thank you to all who take the time to reply.

Welcome to the forums, rlprlp!

First, my apologies for the delay in replying to your post.

Having the component monitor “turned on” would be better, as it is checking by the various system components and would notify/block anything that was against the rules. In a “learning mode”, CFP presumes the activity is normal for your machine, and uses that activity to build a list of components that are then presumed good.

After this much time, CFP has probably built a very extensive list. But it will not have checked that list. At this stage, changing your settings to be “turned on” probably wouldn’t be effective, and could give a false sense of security. It would probably be better to stay with “learning mode”, and recognize that CFP isn’t checking all that it could. For your machine, that would be seem to be sufficient.

There’s more detail in the CFP on-line Help about the various settings for the component monitor, and what the monitor checks for.

Thank you for the reply, but your answer has left me a little confused. In your first paragraph, you state that turning it on would be better. However, in your second paragraph, you state that leaving it in learn mode would be better. This leaves me still uncertain as to what to do.

Sorry for the confusion. You have something of an atypical situation, that is leading to a judgment call on your part.

Normally, learning mode is used for a little while, allowing CFP to create a list of allowed components. During this learning mode, those components are presumed good. Then, later, CFP is “turned on”, and any unlearned component will be questioned, and you’ll get a prompt/alert to say it’s okay, or not.

But, having run learning mode for a very long time, all those learned components are now presumed to be okay. But are they, really? If even one is not, and you “turn on” CFP, then that component is an opening into your machine which you think would be secure. Staying in learning mode still leaves the opening, but you know it is not doing the blocking that it would otherwise be doing.

So, you have a judgment call to make: do you trust the list of components that CFP has learned?

If you do trust that list, all of it, each and every item, then you can “turn on” CFP.

If you don’t trust that list, then staying in learning mode won’t hurt you beyond what is already on your machine, and is a reminder that CFP blocking is not set.

Does that help?

At worst, you could make note of what your CFP network rules are, then uninstall CFP, then reinstall CFP clean, and turn everything on to begin with. That would remove everything that has been learned so far, so there wouldn’t be the question. CFP would block/prompt/alert you to everything happening, which could be a bit overwhelming for a day or so. It would allow CFP to have a known good list of things allowed on your machine.
That’s some bit of work, and annoyance over several days, but it would have CFP at full strength protection.

Thank you for the advice. Comodo has seemed to protect my PC all this time as is; I think that I will just leave well enough alone. So many programs on an average PC, and almost every one of them has a user’s manual darn near the size of a small phone book. Of all the people around the world who use the Comodo firewall, I would be willing to guess that well over 90% of them never go back and turn the Component Monitor to “on”. (I didn’t!)

Thank you again for taking the time to assist me.

I don’t think anyone understands the 2.4 component monitor as when there’s a problem caused by a component block, the posted solutions are usually just to turn the component monitor to the “learning mode”, which would seem just to “allow all” & what good is that? I still use 2.4 on my W2K box & on one XP image with KAV-7. I’ve got a few obvious things blocked but that’s about it. Where the component monitor really gets to be a hassle for me is after xp updates, I usually have to fine tune it, to get my 'net connection back up & running. I still like 2.4’s interface & how easy it is to monitor connections & logs & then quickly move to network monitor to modify an allow or block to an ip range (if temporarily needed). BTW, I had no problems in using the BU script to BU 2.4 'net rules from my XP OS & transferring them to my W2K OS.