Configurations

Could someone please take a look at my settings please,

I’m set up as a stand alone system, no file or connection sharing going on. I’m wired up to a modem (Virgin Media).

I’ve got COMODO - Proactive Security as ACTIVE, file attached is exactly that… I think.

I’ve also posted this on Windows 7 Forum with a bit more information if needed. I’d like a second, third, forth etc. opinion(s) if possible.

Please advise,help… thnak you

[attachment deleted by admin]

What do you want to know about your set up? How secure it is? Where there is room for improvement? Do you think your system is secure enough?

all 3 EricJH.

Something weird happened, during the upgrade to the new version of the software all always, it carries my settings over so all my settings were at they were but I decided to hit the stealth ports again and not only did it change the names of the global rules but the firewall started to block more, meaning I had much much more in my blocked window. I already had IP block as log and also ticked it when stealth’ing again but for some reason it started to block much more which brings me to my question of whether or not I’ve been hacked. My systems clean as far as I know but I’ve got a feeling I may of been hacked so someone can use my internet. There is someone within my area thats been noted to use various peoples internet. Could you please as you say, check how secure my settings are, whether or not theres room for improvement and also my system being safe.

Can you post a screenshot of your Global Rules? That works easier than browsing through a config file.

Can you also post a screenshot of the Firewall logs? They are in View Firewall Alerts.

Are you behind a router?

Notice that seeing a lot of blocks in its self doesn’t mean you are in danger. At my local network is a media center computer that broadcasts every 5 seconds. That surely fills up my logs but is not a a danger of course.

I’m not behind a router mate, I’m wired up to a modem (Virgin Media), no connection sharing going on, well not that I want anyway.

I’m not sure about my defence+ rules for not only apps but protected tabs. Although my global rules have no ip in, I’m not completely sure whether some rules within firewall app rules or defense+ rules are flawed and may be the cause of possibly someone able to use my net, access my system.

screenshots below of global rules and blocked events, i’ve taken out my current IP address, please edit the file EricJH if anything else needs erasing.

[attachment deleted by admin]

Well here’s my advice for how to configure CIS.

already followed them steps mate, thank you.

if theres a rule within my firewall or d+ thats flawed, would the global rules overrule it if there is a possible hack with the rule being set as invisible?

Why am I get these connections in my active connections windows? (picture below) its connecting to my ip?

I’ve got no remote going on, no wireless, no router, I’ve disabled everything in LAC apart from the comodo driver and IPv4?

Could someone please tell me what is it and if its harmful which i think it is but then again I’m paranoid, how do i block it if its not wanted?

[attachment deleted by admin]

can someone please help me

below is a screenshot of tcpview

not sure what epmap is doing, port 135 or any of the others. GRC has me stealth but I done a roadkil’s scan and it showed up as only one port being open which is Port 135 Open (epmap). - (screenshot below)

roadkil’s - Roadkil.Net - Roadkil's Scan Port Program Download

[attachment deleted by admin]

Since you are on a direct connection to your provider I strongly advice to disable Netbios. Follow How to disable NetBIOS on the Internet Adapter for Windows 2000/XP/2003.

Then you won’t see System listening anymore at port 135.

thank you mate.

I’m sorry to ask to be spoon fed but can you help me set the following which are stated in the thread,

RPC - 135
nbname - 137
nbdgram - 138
nbss - 139
MS-DS - 445

I’ve had a look at the guide but I’m a bit confused.

right, I’ve done a fresh install. got rid of everything from the last version and set it all up again with mostly every windows service off that could possibly compromise comodo.

I hope the creator of GRC ups his/her game as there were flaws in my system, ones that could of been exploited via mircosoft networks (search for a connection thing)

I’ve got one quesiton though, following on from the picture above… with my global rules set as stealth, no access, block all. does it matter that the proggy roadkil’s shows that port 135 is open?

Does Roadkill run on your computer? If so it will see the process is listening but the firewall will block incoming traffic. So effectively you are protected.

ye, I have to disable sandbox and allow the proggy to ping my system (loopback) and the only port it found to be open was 135, it also states its open when i block the ping. it doesn’t list whether its listening or not, just tells me whether or not theres closed, filters or open ports on my system.

thanks for your help not just in this thread mate, apologies for being a pain

I am always weary of programs that run at your own computer to see if ports are open. It is best done from antoher computer using zenmap. Try scanning with Zenmap and see what that brings.

ok, I haven’t got another system running at my place at the moment, just the PC which I’m using now but I’ll try get something sorted… just a qestion, in target box… do I enter my IP address?

You enter your IP address.