I am sorry if anyone has already asked this, but I’m wondering, how do I create my own set of rules inside the Comodo firewall in addition to the rules that have already been set? I’m wanting to create a set of rules where I can get confirmation of everything that tries to come in or go out of my firewall. I know that I can use the custom policy, but I was going to create a couple of rules where it asks me every time something tries to go in or out of my firewall or the internet. Again, I know I can set the policy to custom where the firewall is not suppose to learn anything, but I was told that if I were to hit, remember my answer, it would remember it and if I remembered the wrong thing, I’m not sure how I would be able to undue it.
I’ll try and answer these questions as well as going over those you’ve been asking via PM.
From the question and answer we’ve had via PM:
If you want to have confirmation (receive alerts) when applications make connections to the Internet, you’ll need to change the firewall settings:
Firewall/Firewall Behaviour Settings/Firewall Security Level
Change the setting from Safe Mode to Custom Policy Mode.
If you want more specific alerts and would also like application firewall rules created with more detail, adjust the Alert Frequency on the Firewall/Firewall Behaviour Settings/Alert Settings tab to High or Very High.
If you wish to receive repeated alerts for any given application, you should remove the check from the ‘Remember my Answer’ in the alert dialogue box, for that application.
The above will provide information regarding outbound connection attempts, if you’d also like inbound alerts, run:
Firewall/Stealth Ports Wizard/Alert me to incoming connections and make my ports stealth on a per-case basis
Again, I know I can set the policy to custom where the firewall is not suppose to learn anything, but I was told that if I were to hit, remember my answer, it would remember it and if I remembered the wrong thing, I'm not sure how I would be able to undue it.
If you set the firewall behaviour settings to custom it will generate alerts for processes as they attempt to connect to the Internet, the decision to remember, or not, is based on how you answer the alert. If you do inadvertently block and remember a connection via an alert a block rule will be created under firewall/network security policy/application name. To remove the block simply delete the block rule.
From PM:
Also, I deleted the rule in the predetermined polices the rule about all the outbound connections so that nothing would go out to the internet without alerting me first, but I'm not being alerted. Should I have just blocked it or was it right to delete the rule, what do you think? Should I also get rid of the rule below the outgoing rule as well or should I keep that one?
As you will recall from my previous answer to this question, the pre-defined policies are not actually being used unless they are part of an application rule. So, if you’re referring to the pre-defined ‘outgoing only’ policy, there’s no need to make any changes, simply don’t create rules with this policy.
If, on the other hand, you’re still using version 5.5 of CIS, where there was a firewall application rule that allowed all applications to make unrestricted outbound connections, then I’d suggest deleting this rule. In CIS 5.8, which you should be using, this rule has effectively been replaced by a check box found under:
Firewall/Firewall Behaviour Settings/Do not show popup alerts
As I said in my previous answer, if you want to receive alerts, remove the check from this box.
the reason I deleted the firewall rule in the outgoing only predefined policy is because I read that it wasn't safe and I thought by deteling it, that would make it much safer. So, that isn't really true then? Also should I keep the rule that says? Block and log all unmatching requests?
Please clarify which version of CIS your using, as the above would seem to imply you’re still using 5.5?
I’m pretty sure I’m using Version 5.8. I’m planning on unistalling it and reinstalling one last time to make sure that the firewall is the strickest it can be, so my last question is, from start to finish, what options do you suggest that I check and what options do you suggest that do not check?
The other thing is: I think there used to be a forum about a ransom lock or whatever it was that could bypass Comodo firewall, what are some things that I can do to make sure that this doesn’t happen to me in the case where I am unfornuate enough to come face to face with GRC?
Download and install 5.8 from COMODO Internet Security 5.8.213334.2131 Released!
As you want alerts:
During installation, remove the check from the box shown in the image below, or remove the check post installation according to the instructions in the earlier post.
Set the Firewall/Firewall Behaviour Settings/Firewall Security level to Custom Policy Mode
Set the Firewall/Firewall Behaviour Settings/Alert Settings/Alert Frequency to high or Very High
Run Firewall/Stealth Ports wizard/Alert me to incoming connections and make my ports stealth on a per-case basis
You could also delete all the default firewall application rules and then answer the alerts, as they are generated, to create your own custom rules.
The other thing is: I think there used to be a forum about a ransom lock or whatever it was that could bypass Comodo firewall, what are some things that I can do to make sure that this doesn't happen to me in the case where I am unfornuate enough to come face to face with GRC?
I’m not familiar with this but CIS has very good leak protection and when used in conjunction with Defense+/Sandbox provides excellent security. If you search the forums for “leak tests” you’ll find plenty of information.
GRC, as in Gibson Resarch?
[attachment deleted by admin]
I mean GRC as in a certain locking piece of malware that when executed, encrypts all of your files where you can’t restore them.