Definition of Comodo File Groups

Comodo Internet Security - CIS Install / Setup / Configuration Help - CIS
#1

I have installed Comodo Firewall (not Anti virus) v4.1.150349.920 on two PCs.

Under Firewall → Advanced → Network Security Policy → Application Rules there are rules which use File Groups that are Comodo created but I cannot find which files are within these Groups (I have looked under Groups in My Protected Files). The Group names are:

  1. “System”
  2. “Windows Operating System”

While I can guess which files are probably included I would like to know exactly.

Can someone provide this information??

Many thanks. :slight_smile: :slight_smile:

#2

Hi Dogdog,

You can find these groups on the Defense+ tab (protected files, press Groups button and it should show up).
And the files that are part of this group should just show up on the firewall policy if you expand it.

#3

Was this feature removed on version 5?
I can’t see “protected files” into the Defense+ tab anymore. ???

#4

Moved to Computer Security Policy, it’s now Tabbed… only the name doesn’t cover it all anymore it’s more like policy and advanced settings now.

#5

The trouble is that these two are not defined Groups under Protected Files → Groups button. Hence I am asking the question.

I also cannot get the files to show under the firewall policy. I cannot see any way to “expand it”.

Please advise. :slight_smile: :slight_smile:

#6

Thanks! It was my lack of curiosity. They’re there!
Another question, how do I remove a process from the sandbox?

[attachment deleted by admin]

#7

The trouble is that these two are not defined Groups under Protected Files → Groups button. Hence I am asking the question.

I also cannot get the files to show under the firewall policy. I cannot see any way to “expand it”.

Please advise. :slight_smile: :slight_smile:

#8

Sorry I misread the first time.

Please go to Defense+ and open “View active process list”
Now there are “Windows Operating System” and “System” that’s the two you are looking for.

Their not groups, just internal Windows processes.
System is used for example when you connect to a network share, or when your system uses Multicast to join Multicast groups.

WOS is used by low-level stuff, normally there should not be traffic outgoing from WOS.
A known outgoing is for example Nmap the port scanner in combination with WinPcap the packet driver, that can cause outgoing traffic for WOS.

There could be traffic showing up that matches firewall blocked rules on incoming traffic.

Say for example you run an application like torrent, and lot’s of people connect to your system on different ports, and all these ports are handled by the torrent app. Now you close the torrent app and Windows/Firewall/CIS does no longer know where they have to leave the still incoming connections from people who think you are still sharing… This traffic that “ends up nowhere” will be logged against “Windows Operating System” cause that’s the last place to live for those requests.

#9

It then seems very strange/very worrying that under Firewall → Advanced → Network Security Policy → Application Rules Comodo has created an Applications Rule for the “Windows Operating System” that allows all outgoing traffic??

Comodo would not let me access the internet without creating that rule from an alert!!!

#10

I don’t run DHCP but it could very well be that DHCP uses WOS to get an IP address…
Believe me they don’t put it there for fun :wink: must have a pretty good reason.