Hi There
I am using the COMODO Internet Security product.
The main reason I use the product is for the firewall feature but unfortunately this is hampered due to the automatic adding of trusted files.
I understand this is an automated feature where files get added to the trusted files list if they match a list maintained in the cloud or if they are from the trusted publishers or whatever.
Explained briefly here:
https://forums.comodo.com/news-announcements-feedback-cis/trusted-files-list-will-now-fill-with-file-entries-by-default-cis-54-t72360.0.html
Unfortunately everything that gets added to this trusted files list automatically gets granted full firewall access.
When I use the firewall I want to have a pop up balloon appear for every file that tries to access the internet where I can grant or deny access.
However, I am unable to control the internet access of the programs on my computer when they automatically get trusted without me being able to prevent it.
I have tried disabling Defense+, I have unticked the “Automatically trust files from trusted publishers” setting on the sandbox page, and I cannot find any other setting that will stop files from being trusted automatically.
Is there any possible way for me to disable this feature so I can manually control firewall access for my programs?? (Maybe some registry setting or something?)
Actually, it’s worse than I first thought!!
I have some programs that are being added to the trusted files list automatically which I do not want to give firewall access.
I have selected them in the trusted files list and clicked Move To > Blocked Files which moves them to the blocked files list in the Computer Security Policy.
Then, the next time I start the program it automatically gets added back to the Trusted Files list and gets granted Firewall access.
This is just ridiculous, what kind of firewall won’t let me block an application from accessing the internet???
not only that. when you open the list of “trusted” (by comodo) vendors, you can’t even select them all and delete them. you can only delete them one by one by clicking remove. and there are thousands of them
how cool is that? lol
that said, i think there is a way to disable the list. you would have to search the boards
Hi Bunta126,
Check in the FW application rules if you have a rule allowing outbound connections for “all apllications”; if yes delete it.
Make sure that in Firewall Behavior Settings the following items are disabled :
- create rules for safe applications
- do not show popup alerts
Last but not least, set your FW on custom policy mode.
Hi Boris
I did find there was a global rule that had “Allow IP Out from MAC Any to MAC Any where protocol is Any”.
If I changed this rule to “Block” instead my trusted application could not access the internet.
If I removed this rule my trusted application could access the internet again.
The problem is if I change that rule to block then all trusted applications get denied unless they have a specific access rule.
How do I change it so that these applications pop up and ask for access instead?
Ideally, I would like to disable the trusted application cloud functionality altogether but this doesn’t seem possible.
Making the changes you require, to some extent, depends on the version of CIS you’re using. In CIS 5.5 they reintroduced an firewall application rule that allowed all applications outbound access. In CIS 5.8 that rule has been removed but it’s been replaced by something just as bad. See this thread for details.
Basically, if you want to receive alerts for applications where firewall rules have yet to be created, you need to change the Firewall behaviour settings from ‘Safe Mode’ to "Custom Policy Mode’ you also need to ensure ‘Create rules for safe applications’ and ‘Do not show popup alerts’ are not checked. After making these changes you can increase the level of detail reported and used for rules by increasing the Alert frequency.
See images below for details.
With regard to default firewall rules, these will depend on the installation type and choices made post installation. Basically, the default firewall Application rules are the same regardless of which choices you made during installation, however, the default Global rules are different. see images
[attachment deleted by admin]
Ah thanks for that.
I already had the “Do not show popup alerts” unticked but changing the mode from “Safe mode” to “Custom Policy” has now made application popups appear for ALL applications as I would normally prefer.
That seems to be exactly what I was after.