Do you reinstall your firewall after detection of trojan?

Hi, I posted on the the forum about counterspy detecting 5 traces of Trojan.Win32.Generic!BT, not sure if legit or false positives. My question is if my firewall passed the grc test (1-1056 ports), do I or should I reinstall my firewall of comodo?

Johnzbzb,

I would not reinstall your firewall because I think the traces were false positives (see my answer to your other post). In most cases, you do not have to reinstall reputable security software when malware is detected. I would simply make sure that your firewall is configured adequately and that your security set-up is sufficient. I believe that the optimal security is provided by the following set-up:

  • CIS firewall = custom policy mode
  • CIS Defense + = safe mode
  • A real-time antivirus/antimalware scanner (such as CIS antivirus, AVG, avira, etc.)

Are you using CIS firewall and Defense + (if so, what are your settings)?
Are you using a real-time antivirus/antimalware scanner?

I use Comodo firewall, with Custom policy for firewall and for pro-active defense+ I use clean PC. For Application rules I set as most with ask, some with outgoing only and web browser. As for global rules I have Block and Log IP in From IP Any To IP Any Where Protocal Is Any.

I don’t have active malware protection, now and then I might install counterspy or NOD32 and do a full scan to check the computer.

Are these settings good enough to protect my computer?

Thanks for patiently answering my questions.

For the firewall
Custom policy mode provides strong security.

For defense plus
Clean PC mode should only be used if you are sure that your PC is free of malware. From the help file:

  • “From the time you set the slider to ‘Clean PC Mode’, Defense+ will learn the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ will alert the user whenever a new, unrecognized application is being installed.”

Thus, CIS will trust everything on your computer when you engage “Clean PC mode”. If you had malware on your system when you selected “clean PC mode”, CIS will allow the malware to execute (especially if you have no real-time protection to detect the malware). If you are sure that your PC is clean, then Clean PC mode offers excellent protection. However, I prefer to use “safe mode” for defense plus. At first, you will get more alerts with safe mode because CIS does not trust everything on your computer…it only trusts programs that: 1) you specifically tell it to trust, and 2) that Comodo has told it to trust. For me, I prefer the more strict security offered by “safe mode” because I can never be sure my PC is 100% clean.
If you prefer to stay with Clean PC mode, I would scan your computer with several free antimalware engines (I suggest Malwarebytes antimalware, superantispyware, a-squared, hitman pro, in addition to whichever antivirus you want to use). If you are clean with all of those, I would look in the following places and delete any applications/files that you are not familiar with (that is, if you are not sure what the entry is, then delete it):

[ol]- Click on Firewall tab at the top. Click on the “advanced” tab on the left. Then click on “Network security policy.” Under the “application rules” tab, select the unknown applications/files and click remove.

  • Click on defense + tab at the top. Click on the “advanced” tab on the left. Then click on “Computer security policy.” Select the unknown applications/files and click remove.[/ol]

Then put Defense + in Clean PC mode. This will help ensure that your PC is clean and it will remove any malware that CIS may have learned while you were operating without real-time protection.

Real time protection
I strongly recommend that you use real-time antimalware protection. Strictly speaking, CIS can protect you from malware even if you do not use real-time protection. However, the CIS alerts are not very clear, and they may make it difficult for a user decide on an appropriate action. Real-time protection will often clearly designate a threat (making it easier for the user to decide on an action). It also provides an additional layer of security. I use Comodo antivirus and have been very happy with it. Many people are happy with other free programs, such as Avira antivirus.

Every 1-2 weeks, I do an on-demand scan with Superantispyware, a-squared, and malwarebytes…just to be sure that my PC is clean. Then again, I am paranoid… ;D

Note that the above recommendations are my personal opinion, and some forum members may suggest doing things differently. Using the above recommendations, I have never been infected, even when I purposely did some high risk surfing to test CIS.