Few questions about FW

Hi.

I read this instruction how to configure FW: https://forums.comodo.com/firewall-guides/setting-up-firewall-for-maximum-security-t30535.0.html

  1. It was very useful therefore i do not know nothing about it. I installed Comodo about 10 days ago when i installed Win 7 x64 too. I allowed many things and gave them trusted. I want to remove all that and to start from beggining. Where is the list of all allowed app which i gave them and to remove them?

  2. I see in configure topic i have to select traning mode ONLY for 10min. I selected traning mode from the day when i installed :-[. There is to mode for slecetion: Firewall and defense where and how to select?

  3. How to be sure when from nowhere Comodo tell me something what to connect to The Internet when i do not know what is that? And i do not regonise what is that and i didn’t start nothing before it.

Hello and welcome to the forum.

  1. For Firewall go to: Firewall → Advanced ->Network Security policies. There is the list. If you want delete everything.

  2. I would recommend you to set Firewall to Cusytom Policy. You can do it here: Firewall ->Advanced → Firewall behavior settings. Set the slider to Custom policy. In the other of this window, set the slider to high and check all boxes. If our computer doesn’t act as Gateway, then uncheck ICS.
    For Defense+ i would recommend Clean-Pc Mode. In this mode, everything of every app already on your computer is learned. New apps must be configured.

  3. Svchost.exe should be able to access to: UDP Out to remote Port 53.
    TCP Out to remote Port 80 and 443.
    For your browser CIS has a predifiened ruleset - so take it.
    Most apps need access to Remote Port 80 via TCP out.
    I would recommend, to first block every new request of apps you don’t know or you haven’t started. If everything works fine after that, you can block this app. Be careful and look at the Ports.
    Never allow an app the full access to and from internet.

Hope this helps first.

Thank you very much for these answers.
First two i understood and i set-up. Only what i didn’t understand is this:“If our computer doesn’t act as Gateway, then uncheck ICS.” I do not know for what is that and what is Geteway. Only for what i use the Internet are surf and downloading. I see there is ISC server, maybe that is for servers…

a) Do i have to memorize for these ports to know? When i get these question do i want to allow? I mean will it appear some other ports which are not advised to allow?

b) “Never allow an app the full access to and from internet.” do you mean never to checked app as trusted one?

ICS is, when your computer act as internet gateway for other computers behind him.

So if you have a structure like this: Computer → your Computer → Router → Internet

3b) I think outgoing only should just be used for games. Maybe for other apps you trust.
Most other apps just need TCP Out Remote Port 80 or 443.

3a) Don’t understand what you mean!

ICS is, when your computer act as internet gateway for other computers behind him.

So if you have a structure like this: Computer → your Computer → Router → Internet

Yes, it is.

3a) Don't understand what you mean!

You told me in your in your first post “Never allow an app the full access to and from internet.” What are you mean when say “Full access”?

btw this pop-up windows from learning defense are very boring. Will be they less after some time?

Full access means, that incoming and outgoing traffic is allowed.

The D+ alerts decrease. If you set D+ to Clean-PC-Mode, than you nearly shouldn’t get any alert.

Ok, i will all how you told me.

Thank you very much for support.

Please, where to turn off small pop-up window “Defenese + is learning” it is very boring >:( :-TD

Misc → Settings → General uncheck box for ballon message

thanks

Sorry because i have almost every day post new questions but i use this FW about 10 days ;D.

I think i didn’t good set. I had one problem and i solved it tonight. I play a browser game. I had problem to login iinto the game few days. I tried to exit from Comodo and to run it and it didn’t work. But tonight i click right click on tray icon > FW security level > disable fw. After that i finally log in into the game. When i turn on fw and back on Custom policy mode.
Why this happen? Please help me to turn it off all unwanted things which can block something which i do not want it. I am home user and i need for surf and to download. That’s all.

If you would like to know which browser game was it is: http://www.tanoth.co.uk/ it use Adobe flash player

Can you check your Firewall logs: FIrewall ->Common Firewall logs. There must be some blocked entry for your browser. Can you post them.

log file

[attachment deleted by admin]

Can you post a filtered log output only showing the relavant files? The filter option can be found in the advanced log screen. To enter the advanced log screen push the More button at the bottom of the regular log screen.

In what browser are you running the game? In the logs I also saw a reference to a game called sniper elite. I guess that is unrelated to the browser game you are referring to?

Edit the Web Browser rule. Create a rule for: Allow TCP Out, Source IP/Port: any, Dest.IP: 87.106.218.126 (if it doesn’t work, set it to any) Dest. Port: 843

I tried in: Opera, IE, FF and Google Chrome. 1st i thought i have problem with browser, then with cash and cookies and finally i found FW blocked.
Sniper Elite is installed game.
Now i am not sure what i have to do. I post log file from here:


http://image-bb.com/out.php/t4659_14.2.2010ned0.34.31.jpg

If i understand you good i did this:


http://image-bb.com/out.php/t4658_14.2.2010ned0.24.20.jpg

With this it doesn’t work.

But i did next: My port set > HTTP ports > add > new port > sing port = 843. And now browser game works.
Is this ok? To remove new added browser rule?

How to be sure FW wont anymore made something as this?

It’s okay, if you remove the new created rule, when you add 843 to HTTP Ports.
You can prevent it, if you remove the block all incoming and outgoing traffic rule. Then you get alert for every connection, that is not triggered by an existing rule.

You can prevent it, if you remove the block all incoming and outgoing traffic rule. Then you get alert for every connection, that is not triggered by an existing rule.

Where to do that? I am still meet with Comodo :). Btw is this safe to do? Then i have to be 100% sure which port i will allow and which deny?

Well, if you remove this block rule, you will get alerted for every port activity with regard to your browser.
You have to be sure, what this port means, and if you have to allow or block it.

So i don’t recommend it.

You can do that in Firewall → Common/advanced(i’am using V4 beta, so don’t know, if it changed) → predefined rules. There you can edit Web Browser ruleset.

I will leave how you told me to configure if i had problem in the feature i will ask here ;D

I just want to know what are these options:

http://image-bb.com/out.php/t4995_23.2.2010uto2.30.51.jpg

  1. What is that what Comodo has blocked?

  2. What i have to do with those 506 (number is raising every time when i already allow something)? For all files the status is “Untrusted”. Is this ok? Do i have to change something here?

btw why svchost.exe is the most often draw net connection? Maybe i do not understand this process for what is it… :-[