Fewer alerts with CPF3?

I seem to be getting fewer alerts with CPF3 than CPF2 and this is causing me some concern.

e.g Adobe Updater seemed to connect and download without ever asking for permission and so did AVG antispyware. Both these programs needed permission under CPF2. And neither program is mentioned in the allowed applications section in CPF3.

Is there any reason why this happens?


Also, although I allowed internet explorer and it no longer alerts me, there is no reference at all to internet explorer in the application rules section

I’m very confused

What is your Defense+ setting? Without more info on what your settings in Application and Global Rules, it’s like asking which came first: the chicken or the egg? (:TNG)

Defense+ is inactive. I chose this option during installation as I am using KAV and Windows Defender instead to check for registry changes etc.

This must be where I am misunderstanding. I thought Defense+ was a new additional part of the program and that I could just use the firewall part as before with CPF2.

Do I have to use Defense+ to make the firewall work?

From what I’ve gathered in the forum, Defense+ is the heart of anti-leaking (Application Behavorial Analysis from v2 has been re-designed and is only part of it) and it is a full HIPS. Just like the installation states, choosing Basic Firewall gives you a basic firewall (barely any outbound protection, if any). If someone wants to correct me, go ahead.

It must’ve been setup this way to really separate between the miminalists (who only want a pure firewall) or want as less alerts as possible and the rest.


I seem to have misunderstood how it all works (CFP2 as well!)

I’ll try Defense+ now

Does KAV and Windows Defender have any advanced behavioural mechanisms or anything close to a HIPS? Because if they do becareful that it might conflict with CFP 3.

If you’re confident your PC is malware-free, I recommend Clean PC Mode. At first, I wanted to test out CFP 3 in the most advanced settings, but I soon regretted with all the Defense+ alerts, so…Clean PC Mode assumes all files on the pc already are safe, and any new file (defined within your config, of course), will be alerted or upon suspicious actions. Anyway, this is probably the best mode to reduce D+ alerts.

Both KAV and Windows Defender are supposed to use behaviour based checks. The possibility of conflicts is why I didn’t turn Defense+ on - but if I can’t have outbound protection without it then I really need to have it on

If you want to be extra safe to avoid system instability, best to backup or image your PC. So many have turned out angry because they never prepare ahead of time and don’t realize they might have too many conflicting security programs already. :-\

How can Defense+ have anything to do with Comodo not reporting an outgoing attempt by some application?

I explained poorly :-[. By Defense+ providing outbound protection, I meant at the “system level” (with associated files, etc.) or “anti-leaking features”. So even without Defense+, CFP 3 should at least be able to control outgoing connections at the “network level”.

As for the main dish about the alerts, it depends on the settings in Firewall > Advanced > Firewall Behavior Settings > check out both tabs.

Yes, I think that was probably what I’d mssed - it’s the second tab where the setting was on low which is probably why I wasn’t getting many outbound alerts

But now I’ve tried Defense+ it seems good so will probably keep it on

It’s a + that your system hasn’t experienced any oddities (at least yet :-X). Anyway, if you up those settings in my prior post, does it appear more “normal” now?

I’m still confused and concerned though as I don’t understand what’s happening

I removed all allowed applications and turned Defense+ off again just to see what happens form afresh again with the Firewall only. I’ve turned the Firewall to the second highest settings.

When I first try to go on the internet I get a couple of warnings about svchost and system which I allow. Then everything else seems to connect to the internet without any warnign or permission e.g. Adobe Updater, CCleane update, AVG antispyware update.

It seems they are all covered by svchost and system being allowed

Under CFP2 there was a separate warninng for each of these applications

I#ve got to say that I find this very unnerving

I had to retreat back to v2.4 because a few of my pop ups wouldn’t take and kept repeating, not allowing the app to access. That’s a story by itself. As I try to think back to all that I experienced I remember that I had it set to basic firewall, and that was set to clean pc mode. However D+ showed up in safemode mode in the sys tray menu. In the main menu D+ was listed as inactive as it should have been. My question is should both D+ and the firewall have been set the same i.e. clean pc mode? Would it matter with respect to the above problem? Thanks

Since you are not using Defense+ then the firewall is not able to screen the requests by program. If you had D+ turned on then you would get alerts for each program and would have the option to stop them.

With that said, I have also mentioned the behavior that you speak of in your post. If you get a pop up that shows an IP address and a port for a program and you allow it then the firewall doesn’t have to have a rule in Global Rules for it to get out. Ok that is fine as I allowed it but if you allowed port 80 out then any program that needs port 80 to update gets out without you knowing about it. The reason for this is because the rule that got written for svchost is too general as it allows all out on any port or on port 80 to any IP address and the default for automatically added rules is that it doesn’t log. That I don’t like. There should have to be a rule in Global rules specifially allowing the port and IP address or it doesn’t get out. No matter if you allowed the pop up. I realize that this behavior is so that the user doesn’t get bothered by so much noise but I would rather have the option of knowing what is going on.


? Clean PC Mode is a setting under Defense+, not the Firewall component.

No idea on this one since I always picked both the Firewall and the Defense+ together during both of my installations.

I’m pretty sure it seems more complicated than before

As a simple example, with my CPF2 in Application Monitor it states (AFAIK) that AcroRd32.exe and iexplore.exe and other programs are allowed to access the internet - or at least that’s what i think it’s saying

But in CPF3, whether or not D+ is active, there doesn’t seem to be a page anywhere that tells me this same simple information - or is it there and I just can’t find it

Of course I can’t varify it now since I went back to v2.4, but I could swear I checked clean pc mode under firewall and safe mode was checked under D+ in the sys tray.

:slight_smile: Let me show you what the options are :slight_smile:

[attachment deleted by admin]