Firewall + Defence help

Hi All
Can anybody help explain?

On my recommendation my friend has installed Comodo suite, he asked if Comodo updates new definitions automatically, unfortunately I coulden’t tell him as I have never seen any evidance of my firewall downloading automatic updates .
I use Comodo as a firewall and AniVir as an anti virus checker and the AntiVir updates daily.
I checked the Comodo firewall dashboerd, and again found no provision to set the program to auto, or even for manual update.

I did find under “Summery” that the firewall has blocked 0 intrusion attempts so far, and the “Defence” has blocked 0 suspicious attempts so far.
This makes me wonder if Comodo is working as it should.
If anybody can explain slowley, in Silver Surfer terms I would be grateful.
Regards Robert.

The AV will update automatically. But since you don’t use the AV and use Antivir this does not apply.

The fact that both the Firewall and Defense + report 0 suspicious attempts worries me. Can you take a look at the icon of CIS in the systray. When you see a red circle on it it is in an error state. Also let Diagnostics run. Diagnostics can be found under Miscellaneous. What does it report?

Look under Miscellaneous → Manage my configurations and see what configuration is active.

When Diagnostic didn’t find anything. Can you post screenshot of the Global Rules of the Firewall? They can be found under Firewall → Advanced → Network Security Policy → Global Rules.

Please look up the Firewall Behaviour Settings under Firewall → Advanced and let me know how they are set. Also look up Defense + settings under Defense + → Advanced and let me know how they are set.

Hmmm… Duplicate posts.

How to update comodo definitions

Anyway, I’m behind a router and it is normal for me to see 0 suspicious attempts since it resets when CIS is shut down. It’s rare to see anything on my firewall log.

Hi Heffe and Eric

Thanks for your help, I did put a PS on the bottom of my first post saying the post had been moved from another forum, ( I think it is in Help CIS ) I was going to delete the first post but unfortunately I find this site very complicated and I can’t usually find my posts until I get an answer and click on reply, unfortunately I think Eric has been kind enough to answer the first post. 

In answer to Eric
In System status, All systems are active and running.
There are no circles on the try icon,
Diagnostics found no errors.
I don’t know how to take a screen shot but in the Global Rules there is a red X and states "Block IGMP in from IP any to IP anywhere ICMP Message Is ECHO REQUEST "

Firewall behaviour settings are in General settings are (Training Mode) in alert settings the Alert Frequency is (Low)
A tick in “This PC is an internet gateway”
And also enable alerts for TCP requests + UDP and ICMP are all ticked.

Defence + settings are
General tab, Clean PC mode, and Trust apps digi signed is ticked.
Regerds Robert.

:o

If you’re running your firewall in training mode, it’s basically off. You are telling your firewall to create allow policies on everything! Good or bad…

Training mode is only supposed to be utilized as a temporary measure due to the security risk. If you have an application that you feel is getting blocked but you can’t figure out what other processes may be causing the problem, you can put the firewall in training mode, allow the application to start, then put the firewall back into its previous mode. You aren’t supposed to leave it in training mode.

So if you are not behind a router with NAT, your system is wide open to the internet. This could be why you see no intrusions detected. You’ve told your firewall to let everything through.

I would suggest removing all of the existing entries in your Network Security Policy and start fresh. (Obviously switching your firewall to something other than training mode)

It might be a good idea to download Malwarebytes’ Anti-Malware and run a scan to get a second opinion on things your AV may have missed while your firewall has been compromised.

Hi Heffe
Thanks for the explanation; I have now set the Net Defence to “Safe Mode” and the Proactive Defence to “Clean PC Mode”
I have tried those settings previously and my MSGTAG gave over tagging and that is why I moved them back to training mode. (Thinking the prog was learning what was acceptable and what was not)
I have looked at the Firewall Events and I am not sure how to read it, but most of the log shows that the majority of blocked events are "Windows Operating Systems and the MSGTAG I would assume they are all outgoing? As always unless you have been shown it is difficult to know what you are looking at in a log, anyway it looks like my PC is ok at the moment as I do already scan every 4or 5 days with Malwarebytes and SpyBot S+D I do a log with HJK from time to time and look for anomalies also the AntiVir scans daily.
Regards Robert.