Firewall Options.

Which options are best for a Home User (i connect trough DSL, there are no other devices on my Network)

i’ve marked Protect Arp Cache, Block Fragmented IP Dg., Do Protocol Analysis, Monitor NDIS protocol other than TCP/IP

i’ve read through Comodo Help and its a bit cryptic for me…

how do i treat P2P programs like uTorrent? should i put it on my Thrust list, choose outgoing only or another option?

I’m sorry if those question are noobish, first time using CIS, i will post any other questions on this topic.

Choose Proactive Security

All I have checked are Block Fragmented IP and Do Protocol Analysis. You may run into trouble having Protect Arp Cache checked (this is for advanced setups). Run the Stealth Ports Wizard and choose Block all incoming connections and make my ports stealth for everyone. You can check your ports here:

My uTorrent settings: I allow it in the Sandbox as Trusted and in my Network Security Policy I have 2 custom rules:

Allow TCP Out From Mac Any to Mac Any Where Source Port Is Any And Destination Port Is Any
Allow UDP Out From Mac Any to Mac Any Where Source Port Is Any And Destination Port Is Any

uTorrent works fine with these settings on my system. In uTorrent under Connection, choose Randomize Port Each Start. You can open uTorrent and see which port it’s using and then check that port at Shields UP! You should find that it is stealthed.

[attachment deleted by admin]

Why Sandbox uTorrent? i don’t know if theres anything that will make uTorrent misbehave, it doesn’t update sometimes?

you say i may run into troube enabling Protect Arp Cache, what may happen?

if i enable randomize ports on utorrent say, if he used por X on my last session and now he is going to use Y does he close port X?

sometimes i get alerts that says that my system is trying to receive a connection from the internet like the one on the attached screenshot, is that normal behavior (windows checking for update or something) ?

[attachment deleted by admin]

  1. I don’t Sandbox uTorrent, I have it as a trusted file.

  2. Comodo Forum Just type in ARP Cache. You can try this setting if you want. Previously, there were many complaints when the average user had this checked. I think I remember that it’s not necessary unless you are networking.

From CIS Help:

“It should be noted, that a successful ARP attack is almost always dependent on the hacker having physical access to your network or direct control of a machine on your network - therefore this setting is of more relevance to network administrators than home users.”;msg433911#msg433911

  1. Yes. uTorrent closes the previous port and chooses another when reopened.

  2. Did you choose Proactive Security? You may have a Windows setting that requires incoming connections (such as Windows Automatic Updates).

That was very… very helpful :slight_smile:

Yes, i’m using proactive security since i’ve read chiron’s guide…

I did a leak test and those were the results

how can i improve my results?

[attachment deleted by admin]

Simply, don’t use the leak test! It wasn’t designed to test Comodo with the new Sandbox feature. It’s quite old.;msg606020#msg606020

However a useful test it is old in the sense of that it is made to test a HIPS only solution. The sandbox will skew results. You may want to read Getting Accurate Leak Test Results to learn more how to test with sandbox enabled.

Or follow How To Install & Configure CIS for Max Protection & Min Alerts if you want a quick and easy solution.

Making port 445 available to the internet is asking for trouble.

Making Utorrent “trusted” is also asking for trouble.

A “trusted file” just means that it’s not Sandboxed. The program is still covered by D+ and the Firewall.


Those are Firewall Rules and have nothing to do with the Trusted Files List in D+.

I don’t allow any incoming.

uTorrent randomly chooses ports from 10000 to 65535, so I see no need to set port ranges.

So, except for port ranges, how do my settings differ from Rule 2 and Rule 3?

the guides you refer poin to blocking out…your sixth rule for blocking is In and Out, why?

EDIT: Should i also disable “Do Protocol analysis” while torrenting?
EDIT2: On your TCP out rule, the destination port is a port set, why not only use port 80? should i also create a global rule?

On my Global Rules i have this…
doesnt the two rules overlap each other?

EDIT 5? : is it okay to have a lot of events on the firewall, some of them are IPV6 with those rules

I got those rules from forum member -pandlouk…

they are for a ‘Predefined Rule’ – you don’t have to mess with your Global Rules.

If you want to do an ‘Application rule’ you can use Radaghasts rules…you will notice that he adds rules to the Global rules.;msg500592#msg500592


Disable protocol analysis if you think the downloads are slow.

when you put the firewall on custom policy to only allow the traffic you want do you customize each application rule? lets say App A wants access (TCP/UDP… etc) to the Internet, i choose allow and mark remember my answer then do i need to edit the rule on network policy?