Is there any way to get v3 to behave like v2 with Application Monitor off and Network Monitor on? For my uses, v3 appears to be a huge step back from v2, being considerably more complex while allowing even less control (of what I want to control).
What exactly do you want to be able to achieve?
Simple things like allowing/blocking access to certain ports, protocols, or IPs, and without having to relate the rules to applications (and I don’t want any popups, learning, or rules related to applications, either). In v2, I used the Network Monitor but not the Application Monitor; I would like the same thing in v3.
Just go back to V2. There is no harm in doing that, but just use extra protection like in real time with it too, Including your AV (I don’t use AV Software anymore).
Josh.
It’s not really that straight forward. V3 now consists of essentially two parts, the firewall and Defense+. What your referring to is just the firewall.
In theory, you could completely disable D+ to prevent, what I suspect are the pop-ups your receiving. But doing so leaves you without a significant portion of the protection cfp 3 provides.
If your 100% sure your PC is free from malware, you could use Clean PC Mode for D+, which should virtually eliminate D+ pop-ups. You could then just use Application rules for the firewall, without Global rules. I guess it depends how much control you want…
That can be done.
-
In Defense+ / Advanced / Defense+ Settings check “Deactivate Defense+ permanently”. Reboot. This will turn HIPS off, leaving only the Firewall part of Comodo running.
-
Delete everything in Firewall / Advanced / Network Security Policy / Application Rules. Add a new application. For Application Path select File Groups → Executables All Applications. Add an application rule to it:
Action: Allow
Protocol: IP
Direction: In/Out
Source Address: Any
Destination Address: Any
IP Protocol: Any
This will automatically allow any connections on the “application level”, and is an equivalent of having Application Rules “turned off”. Connections will be allowed/blocked based on Network Rules only.
Thanks MaratR. Should I then create rules based on the defaults in v2?
And shouldn’t it just allow outbound?
I’m not sure what the defaults were in v2. I think this could be a good starting point:
Rule 1 (Allow outgoing connections):
Action: Allow
Protocol: IP
Direction: Out
Source Address: Any
Destination Address: Any
IP Protocol: Any
Rule 2 (Allow incoming echo replies, to make ping work):
Action: Allow
Protocol: ICMP
Direction: In
Source Address: Any
Destination Address: Any
Message: ICMP Echo Reply
Rule 3 (Allow incoming “TTL Exceeded”, to make tracert work):
Action: Allow
Protocol: ICMP
Direction: In
Source Address: Any
Destination Address: Any
Message: ICMP Time Exceeded
Rule 4 (Allow incoming connections from the trusted zone, if you have one):
Action: Allow
Protocol: IP
Direction: In
Source Address: Zone: “Name of your trusted zone”
Destination Address: Any
IP Protocol: Any
Rule 5 (Block everything else):
Action: Block & Log
Protocol: IP
Direction: In/Out
Source Address: Any
Destination Address: Any
IP Protocol: Any
That should work for most of your applications. You can then open certain ports to allow some of your applications (like P2P stuff) to receive incoming connections as well. Just make sure that any allowing rule you add precedes the last “block everything else” rule in the list.
Correction: You should select File Groups → All Applications (““) instead of File Groups → Executables (”.exe”), as that would include System, too.