Sorry if this has been posted before, I searched and could not find anything.
For the Paranoid. Hardening Firefox is easy, at least for the firewall part.
Firewall settings
Open Comodo, Firewall Tab —> Network Security Policy —> Find Firefox.exe
You do not need to add DNS rules if you have the DNS Client running
Click on the image for a larger size
Note: Replace 8.8.8.8 with your DNS server IP and if you you need to add more DNSs server just copy the the same rule with different DNS IPs
If you are using AVAST Web Shield, different rules.
Note: HTTPS (Port 443) connections are not redirected thought Avast Web Shield by default You can either add a rule for Firefox or modify Avast options to redirect port 443 thought Avast Web Shield.
If you want Avast to redirect port 443 thought avast Web Shield. Open Avast, click on Settings then Troubleshooting → Redirection Setting → HTTP ports → add [,443].
If you do not want Avast to redirect port 443. Add a new rule for Firefox, Allow TCP OUT to any IP on Port 443.
Do as you like
Def + Settings
Custom Firefox settings, its not hard
Open Comodo —> Defense + tab —> Computer Security Policy
Click on Firefox —> click on “Use Custom Policy” —> Click on Customize
" Run an executable" —> Tick Allow
" Processes’ Termination" —> Tick Allow
[i] If your Paranoid and do not mind sacrificing something for higher restrictions [i] *Run an executable" and "Processes' Termination" ---> Tick Block and excludeFirefox.exe
Plugin-container.exe
Crashreporter.exeDoing this, you wont be able to open any downloaded file directly from firefox. You can click “Open containing folder” and open the file.
“DNS Client Service” —> Tick Allow
Protected File/Folders —> Tick Block then Exclude
In the Allowed list Click on “Add” then Find Windows Socket Interface
Then Copy and past the rest
\Global??\FltMgrMsg
\Device\KsecDD
\Device\Afd\AsyncConnectHlp
\Device\NamedPipe\lsarpc
For Flash Player EDIT THIS
C:\Users(Add login user name)\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer*
If you are using Avast add
\Device\aswSP
\Device\aswSnx
Protected COM Interfaces —> Tick Block then click exclude
In the Allow list add
\RPC Control\spoolss
Spoolss is for printer. If you don not have a printer, you can block it.
Protected Registry Key —> Tick Block and exclude
HKUS\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell
You can still block it. Firefox runs fine
“Interprocess Memory Accesses” → Tick block
NOTE: Firefox attempts to access system memory and explorer.exe . So far blocking them has no effect on Firefox. Everything works fine.
“Windows/WinEvent Hooks” —> Tick block
“Device Driver Installation” —> Tick block
“Physical Memory” —> Tick Block
“Computer Monitor” —> Tick block
“Disk” —> Tick block
“Keyboard” → Tick block
Plugin container
“Interprocess Memory Accesses” → Tick block and exclude
Firefox.exe
Protected COM Interfaces —> Tick Block then click exclude
In the Allow list add
C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe\RPC Control\spoolss
Protected Registry Key —> Tick Block and exclude
HKUS\S-1-5-21-4010442249-2642201270-4137566514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings*
Protected File/Folders —> Tick Block then Exclude
Their the same as for Firefox.exe
In the Allowed list Click on "Add" then Find Windows Socket InterfaceThen Copy and past the rest
\Global??\FltMgrMsg
\Device\KsecDD
\Device\Afd\AsyncConnectHlp
\Device\NamedPipe\lsarpcFor Flash Player EDIT THIS
C:\Users(Add login user name)\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer*If you are using Avast add
\Device\aswSP
\Device\aswSnx
Only Shockwave Flash and Foxit Reader have been tested. I havent tested QT, Silverlight ect.
If you find any issues or a conflict with other antivirus, please post It. If you know which COM, Reg, Files to add, then please post them.
Plugins
For ADs
Adblock Plus
Element Hider helper for Adblock
https://addons.mozilla.org/en-US/firefox/addon/elemhidehelper/
Cookies Monster
Flash cookies
Better Privacy
Or Vist
Adobe - Flash Player : Settings Manager - Global Storage Settings Panel
Untick both boxes ( LSO and Third party) and tick never ask again
Warning it might break stuff otherwirse just use Better Privacy to control LSO
Trackerblocker
https://addons.mozilla.org/en-US/firefox/addon/trackerblock/
Ghostery
Plugin Toggler
https://addons.mozilla.org/en-US/firefox/addon/plugins-toggler/
NoScript
Request Policy
https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/
Learn how to use both. Most of the time you will just need to allow one site thought request policy and sites load fine.
Web of Trust
Certificate Patrol
https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/
Browser Protect
https://addons.mozilla.org/en-US/firefox/addon/browserprotect/
FoxyProxy
User-Agent
https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/
HTTP-Ref
https://addons.mozilla.org/en-US/firefox/addon/refcontrol/
Clean up
https://addons.mozilla.org/en-US/firefox/addon/ecleaner/
ShowIP
https://addons.mozilla.org/en-US/firefox/addon/showip/