Help: I'm About to Uninstall ZA Pro and try CFW [Resolved]

Hello All I new here but not new :SMLR

I am referred here from Wilder’s where I have the same id, some of you may recognize me:

I’m About to Uninstall ZA Pro and try CFW for the first time and I want you guys to advise me on some things to do and not to do before doing the ZA uninstall and the CFW install.

where do I get the most stable least bugs version of CFW?
What version should I try. Not beta?
I’m looking for a FW that has the following features

(1) No hidden call homes to mother ship on the FW software itself
(2) Ability to detect other software calling home as well and then allow me to block that ip and ranges of ip’s and the site itself
(3) Doesn’t force or try to force me to set the router/Lan to trusted as ZA did
(4) Control by applications as to which have access to internet and those that don’t.
(5) Doesn’t force me to create expert rules at first try!
(6) Gives complete logs of in and out blocks that can be used for further checking
(6) Responsive user support and user forum
(7) Updates to product as required

No doubt I’ve left out NB items but as I’m behind a H/W FW and a router my main concern is outbound packets!

just curious… why are you unsinstalling ZA?

i just switch to comodo also
i think zone alarm pro has a friendlier, clearer and more usable interface but it’s a resource hog
with zone alarm i got up to speed much faster. with comodo the learning curve is steeper, but you can’t beat the price, its lightness and good reviews.

it looks like version 3 of Comodo is going to address those interface issues.

Hi Escalader, welcome to the forum

Let me try and tackle your questions:

First, you can download the latest version of the firewall from here:

This is the last stable version and not Beta.

(1) No hidden call homes to mother ship on the FW software itself

The only time the firewall will contact Comodo is during an update, which may be performed either automatically or manually.

(2) Ability to detect other software calling home as well and then allow me to block that ip and ranges of ip's and the site itself

You have complete control over every aspect of an applications communications requirements. You may also block specific IP Addresses, IP Ranges and Subnets.

One of the core components of CFP is Application Behaviour Analysis (ABA) which monitors activities such as:

Inter-process memory modifications
DLL Injections
Windows Messages
OLE/COM events
DNS Queries
Parent Application Leaks

(3) Doesn't force or try to force me to set the router/Lan to trusted as ZA did

CFP supports the notion of Zones/Trusted Networks. Generally we advise people that have a LAN and require free communications between nodes on that LAN to create a ZONE and a Trusted Network. It makes life easier, but it’s not mandatory.

(4) Control by applications as to which have access to internet and those that don't.

See my comments to question 2. You have complete control over every application.

(5) Doesn't force me to create expert rules at first try!

During installation you can allow automatic configuration and post install you can allow the firewall to scan for known applications, for which it will create rules. You may modify these at a later time.

(6) Gives complete logs of in and out blocks that can be used for further checking

Complete logs are available and they cover four main areas:

Component Monitor
Network Monitor
Application Monitor
Application Behaviour Analysis

(6) Responsive user support and user forum

Always

(7) Updates to product as required

As stated earlier.

Please feel free to ask any further questions.

One final point please ensure you completely remove ZA before installing CFP. You may read more details from ZA customer care, here:

http://www.nohold.net/noHoldCust25/Prod_1/Articles55646/CompleteUninstallNonNT.html

Hope that helps

Toggie

I’m less concerned about friendly interfaces than some users. I’m not concerned about learning curves on NB things like FW’s.

The ? as to why is really embedded in my list of requirements. If you want more reasons pop over to my thread at Wilder’s which is not a vendor forum. thks for your concern!

Toggie:

Yes it is a great help.

On my router lan being trusted, I don’t want to do that since I share that router on a DSL cable hookup (not wirelss) and the other PC is a high risk gaming PC. I don’t need to or want to share anything with that PC.

I have a lot of ip’s in my ZA setting that have been blocked is there anyway I can import them or do I just have to manual re-enter them?

Can I assume that CFW doesn’t have any extra that are zip to do with FW’s like email scanning and ASW or AV’s imbeddded?

I use BD 10 and SpySweeper can I assume that CFW will play well with these products?

Are there any applications other that ZA pro that I should remove?

On my router lan being trusted, I don't want to do that since I share that router on a DSL cable hookup (not wirelss) and the other PC is a high risk gaming PC. I don't need to or want to share anything with that PC.

I can understand that

I have a lot of ip's in my ZA setting that have been blocked is there anyway I can import them or do I just have to manual re-enter them?

Unfortunately, you’ll have to re-enter the detail manually

Can I assume that CFW doesn't have any extra that are zip to do with FW's like email scanning and ASW or AV's imbeddded?

It’s just a firewall, no AV/AS etc.

I use BD 10 and SpySweeper can I assume that CFW will play well with these products?

It plays nice with these, as you can see from these threads:

BitDefender & Comodo Firewall ?
Bitdefender and Spy Sweeper Real-time Protection Questions

Are there any applications other that ZA pro that I should remove?

Just ensure you disable any additional security applications whilst installing CFP. They can be enabled, once the installation has been completed.

Toggie

Okay, Toggie, here we go.

I’m going to back up my whole systems now. Just in case a disaster befalls us. I’m too old a dog for this but my gut tells me if I don’t back up I will regret it and If I do back up I won’t need it.

Totally irrational I know! (:WIN)

Always a good policy, good luck

You’re in computer land now - irrational IS the new rational.

Your gut feeling is right on the money. Backups are like insurance - they’re a pain in the proverbial when things are running right, but their true worth is only realized in an emergency.

Cheers,
Ewen

Toggie/Ewen:

Okay, done with preparation work. ( I hope) I still have ZA Pro working at time of this post.

(1) Updated all my security software
(2) Ran CCleaner and WindowWasher
(3) Ran a defrag with Perfect Disk
(4) Ran a register clean up with Register Mechanic
(5) Ran a total HDD backup to an external hard drive with Paragon Drive Backup 8.5
(6) Ran the archive integrity check and it was fine.

Got a message from a respected colleague on the experience doing exactly what I’m doing but for different reasons. The comments and issues raised follow and I would like your candid feedback before a plunge into Comodo.

Started with V2.3 fall of 2006 ran it for 4-5 months.
Faster than ZA on web browsing and similar in operation, Web filtering, firewall, Application firewall.
Issues with some ICMP, IGMP broadcasts blocking and filling up logs.
Worked on the Comodo interface to generate "Block and don’t log rules for ICMP and IGMP.
Everything was working fine from then on with V2.3.
CFW released V2.4. & immediately UPNP broadcasts were being blocked & filling up logs.
Unloaded V2.4, reloaded ZAPro and there was no logging.
Loaded Comodo V2.4 and the logging started up immediately.
Filled out a support ticket and got nothing from Comodo tech support.
Slow web operation - especially when looking at web pages with a lot of links (like news sites).
Fix for that was to disable Comodo’s MDI (monitor dll injection) function.
Others on the forums had high memory usage due to excessive logging.
V2.4 is buggy and with the tech support issue not answered, went back to ZA.
CFW is a fair product ( can’t beat the price!) but V2.4 is buggy.
Forum has some helpful folks

So, thinking only of my needs, please comment on these options

go with CFW V2.3 avoid V2.4 or are the issues listed with 2.4 fixed
go with 2.4 anyway and work with you guys to resolve any issues I actually get?
hold with ZA Pro untill V3 comes out of Beta?

BTW I’m not concerned with logs filling up as long as I can purge them or save them off line.
I am concerned with the no technical support feedback on a ticket.

I know I’m being a (:NRD) but these are worth answering I think! :-\

Hey,

go with CFW V2.3 avoid V2.4 or are the issues listed with 2.4 fixed

Most bugs are fixed in the V2.4, but you can find a stable version here http://www.personalfirewall.comodo.com/download_firewall.html

go with 2.4 anyway and work with you guys to resolve any issues I actually get? hold with ZA Pro untill V3 comes out of Beta?

I would recommend you using the CFW because it has a better defence and doesn't use that much resources from you're computer. :)

You could also wait till the new V3 comes out, BUT their could be some bugs is in :-.

Hope I could help you a bit
Xan

Thanks for helping!

I looked at the stable site if seems only to offer 2.4. Or does that mean I can only load 2.4 and 2.3 is no longer available?

Hi Escalader.

Although the comments from your respected colleague suggest 2.4 is ‘buggy’, the issues are not qualified. It seems the only ‘problems’ were logs filling up and high cpu usage, again due to logging. Both of these issues can be addressed.

Although it is possible to find 2.3, I advise you to go with 2.4 as it does contain numerous updates.

Any issues you encounter can normally be answered by one of the mods, here in the forum. The only time a support ticket needs to be filed with Comodo, is when the issue is genuinely beyond our capabilities and may actually be a ‘bug’

Version 3 is on it’s way but it’s going to be a while before it’s ready.

Toggie

Hello Toggie:

yes, I understand.

Here is my status

I have now succesfully uninstalled ZA and installed, version 2.4. Without your last post I looked at the number of fixes since 2.3 and went with the latest.

Right now I used the standard recommendations during install ran the applications scan and component monitor is in learning mode. How long will it stay in that state?

I have saved all my banned ips and sites but have yet to key them in.

The router/lan trusted issue I can’t yet see where I mess with that. I will hold off a bit.

I glad the install went well

component monitor is in learning mode. How long will it stay in that state?

A few weeks should be sufficient. It’s really about letting the firewall understand your environment, applications etc.

I have saved all my banned ips and sites but have yet to key them in.

You might find this useful:

Blocking IPs Tutorial

The router/lan trusted issue I can't yet see where I mess with that. I will hold off a bit.

This is worth reading before you get to that point:

Tutorials - A Compiled Resource

Toggie

Thanks again Toogie:

I did find the Blocking Tutorial good! Now have keyed in almost all my blocked ips.
I like the way CFW does it. One idea though for the beta guys is when user puts in a block ip why not have CFW automatically put it on top of the list, since I have to move them all up by hand and the list gets longer and longer? Just a thought!

What do I do with the Lan ip 192.168.1.0/255.255… entry that because of the gaming PC sharing the router I had (as ZA calls it) Internet.? There seem to be only 2 choices block or accept?

What about the Loop Back Adapter? 127.0.0.1 I used to have it as trusted, now it is AWOL or I just can’t see where it is?

If these are dumb ? I’m :-[ in advance.

Hi Escalader.

What do I do with the Lan ip 192.168.1.0/255.255...... entry that because of the gaming PC sharing the router I had (as ZA calls it) Internet.? There seem to be only 2 choices block or accept?

A question for you, what do you want to achieve with regard to communication between your game PC and your non game PC. How is your game PC connected to the Internet?

What about the Loop Back Adapter? 127.0.0.1 I used to have it as trusted, now it is AWOL or I just can't see where it is?

In CFP: Security/Advanced/Miscellaneous

There are two check boxes for loopback. One for allowing UDP globally and one for allowing TCP globally. By default UDP loopback is checked, but TCP is not. If you wish to allow global TCP loopback connections just check the box. Be aware, however, that there may be security implications in doing so.

If you use a local proxy, such as Proxomitron, WebWasher, MailWasher, and some antivirus applications, there is a possibility The “Skip Loopback” global rule allows any application to send data to 127.0.0.1 and should be disabled as it does allow potentially malicious applications to access the Internet.

If you are using a local proxy and wish to create individual loopback rules, I can take you through the process.

If these are dumb ? I'm Embarrassed in advance.

There are no dumb questions, just dumb answers

Toggie

Good suggestion. I’ve thought about this long ago myself, but don’t remember if it’s in any of the wishlists yet. Not just blocking IPs, but probably any Network Monitor rule that’s newly added.

Hi Toggie! Are we having any fun yet? I am you guys are teaching me and that is very very good!
My reply’s to your questions I will put in red in context to keep me straight!

Toggie:

I went in and found the settings shown. Security wise, do you see any changes I need? (:NRD)

Also what about the earlier question, I have descibed the connection with the gaming PC.

What do I do with the Lan ip 192.168.1.0/255.255… entry that because of the gaming PC sharing the router I had (as ZA calls it) Internet.? There seem to be only 2 choices block or accept? :-\

[attachment deleted by admin]