Help me understand

Hi,

just deployed Comodo Firelwall and Defense+ and as I’m trying to figure it out if it’s reliable I run some online tests from sites like: GRC | ShieldsUP! — Internet Vulnerability Profiling   or http://www.pcflank.com/
All run fine except for leak test run locally with program from here Leaktest | PCFlank which proves me that Comodo is not filtering outbound connections or asks me what to do next.

What’s your opinion on this, is it something to worry about or not? I see random behavior concerning outbound filtering from Comodo, sometimes I’'m being asked, othertimes I’m not.

PS: I’m coming from ZoneAlert FW solution and there I was used to be asked about everything and I kind of liked this (I might not want to allow even a trusted application)

Thanks

If you download the PCFlank test and save it locally, physically disconnect from the internet and then run the test, it will still report that the browser has leaked.

Given that we have disconnected from the internet, I’d love to know where it is leaking to.

Ewen :slight_smile:

Hi chiticco,

The default install for CIS allows ‘trusted’ applications out to the internet to reduce the number of alerts shown.
It will only alert you for ‘unknown/malware’ that is trying to use an internet connection.

If you don’t like this behavior you can set ‘create rules for safe applications’ on the firewall settings.
Also setting it to level ‘Custom’ will create more alerts, next have a look at the tab ‘alert settings’ and chose a mode that you like.

If you wish you can have it alert on very high so every IP and port is asked before connection, but that takes a bit of tuning the app because otherwise it will become unworkable :wink:

Hi,

Panic: indeed, I’ve run the test you suggested and it’s true, the program suggests me that test failed however opening the IE page at suggested URL doesn’t show anymore the text I’ve entered (I was starting to think of a cookie scam :)).

Ronny: many thanks for the suggestions, I’ll give them a try and see how it works.

@Both: ok, clarified my doubts: application was added in the Trusted list of apps, that’s why it run fine. As soon as I’ve removed it from there the Sandbox alert showed and Cloud Scanner Alert as well telling me that a malicious application has been detected. Under these circumstances the application result was that Firewall passed the test → false alarm 88)

Many thanks