Help Needed

Have disabled Defense+ in Comodo Firewall as I have Proactive Defense enabled in Kaspersky. Therefore, only enabled the Firewall without Defense+. Was wondering what is the best setting for maximum security? For apps like Skype and Yahoo Messenger is the profile Trusted Application safe to use or should I use any other profile like Web Browser? Currently using Custom Policy mode in COMODO. Need some help as to how I can increase my security?

custom policy is right when you want to make the rules.

better than trusted (trusted allows all, but even if the program is trusted for you, you dont know about the character of the ingoing attempts) is using OUTgoing only rules. try how far you come with TCP and/or UDP outgoing only. usually thats enough.
only real servers or p2p need to allow unrequested ingoing traffic, which would need a very specific “allow ingoing rule”, because allow ingoing is like a hole in the wall.

use stealth port wizard setting 3, hide me from everyone. so you dont have to answer ingoing requests which you didnt initiated yourself by traffic through an outgoing rule.
if you want to use the internet, your initiations is all that needs to pass the wall as a first traffic to get the packets. you get updates also, as updates are requested. they dont come by itself out of the internet.

Thanks for your response. So basically if I use the “Outgoing” policy for my applications, It’ll be more than enough.

As Skype is based on P2P format, I have to check that whether when I use the Outgoing only mode for it, does it accept incoming call connections or not?

I’ve also set up the stealth port wizard setting number 3. Thanks alot.

you can use skype with outgoing only too. and i would recommend that ALLWAYS as long as everything runs.

as i said: you get requested packets, while unrequested ones are blocked.
skype uses a technic, which “tells” your computer, the call from a friend has been requested by you. they trick firewalls :wink: as they dont have a central server like other messengers . on the other hand, you can use outgoing only rules then and it will work though.

to make rules as much specific as possible: it is enough if UDP and TCP is allowed outgoing. then you avoid that pings are send outgoing too for an application.
you can make a predefined rule yourself. it will be in the question window then! (allow, outgoing, tcp+udp).
outgoing is much safer than trusted. but if a program needs just a few ips, make the rule more specific with the ips, but still outgoing udp+tcp in principle.
skype is in a way p2p, and that means, it will use many ips. so here is TCP+UDP outgoing a good balance between useabillity and safety.