Hello everyone,
I’ve had Comodo Firewall installed for about 3 years and I’m currently reviewing my whole configuration after a little security scare.
(My system: Comodo 8.1.0.4426 ; Windows 7 Home Premium Service Pack 1 (x64) ; Avira Antivir, MBAM and a few diagnostic tools downloaded this week)
I have 3 Defense+ questions:
-
When applications I do use don’t have an entry under HIPS rules, do they fall under ‘All applications’?
-
Is this configuration okay for ‘All applications’ at the very bottom of the HIPS rules window? There are quite a few exceptions!
http://img11.hostingpics.net/pics/210506ComodoHipsRulesAllApps.png
Here is the relevant part of the exported configuration:
<PolicyItem UID="{7EE3...}" Flags="1" DeviceName="All Applications" Index="39" TreatAs="">
<Rules>
<Rule Flags="16" DefaultAction="0">
<Allowed>
<File UID="{99556...}" Flags="1" DeviceName="Temporary Files"/>
</Allowed>
<Blocked/>
</Rule>
<Rule Flags="8" DefaultAction="0">
<Allowed>
<File UID="{FB1F1...}" Flags="1" DeviceName="Temporary Keys"/>
</Allowed>
<Blocked/>
</Rule>
<Rule Flags="2" DefaultAction="0">
<Allowed/>
<Blocked>
<File UID="{386F35...}" Condition="Os==Vista || Os==Win7" Flags="0" Filename="?:\$Recycle.Bin\*" DeviceName="?:\$Recycle.Bin\*"/>
</Blocked>
</Rule>
<Rule Flags="2048" DefaultAction="0">
<Allowed>
<File UID="{6F3E9...}" Flags="0" Filename="%windir%\system32\msctf.dll" DeviceName="C:\Windows\System32\msctf.dll"/>
<File UID="{67BFE...}" Flags="0" Filename="%windir%\system32\shell32.dll" DeviceName="C:\Windows\System32\shell32.dll"/>
<File UID="{EBAC...}" Flags="0" Filename="%windir%\system32\browseui.dll" DeviceName="C:\Windows\System32\browseui.dll"/>
<File UID="{948D3...}" Flags="0" Filename="%windir%\system32\ieframe.dll" DeviceName="C:\Windows\System32\ieframe.dll"/>
<File UID="{B3BC1...}" Condition="Platform==x64" Flags="0" Filename="%windir%\SysWOW64\msctf.dll" DeviceName="C:\Windows\SysWOW64\msctf.dll"/>
<File UID="{AE2A...}" Condition="Platform==x64" Flags="0" Filename="%windir%\SysWOW64\shell32.dll" DeviceName="C:\Windows\SysWOW64\shell32.dll"/>
<File UID="{0C387...}" Condition="Platform==x64" Flags="0" Filename="%windir%\SysWOW64\browseui.dll" DeviceName="C:\Windows\SysWOW64\browseui.dll"/>
<File UID="{3D17C...}" Condition="Platform==x64" Flags="0" Filename="%windir%\SysWOW64\ieframe.dll" DeviceName="C:\Windows\SysWOW64\ieframe.dll"/>
</Allowed>
<Blocked/>
</Rule>
<Rule Flags="1" DefaultAction="0">
<Allowed/>
<Blocked/>
</Rule>
<Rule Flags="4" DefaultAction="0">
<Allowed>
<File UID="{3F50C...}" Flags="0" Filename="*" DeviceName="*"/>
</Allowed>
<Blocked/>
</Rule>
</Rules>
<Protections/>
</PolicyItem>
- Could it be safer to create new specific - and more restrictive - application rules for the applications I’m not sure to trust?
Thank you!