How can I start comodo firewall to allow all connections?

tharrisone · June 5, 2007, 7:01pm

I’ve had problems in the past with hackers who brute force logins and I’ve updated the security policy but it doesn’t help.
In the past I have used Comodo and have been very amazed by how well it secures a machine.

I have to connect to this machine over the internet so I need a way to start comodo to allow all or I will be locked out of the machine.

Thanks for your help.

system · June 5, 2007, 8:27pm

Welcome to the forum, tharrisone.

Right-Click on the FW systray icon, select Adjust Security Level, and Allow All. This should only be done for testing/troubleshooting purposes, or in your case, something else. Why would you want to risk it and allow all, if I may ask?

tharrisone · June 5, 2007, 8:31pm

I am connecting via remote desktop to the machine which is 5000 miles from me.
If I start the firewall it will block all the ports and I will be locked out of the box.

I need a way to start the firewall and have it allow all.

Ravenheart · June 5, 2007, 8:37pm

Far safer to allow connections from the IP you will be at, for the protocol types and ports that Remote Desktop will use.

system · June 5, 2007, 8:45pm

Far safer to allow connections from the IP you will be at, for the protocol types and ports that Remote Desktop will use.

I couldn’t agree more. leaving the firewall in Allow All mode is just asking for trouble.

tharrisone · June 5, 2007, 9:03pm

Ok,

let me explain. If I reboot the machine after installing the firewall it will block all incoming ports. What I am trying to do is configure the firewall before my remote desktop connection is shutdown by the firewall. I cannot access the machine directly, only through remote desktop. So how can I configure it without it locking me out?

Little_Mac · June 6, 2007, 4:37pm

Have you tried accessing the FW GUI after installing, but before rebooting? I’ve never tried this, so I don’t know if it would work or not. If you can, perhaps you can configure it prior to reboot, so that you can access it after boot.

LM

kail · June 6, 2007, 4:54pm

As far as I’m aware… CFP 2.4 does not support either remote installation or configuration. But, it is on the Wish List & Melih (the CEO) did say that they would address this in the future… although it isn’t clear if he meant CFP 3 beta (due today), probably not… is my guess.

Edit: PS we tried very hard to get this working, no matter what we tried CFP defeated us on the reboot.

pandlouk · June 6, 2007, 8:34pm

It can be done and it is quit easy to do it.

Here are the steps to take:

Install CFP with the default settings
IMPORTANT Uncheck Restart the computer at the final step and select finish
Import the setting from the AllowAll.reg included in the AllowAll.zip file that is attached at the end of my post.
Reboot the machine and you will see that CFP will start in Allow All mode. ;D

Hope it helps,
Panagiotis

ps. Here is the registry entry that is included in the reg.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Personal Firewall]
“SecurityLevel”=dword:00000002

[attachment deleted by admin]

kail · June 6, 2007, 8:50pm

I thought Protect own registry keys and files from unauthorized modifications was on (and active thanks to the drivers) by default?

pandlouk · June 7, 2007, 12:24am

Hi Kail, (:WAV)

Yes, you are right, Comodo protects its own registry keys and files by default, but during the installation, the drivers are not active until the system is rebooted.

panic · June 7, 2007, 1:47am

WOW! Really clever lateral solution Pan.

This should be rewritten into a “How can I do a remote installation?” FAQ for CFP.

Good work Sherlock!

Ewen

Little_Mac · June 7, 2007, 2:30pm

Good work! (:CLP) I’ve added the post to the Tutorial Compilation thread, under Installation tutorials (with some slight editing to help with context).

LM

pandlouk · June 8, 2007, 1:03am

Thanks Ewen. (:SHY)

ps. there are also 2 other ways in achieving this but this one was the easier workaround. I had to find some way to control/update/fix the pc of my parents who live 2500miles away.

kail · June 8, 2007, 2:00am

Well done pandlouk, that is excellent stuff.

tharrisone · June 8, 2007, 8:04am

Thank you sooooooo much. I was beginning to lose hope.

Thanks a bunch, now I can get this installed without being locked out.

(L) (S) (L)

Little_Mac · June 8, 2007, 7:25pm

Be sure to give us a follow-up report on how it works out…

LM

tharrisone · June 9, 2007, 6:14pm

SUCCESS!

I followed your instructions and didn’t reboot until I changed the registry.
It rebooted in allow all mode then I updated the applications and opened the specific ports
needed and made sure that everything was configured properly before turning the firewall to
custom.

I got scared for a second after it went life cause it shut down my connection but I reconnected
just fine.

I do have a question:

Is there a way to stop/block someone who connects to remote desktop and has numerous failed logins? I’ve had a few hacker problems on this site.

Btw I would love to see Comodo add an option to allow all after reboot.

Thanks guys you’ve made my day! :BNC

panic · June 9, 2007, 10:40pm

You could make a network monitor rule for RDP but restrict it, based on IPs or a zone. If there is only supposed to be one remote connection (you) and you have a static IP, create the rule selecting the “Exclude” option but include your IP address. This will block every IP execpt yours.

Hope this helps,
Ewen

P.S. Wasn’t PAndlouk’s solution a ripper!