Installed today on Vista 32bits, so far so good, seems smooth enough for a beta and the logic of popups is easy to understand. So far, seems like a significant improvement over 2.4
Suggestions:
improve the GUI by placing features “logically” e.g. the event log or viewer is useful all the time and should be avail from anywhere, especially when creating rules or specific behaviour. I had to go back and forth ‘basic’ section and ‘advanced’ to create global rules to allow a specific item on my network.
it would be nice to have a ‘preset’ to assign a zone e.g. the LAN a specific set of rules/policy e.g. allow LAN traffic. For now I went to global rules and allowed everything from and to 192.168.1.0/255.255.255.0, this could be improved but I am lazy ;D
It seems the final product will really be a nice achievement. I hope the firewall performance itself will be as good as it seem to be (I am no ‘leaktest’ or firewall specialist)
Congratulations for your excellent firewall. I like it very much.
First of all, i apologize for my bad English and my ignorance how such a firewall works.
I use a little number of programms: A. Browsers: Internet explorer, firefox and opera. B. Security: Nod 32, super antispyware, avg anti-spyware, adware, a-squared free. All of them need daily manual updates. C. Other aplications: Adobe reader, office, nero burning rom, win media player, win live messenger e.t.c
Till now, when i run an application and get out a lot of alerts, the only thing i know to do is to check the “remember my answer” option and click the “allow” button. But i am afraid that it isn’t the correct way.
May be, is better to define the A category as “internet browser” and B-C category as “trusted applications”.
What is your opinion?
Finally, is there any thread or topic in the forum with such simple advices about configuration.
Thanks for your patience and your help.
Have a nice day!
I would say A as “Web Browsers” and almost everything else as “Outgoing Only” (outgoing requests can establish incoming traffic…). Very few apps may need to allow some incoming request (svchost.exe and System needs to accept incoming requests from LAN if local network computers should be able to browse the shared folders. And I have a port opened for uTorrent).
At first I thought this was a bug but after fixing it myself I like this set up
this might be security leak prior to the fix
I am able to edit the registry and disable CFP3 Beta password protection from a “User” account if you want to allow this from an “Administrator” account I think that would be ok
Note
I have tested this and it was due to the permissions on this key It was Everybody/Allow all
Here’s my fix
In order to change this I had to llog in from an admin account Exit CFP3B open the HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Settings with regedit
disable herediity on the “Settings” Key
Add the “Administrators” group with “Allow all” Priviledges
Add the “Users” group with “Read only” Priviledges
And Delete “Everbody” group
Now I can not change this registry setting from a “User” log-in
If I forget or loose this password I can still disable “Enable password protection for settings” from an “Administrator” log-in by changing
HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Settings
from PasswordEnabled REG_DWORD 0x00000001
to PasswordEnabled REG_DWORD 0x00000000
However I can and this is a big advantage, I can go in to CFP3B and disable the password if I want to, and when I reboot. It will re-enable pasword protection in CFP3B or I can enter the password in each setting as I go
Since Beta version I can’t download using FlashGet download manager. I have already included FlashGet in the trusted application list, but the only way I can make it work is changing the firewall security level to “Allow all”.
all seems smooth and stable now. only niggle seems to be when you get pop up alerts for firewall/defence+ and balloon pops at same time one covering the action buttons of other. not a biggy as can move popup box so no overlap but a bit of a faff ‘out the box’. may irritate new users especially if less patient than me!
I cant understand why adding eMule, uTorrent or ApexDC applications in rules as fully allowed programs dont work well… It seems that Comodo Firewall just lets them connect to somewhere in internet but not everywhere as they should be allowed as they have “Trusted applications” rules. They really should be allowed to make any connection anywhere they like… But it just dont go like that, I have to manually add their TCP and UDP ports to Global rules list to make them work even a bit… So is this a bug or is this just feature that isnt fully implemented yet?
It’s how Comodo is built. Global rules supersede application rules. Global rules is your global policy, where SPI for TCP and pseudo SPI for UDP is applied, application rules are, well, what they are. ;D
I am seeing a lot of blocked ICMP traffic in my Firewall Events log. The log is showing the Application as “System Idle Process” blocking ICMP on destination ports 3328, 768 and occasionally port 0 and 256. Lots of different source IP addresses , mainly from source port 768.
Does the System Idle Process application pick up any traffic that isn’t covered by other applications, as System Idle Process isn’t in my list of applications.
I am wondering if this is anything to worry about. If it is harmless/useful traffic, what process should be receiving the traffic. If not useful or the traffic is some form of port scan, is it possible to set up the firewall to not log this specific traffic (as I have a lot of it!).
Log doesnt show any “attacks” i mean even in the settings there are nothing to cover for example “port scanning”… It would be great if Comodo could still protect from port scanning and block those nerds from trying to penetrate my computer… And log should show me details about these “attacks”…
And to return to my point about trusted applications being not fully trusted, it is a stupid problem and i think Comodo really should change their policy about this… Trusted applications should be “fully trusted”… I dont want to try to create Global port rules for applications like MSN Messenger, eMule and similar, with blocked connections in varying ports. I even got blocked connections from Firefox, Avast Webguard and etc. It really pisses me off, because theres nothing I can do about it, those programs are fully allowed but still being blocked by Comodo…
Updated:
Selected that “i would like to be alerted…” option from Stealth configuration… Deleted all the rules for applications and Global rules before that, set Firewall to custom mode and from every alert that came up I modified all the application rules to my liking, now everything works like charm…
I use winrar , I want to extract something to the desktop , then CFP gives me these alerts , if I block them , the files also can be extracted to the desktop . Why ? Does winrar.exe really want to modify these floders ? Many process are same to winrar.exe , if they want to create or modify a file in a folder , CFP will give me many alerts about modifying folders , and the folders are the important folders protected by OS itself all . OS: windows XP SP2 32bit
CPF 3 is working great, but the Defence+ is really annoying, so I disabled it. I have got several pop-ups when I was installing programs, unninstalling…etc
Go to the Miscellaneous Section, and select “Manage My Profiles.” You will then be able to select different options, including to scan your system to create the safelist, or to edit the safelist, etc.
Thanks! At first i think “Manage My Profile” is complex for me because i don´t know it enough. I must learn “Manage My Profiles”. Maybe it is too complex because i want to install only one program without alerts.
Ok! I will learn “Manage My Profiles” and ask you later!
Another thing you can do w/Defense + (because of all the alerts) is change the Security Level to Learn All (instead of the default “Learn Safe Only”). Obviously, you would only do this if you have confidence that your system is clean of any malware…
