Thanks! But i think the “Learn Safe Only” security level is wonderful. Only at installing software too much alerts are viewing.
Andreas
Non-safelisted applications usually generate multiple warnings, and prompt me to choose an appropriate action. In the beta I have to do so for each and every pop up. Shouldn’t it be possible to select an action and apply it on all related warnings in one big sweep, or am I missing something here?
Why doesn’t CFP 3 remember the previous action chosen? I.e. why do I have to tick the ‘remember’ box again and again?
It’s all in the details, Charlie42. If you look at those closely, you should see that there are some differences from one alert to the next.
One of the most frustrating things for me is when printing stuff. It seems there are a bajillion ControlSet (or something like that) registry entries related to printing, and each time it moves to a new one, and continues on through them all as it prints, modifying them. Then the next time something’s printed, it goes through the whole freakin’ process again. But because it’s different each time, there’s a bajillion more alerts.
LM
Thanks for replying Little Mac.
I’m aware of these subtilities, but what I am wondering of is if there is a setting somwhere that can enable me to treat all alerts related to the same program/process in one operation, even if they’re slightly different. (Not any bulldozer approach eliminating all alerts though.)
Sure, Charlie. Open that application rule in Defense + and Edit it. Look at the Access Rights, and make changes there. For each line item, the Settings/Modify button would be better named “Exceptions” as that’s what it allows you to define - Allowed or Blocked applications.
LM
Hi,
Under ‘Network Security Policy’ the automatic rule created for Firefox and Opera is ‘Custom’ ‘Allow IP Out From IP Any Where Protocol is Any’.
This is In ‘Learn Safe Only Mode’ having done a scan of applications during the install.
Clicking the Edit button give the option to select from a ‘Predefined Rule’ set, and one of the predefined rules is ‘Browser’.
It seems a bit odd that when a predefined rule is available for browsers, it is not applied. Is there any advantage to switching the rule to ‘browser’, or indeed any disadvantage?
The same thin goes for Thunderbird: an ‘Email Client’ predefined rule is available, but automatic rule is ‘Custom’. Can I/should I change the rule to ‘Email Client’, or just leave it alone?
when CF is in learning mode on both defense plus and firewall isnt that bad if you click somthing thats bad and not realize the firewall or the defense would see it as good ?
is this safe to just keep it there? or after while do i just move it to custom?
Brock
Good point, Frank ~
I’m not sure why it doesn’t apply the “browser” and “email” presets; perhaps it doesn’t know that’s what those are?..
You can, however, change them. If you look at the details of the predefined rules, they simply specify ports to be used, and possibly another detail or two. A little bit tighter than the “custom” rules currently in place.
LM
Cheers for that! Ta!
Me again!
Do the same rules apply for using eMule as with the previous version of Comodo?
I made eMule a Trusted Application, then added these rules in Network Security Policy>Global Rules:
1. Rule for TCP protocolAction = Allow
Protocol = TCP
Direction = In
Source IP = Any
Destination IP = your computer IP adress (you can also use “Any”, if you are using a modem and not a router; by this you won’t have to change the IP address every time you connect in internet )
Source port = Any
Destination port = the port your Emule uses for the TCP connections
- Rule for UDP protocol
Action = Allow
Protocol = UDP
Direction = In
Source IP = Any
Destination IP = your IP adress (or “Any” )
Source port = Any
Destination port =the port your Emule uses for the UDP connections
https://forums.comodo.com/faq_for_comodo_firewall/emule_and_bittorent_tuttorials-t411.0.html
They appeared just below ‘Allow All Outgoing Requests’, i.e., as rules 2 & 3.
Is this a secure setup in Comodo 3?
Thanks for any answers!
Shields Up! is reporting my eMule port as ‘open’ with these settings.
Guess that’s not good, huh? :o
Shields Up (and any other online test) will always report your eMule ports as open. It’s because they are, if the application is actively running. eMule (and all p2p, IM, phone, etc applications) has to use those ports to accept the Inbound connection; thus when it’s running, it holds those ports open (this is why you want to manually select “random” high-number ports, so they won’t be commonly used by other applications).
If you’re going to run online tests, you need to shut down all extraneous applications like that, leave them off for a few minutes before testing. This is because even after applications are closed, they may still be holding the port for a little while.
LM
OK, I understand. Thanks for that.
eMule assigned a high-number port, and I did a scan of that specific port while eMule was running.
Can I take it that that port is not open to attacker, just for use by eMule?
My understanding of the set-up described for Comodo 2.4 was that incoming connections could only be accepted when a program was using the ports opened in Network Monitor, and that when no program was using the ports, they would be stealthed by Application Monitor:
Can one add the same rules as described in the previous eMule tutorial (for Network monitor) to the Global Rules in Network Security Policy of Comodo 3?
What is the correct position for these rules? The old guide states:
You must move the rules up, over the default rule "Block IP in". ( CPF "reads/applicates" the rules from the top to the bottom)
But there is not the exact same rule in CPF 3.
New rules in CPF 2.4 were created at the bottom. New rules in CPF 3 are created at the top- just below ‘Allow All Outgoing Requests’. Adding the rules for CPF 2.4 in the default location (at the top of the rules list) certainly works, with eMule getting a high ID, but is that set-up safe?
Do I need to move the rules down? Is ‘Block All Incoming Requests’ the equivalent of ‘Block IP in’? Do the new rules need to be over ‘Block All Incoming Requests’? Just guessing here,
http://donaldbroatch.users.btopenworld.com/comodorules.png
Default rule location. Move down?
Is it also correct to set eMule as a trusted application?
Thanks for any help.
Thanks again Little Mac. Going through the entire list of programs like that took me quite some time… I sure hope Comodo makes an easier way to do this in the final version. Imo. it should have been possible to do it in the warning window itself, whenever one pops up. Other firewalls I’ve used do that.
Charlie42
After a re-start, my added rules for eMule seem to have moved to the bottom of the list:
http://donaldbroatch.users.btopenworld.com/comodorules2.png
???
EDIT: eMule is working, but is this set-up secure?
Has Image Execution Control Settings been disabled in CFP 3.0.8.214?
If I remember correctly the setting in CPF 3.0.7.208 used to go back to normal but did work in the aggressive mode if you chose that setting.
All I can say is that I took me absolutely no time to figure the buttons and settings out, it’s very clear to me, great job! Also I totally dig the new look, especially the Logo and the message boxes are done nicely!
@FreewheelinFrank (Post above me): Why not remove the duplicate rules? IMHO they are not necessary? Could be mistaken of course.
Now that I say this… does Comodo work the rules from top to bottom? IE when you place a rule at the bottom after a Block rule, is that rule still applied, or does the order of the rules not matter? (Hope I made myself clear I can be a chaotic person when it comes to explaining things lol)
The duplicate rules are not of my adding. I can only assume they’re there for a reason.
Not really, took me some time to figure out also, but when you complete the wizard whether you want to be visible on a trusted network or not, the firewall will add rules and set it up for you. But when you do the wizard again, the rules will be created again. So completing the wizard 4 times, will result in 4 times the same rules. IE those duplicate rules are unnecessary IMHO.
uTorrent isn’t receiving incoming connections, even after setting it as a trusted application.