How to allow apps port-by-port?

Hi, and thanks for reading :slight_smile:

I’ve read through a few guides & faq’s already, but haven’t come across an easy answer for what I’m looking for yet.

I’d like to allow applications on a port-by-port basis.

For instance, i installed CPF and launched Ventrilo. Ventrilo first tries to do a DNS lookup (port 53), and CPF presents the popup asking if I want to allow or deny the request. So, I say allow. This happens only on ventrilo Launch, not connected to a server yet.

When I actually connect to the server, ventrilo uses port 3508 but I do NOT get a CPF popup asking to allow or deny! it just allows it.

Same for other applications. Open Firefox, connect to an http address. Allow/Deny comes up, and i Allow it. Now use firefox to connect to an FTP address, and it’s allowed automatically.

I’m mainly concerned about protecting against compromised applications. Say i get a trojan that modifies my internet explorer executable with a keylogger. IE is already allowed on every port, so whatever port hte keylogger uses will also be allowed (assuming the keylogger embedded itself into the executable…). and firefox, i use some extensions that download rules and stuff automatically. if a “bad” extension is installed, i want to see a CPF popup saying firefox is trying to connect to this IP on this port, not just have it globally allowed.

Thanks for any help or suggestions. So far I’m loving the product, and can’t believe I havent heard of it before now :slight_smile: This is definitely going into my must-have apps list, and will be vigorously promoted to my friends :stuck_out_tongue:

Hi speak.

Maybe this will help, but if the mods want to correct me, please feel free.

Comodo, has some default network rules, one of which allows outbound communication for TCP and UDP to Anywhere.

It learns about applications and creates rules for them by using the pop-up’s when you launch an app.

So the first time you run an app, it says, Oh look! a new app, better ask about this (pop-up). You answer (perhaps tick remember) and off it goes…

If you want more control you will have to create individual rules for both Network Monitor and Application Monitor. The Application rules will allow you to specifically define which addresses and ports you wish to connect to.

Hope this helps

Thanks for the fast reply!

If I delete all existing rules (application & network) then create one to Deny All in both sections, will I still get the popups per application? Or will it just deny them without telling me it denied them?

I’d like to get the best of both worlds - global deny by default, but also a “Learning” mode that asks me if I want to allow or deny.

Thanks again!

You need to be careful about what you remove from the Network Monitor section. You will need a basic rule in this section to allow TCP and UDP Out (already exists) although you could probably ‘tweak’ it to be more specific.

For Application rules, you can be as flexible as you need. Providing you create rules that provide the application in question with its requirements, IP, protocol, port and direction wise, you should be ok.

There is a new thread here:

https://forums.comodo.com/index.php/topic,2405.0.html

That could prove interesting to watch and even contribute to.