How to configure CPF

Help for v2
1

I installed CPF on a new PC (WinXP Pro SP2) to be used by my chidren for their school work, etc. However, I’m having trouble understanding how to configure CPF.

On my existing PC I run a rather old version of ZoneAlarm Pro. On this PC I restrict which sites & ports OE can access. To do this, I add my ISP’s mailserver & the various news servers I access to ZAP’s “Trusted Zone” and then define a rule allowing OE only access to the Trusted Zone using the applicable mail & news ports.

I also do similar with svchost.exe (DHCP & various MS sites) and various other pgms.

How do I or what is the best way to configure CPF to do the same? ???

I tried adding new “Zones” which added a new Network rule. Plus it seems that I have to add MULTIPLE entries for MSIMN.exe to point to each of the new “zones” rather than just the 1 pgm rule under ZAP.

I just find this rather confusing & not very clear compared to ZAP …

+++++

Once I have configured all the pgms in ZAP, I then set the default new pgm access to block all access & turn off all popup/notification windows, aka ‘silent’ mode.

For CPF when I start a new pgm (unknown to CPF) it added it to the application group with ALLOW access. :-[

So how do I configure CPF to block access to new/unknown pgms? ???

Does CPF have a option to turn off all popup/notification windows? ???

Cheers
Bazza…

2

Hi and welcome,

You can turn the popups off by opening CPF going to security>>advanced then unchecking the box next to show popups.

To configure applications open CPF go to Security>>application monitor then click on the required application, then right click and select edit. You can then set this up how you want. There is information on this in the help file to help setup rules.

Mike

3

Mike,

Thanks for your reply.

Knew it would be simple … must be going blind in my “old age”. ;D

I’m aware of that. I also read the help file. When I tried to modify the MSIMN.exe entry I could add ONLY apply ONE IP address or ONE ZONE name but not both, etc. Maybe I’m simply doing something wrong. If so, I don’t know what I’m doing wrong.

I’ll use ZAP as the example … simply because that’s what I know. I’m aware that CPF is not ZAP & therefore, rule definition/terminology will be different. I’m keen to use CPF because it appears to provide, at least, equivalent functionality as ZAP and does so for FREE, eg. ZAF doesn’t allow PGM port control. It’s also not as bloated as the current versions of ZAP are.

As I said earlier, I can achieve what I want in ZAP in 2 ways:

The 1st is I can edit the PGM entry and add an “Expert Rule” (ZA’s terminology, not mine). This rule can control the source, destination, ports &/or time. I can add MULTIPLE IP addresses or multiple groups of IP addresses, multiple ports, etc. etc.

As far as I’m aware, I cannot do this in CPF or at least, it wasn’t obvious to me, how to do this in CPF.

The 2nd method, is to add IP addresses to ZAP’s “Trusted Zone” (a ‘group’ of IP addresses), then allow the PGM access only to the “Trusted Zone”, not the “Internet Zone”. Port/time control is still done via a “Expert Rule”.

The advantage of this method is that I can simply set the default PGM access definition to allow access to the “Trusted Zone” for all PGMs and then control port access, etc. via an “Expert Rule” for those individual PGMs that I want to. If a PGM requires access to the “Internet Zone” then I manually change the rule later.

Again, I don’t see a way to do this in CPF.

Bazza…

4

Hi,

At least you got the popups sorted.

About, setting rules etc, I’m sure someone more knowledgeable than me can help with this (as I havn’t took much of an in depth look at this - yet, but I will try to see if I can find out).

Mike

5

Hi, Bazza
and welcome to the forum.
Could oyu please explain a bit what IP adresses you want to add. Are they internet IPs or LAN IPs? Are they a part of a particular site? Are they adiascent IPs so that you can give an IP range? Please be more specific by giving some examples for the IPs. It will help for understanding better what you want to do :wink:

6

Howdy Pandlouk,

They are internet IP addresses. They are the IP address of my ISP mail server & the IP addresses of the various news servers that I look at, eg. news.microsoft.com (207.46.248.16), news.grc.com (4.79.142.203) and others. I also have my ISP’s DHCP server, DNS servers, Time Sync server and Local Host (127.0.0.1 and 0.0.0.0) in ZAP’s “Trusted Zone”.

OE does NOT have access to the “Internet Zone”. I also limit OE to the relevant mail & news ports via a “Expert Rule”.

As I said in my previous update, CPF is not ZAP. Therefore, I expect that I have to define the access rules differently in CPF. However, it seems to me that I can’t create a “group” of IP addresses and then allow OE (or PGM xyz) access to that group. I could for example, add MSIMN.exe a number of times to the Application list specifying a different IP address each time.

Although both CPF and ZAP have “Zones” they appear to ME to be totally different in their definition/content/usage … and I’m having trouble understanding what a “Zone” means to CPF. Adding a “Zone” in CPF simply appears to add a rule in the Network section. Even adding multiple “Zones” using the same name, simply adds an extra rule to the Network section. I then have to add multiple MSIMN.exe entries to the Application section pointing to each “Zone” I created. In which case, why bother. I might as well, simply add the multiple MSINM.exe entires using the IP address of the mail server/news servers.

Bazza…

7

OK. I understand the problem and I agree with you; with the current version of CPF is not possible to add multiple IP adresses on a program just a range of IPs is possible.
Consider making a request on the whishlist https://forums.comodo.com/index.php/topic,66.0.html for the next update to add such a feature. I think that it will be helpfull to a lot of people, me included. ;D

8

Thanks.

Done.

Bazza…