I’m confused, I’m trying to replace Glass Wire + Windows Firewall with Comodo Firewall - or at least I thought I was downloading a firewall… seems it’s bundled with other features like anti virus stuff… I don’t understand that… Is there not just a straight firewall? The file I got is called cmd_fw_installer_6113_c7.exe.
Anyway, Glass Wire lists all outgoing connections and lets you block them. It lists everything, Trusted and Non Trusted files processes and services. That what I want to do with Comodo. Installed Comodo firewall and disabled Windows Firewall. Looking at the outgoing data, It offered me to view More and for that it downloaded and installed KillSwitch.
Fine, more info BUT - Tons of things are Already Trusted out of the Box - YIKES! Thats not gonna do at all. In fact, thats down right frightening that a firewall will presume to know your outgoing and incoming needs without even asking you. I need to Block all Trusted and Non trusted myself so I can determine if they should connect. How do I do that?
I notice Comodo Firewall does Not leave the outgoing connections up to view. they disappear at times…Why does this happen? nor does CF tell me the times the process tried to connect. I need to know the times. How can I fix all these issues? Thanks.
You can set the firewall to custom ruleset and remove all the default application firewall rules and you can change the alert frequency from the default low to either medium, high, or very high. More info about firewall mode and settings here: Firewall Settings, PC Firewall, Firewall Protection | Internet Security and help on application rules for the firewall: Application Rules, Firewall Protection, Best Firewall | Internet Security
The view connections task list all active connections for each process, overtime those connections close or timeout and thus will be cleared from the active connections list. You can view the firewall event logs which will tell the time and other information about connection attempts when you receive a firewall alert.
Thanks… I found the View logs and checked Entire time, then went to Firewall Events but there is nothing listed. This is strange because in the default view connections window, there are connections overnight that tried to connect via outgoing. (Ethernet was turned off for the night via a desktop switch I have - so nothing could get through but the log still should reflect the activity from the main firewall view shouldn’t it?) Why is my log empty?
In fact my browser is open now going through the firewall… why isn’t this listed in the logs?
Wait… I think I got it… is this right? The program will Only create a log IF the system has to generate an Alert - right? The problem with that is if there are trusted apps out of the box, you won’t get any alert and therefore no log entry? Is that correct? In order for me to see what I want to see, logs for every attempt over many hours, I’d have to first use Custom Rulesets and reset everything to UnTrusted and high alerts, is this right? ( then the logs will be there… thats why I’m not seeing my browser listed now… right… just trying to understand this. Thanks.
Because by default the log only shows when you get an alert for an unrecognized application that wants to make an outgoing connection request. Once you set the firewall to custom ruleset mode, then each time you get an alert it will be logged in the firewall events, and finally when you create firewall rules for application there is a setting called ‘log this firewall event when this rule is fired’ which will make a log event each time that specific rule is triggered. e.g. creating an allow outgoing rule for an application, trusted or not, and set log this event in the rule, then it will be logged in the firewall event.
Ah… cool thats the way to solve my problem…I’ll try it. Thank you! - See. Even if I told it to remember my preference, I still want to see a log. if it happens in the middle of the night, 12 hours later I can see the system tried to use xx to connect. I was struggling to find a way to make this work. I need to pay attention to : " ‘log this firewall event when this rule is fired’". Thanks!