I have put my CIS 4.1 Complete in this configuration. I like it except when doing the leaktest ( CLT ) I still get physical memory as vulnerable. I have D+ in Safe Mode and Firewall security in Custom Policy Mode. Any thoughts on how to get this leakest 100%. Would putting the firewall in Safe Mode as well make the difference?
I previously had CIS config. set to “Firewall Security” and it passed all the leaktests, but I have always preferred ProActive, so if there is a way to set it I will be happy.
I am trying this too on Vista. I get an immediate D+ alert when opening CLT requesting unlimited access and if I choose Sandbox I then score 340. If I allow access most fail after denying the few further alerts.
Great configuration :-TU
Only thing I’ve added is in firewall, ‘Create rules for safe applications’ is checked and Alert settings are at high.
However, I still have 320/340 (DDE and Coat fails).
Altough, maybe I should reboot and try then, will let you know if that really helped to score 340
I have been using Symconsent on Vista instead of UAC, but I can’t find it now on Symantec,so maybe it has been withdrawn? It still alerts for updated programs but remembers your regular actions so reduces the alerts. It would be good if we could safely disable UAC and I think that we could do that now, unless it would be possible for a rogue problem to be added to Comodo white list by mistake.
This is the way it’s supposed to work. If you choose allow you are saying that you trust this application and are providing it complete access to your computer. Therefore, your leaktest score should be pretty bad.
I thought that including “Create rules for safe applications” automatically made the rules, which you could manually edit later. Other than this aren’t all applications in Comodo’s safelist automatically allowed complete access to your computer? The computer should be no more or less secure with this option checked. Right? (Please correct me if I’m wrong)
Also, with setting the alert settings to high, does this mean you will be alerted to more applications or you will get more alerts for each program? What I’d like to do is minimize the number of alerts you get, but maximize the security. If each program only gets one alert than this should be sufficient. (Once again, correct me if I’m wrong)
You are right.
I checked that option so I can see the rules that are created and modify something if I think there is a need for that.
For example if that option is not checked, internet browser is set to allow everything outbound.
In this case I just modify it to use predefined policy for Web Browsers.
Other reason is that I want to see all apps that are using internet access.
Also, with setting the alert settings to high, does this mean you will be alerted to more applications or you will get more alerts for each program? What I'd like to do is minimize the number of alerts you get, but maximize the security. If each program only gets one alert than this should be sufficient. (Once again, correct me if I'm wrong)
More alerts for each program (for every port that program is using)
However, I can’t notice more alerts than Low setting because Auto-Create rules is doing that job.
As I can see, difference is with Auto-Create rules, with default Low setting Comodo create rule which allow outbound for every port, with High setting it creates rules for outbound just for ports that program is trying to use.
With Very High setting you will have all that but with every IP address app is trying to connect.
I am always using “Block all incoming connections and make my ports stealth for everyone else”. No problem with it. You just need to poke holes in the Global Rules when you run a p2p or another program that needs server rights.