A few days ago I updated Comodo - as far as I know I have the latest version which is 3.0.16.295 (I’ve tried updating from within Comodo and it reports that no updates are available).
Since updating I appear to be receiving many more pop-up requests (sorry I don’t know the technical name for them) than I used to with the previous version. I’ve only installed the basic firewall and not the Defence+ application with a view to cutting down on the number of pop-up messages.
I haven’t changed any of the default settings apart from disabling the tray animation and balloon messages.
Firewall Security Level is the default “Train with Safe Mode” and Defence+ Security Level is the default “Clean PC Mode”.
Are the alerts for Rundll32.exe because they have changed the permissions for Rundll this causes alerts for .dll’s it loads.
It can cause problems on boot on some system’s it did on mine for a couple of days.
Dennis
Many thanks for your reply. I haven’t seen RUNDLL32 specifically mentioned in the popups unless it is hidden. The popups have been happening for a variety of applications - many have just been communicating locally with other applications such as Windows Explorer.
If the Summary screen shows that the Defense+ security level is set to “Clean PC Mode” then Defense+ has been activated which is why you are getting alerts.
I suspect that when installing version 3.0.16.295 you may have selected the Firewall only option but didn’t uncheck the “Leak Protection (Recommended)” check box, which is ticked by default. This causes Defense+ to be partially activated - enough to provide leak protection similar to CFP 2.4, but not the full HIPS which provides better security but is even noisier.
To get back to the basic firewall, you need to deactivate Defense+. To do this go to the Defense+ screen and select the Advanced tab. From the Advanced tab, go into Defense+ Settings and from within the General Settings tab tick the “Deactivate the Defense+ permanently (Requires a system restart)” check box then restart the PC for the change to take effect. The summary screen will then show that the Defense+ security level is set to “Inactive” and you will get no more Defense+ alerts.
Please bear in mind though that if you do this the firewall will no longer be leak proof as Defense+ is the means used in CFP 3.0 to provide leak protection.
Many thanks again for the replies. I think I did leave leak protection enabled during installation which would explain the increase in popups.
Today I’ve been paying more attention than usual to the popups - normally I just check the application name and okay it - depending on what I am doing at the time - if I am installing a known safe application for example I okay them quite readilly.
Anyway, I’ve noticed most of the popups today have been from Defence+ and a lot have been for a application communicating with another application, for instance Firefox communicating with Windows Explorer.
My other security software is ESET NOD32 with provides Anti-virus and spyware protection. I also have a few spyware scanners installed that I run on a regular basis, at least once a month. These are Spybot S&D, AdAware 2007 and the Microsoft one.
What is the best configuration to balance the number of popups with adequate protection?
As Vettelech I also set COMODO D+ in Train with Safe Mode. Zero My Pending Files. When I install a new application, triggers a firewall alert, the I switch to Installation Mode and I chose Treat this application as Insttalation or Update, and the install process run very well , and if the install exe needs to connect to Internet I prompts me to enable it, like a firewall does
I forgot to mention that I also have a hardware firewall, albeit only in the forum of a BT Home Hub router which I think is fairly basic as hardware routers go.
Would I be okay reinstalling Comodo with the leak protection turned off as I have a hardware firewall?
Is there anywhere that explains the different modes in Comodo ?
I apologise - I’m not too clued up on software firewalls as I’ve been used to letting them get on with their job with minimum configuration for too long.
The router provides you with good solid inbound protection but does not provide outbound protection. One of the main reasons for deploying a software firewall in addition to a hardware firewall is to add outbound protection.
The question as to whether you will get adequate outbound protection from just the basic firewall with Defense+ permanently deactivated depends on how likely you are to get infected by malware in the first place. Prevention is always the best policy; trying to limit the actions of malware once it is running on the machine may not always be 100% certain to be effective. That said, a robust firewall with leak protection such as CFP may be the last chance you get to prevent malware from phoning home.
If you’ve got adequate layered security in place on your PC then using the basic firewall without leak protection might be OK. Otherwise, it may be safer to leave Defense+ enabled. Only you can judge from a knowledge of your own situation.
As to the different Firewall and Defense+ security levels, this is very well explained in the CFP help pages. I agree with Vettetech and MiguelAngelXP that for normal use “Train with Safe Mode” provides a good balance between security and ease of use. “Clean PC Mode” is also good if you don’t mind regularly reviewing pending files.