I'm losing confidence in Comodo Firewall

Hello All,

I’ve just installed Daemon Tools lite and after reading MountSpace a component within DTLITE gathers info on usage whether you want them to or not (even after un-clicking the gather info box during setup). I’ve tried to block its internet access with comodo but to no avail.

I did the following:

Defense+ > Computer Security Policy > Protected Files ans Folders > click on Groups at the end of the right column > add > A new group > give it a name > apply > scroll down > right click on “add files here” > add > select your folder in the left column > click on the arrow > apply > apply > OK.

Now do to the Firewall > Network Security Policy > Application rules > add > Select > Files Group > scroll to the name you gave > either choose the predefined Blocked Application rule either make your own one > don’t forget the apply and ok.

It’s made no difference! It still has access to the net.

I’ve noticed Disc Soft who make it has “Trusted” status with Comodo and I’ve removed it from the list, but it still has access to the net.

I thought I had one of the best firewalls but it can’t do a simple thing like block an app. It looks like I’m looking for another firewall.

I have the latest version of free comodo firewall on my pc.

Thanks in advance for any help that might come my way,

Rob :-[ :-[ :-[

Hi Bob,

Can you tell us what your Firewall Security Level is set to?
You can find this on Firewall, Firewall Behavior Settings.

I would switch it to ‘Custom’ and tick 'create rules for safe applications.
Also might wanna check Filter IPv6.

See if that helps?

Does the process that was allowed to communicate show up in ‘Firewall - View active connections’?

Use custom mode for the firewall.
Check your rules set for “contradicting” entries. Remove them. Press ok.

Answer with “block” if something wants to connect out. Choose remember my answer. Done.

But if you want to go the most complicated ways, i am sure any firewall would annoy you.

I use comodo because its simple, and it blocks. Strange, no? :wink:

Hello Ronny & clockwork,

Thanks for your replies and sorry for late reply (been away on business with no access to PC).

Ronny:
My setting is Safe Mode for Defense+ and firewall.

The process doesn’t seem to show up in processes, I believe once Comodo declares it a trusted it leaves it alone.

clockwork:
I wasn’t getting chance to answer “Block” it just allowed it through.

I’ve since removed it from trusted list and it didn’t change anything, that is, until I had switched the PC off and on again a couple of times! - weird and disappointing. It did eventually did block the app, but why so long to do so?

Thanks,

Rob.

Safe mode does not block ‘Trusted’ Applications, so you need to switch to Custom and remove it from the trusted files list.

If that’s really needed, the behavior from CIS will be more than broken. But it sounds really typical for Comodo.

  1. The TO stated, he has created a block rule for the application. The first point of the description of “Safe Mode” states, that the network security policy is applied. So it should be blocked.
  2. Either switching to custom mode or removing it from the trusted files while in safe mode should lead to a blocked application if CIS misbehaves in the first point as the corresponding certificate was removed from the TVL and there is a block rule.

Hello Ronny & BigMike,

Comodo has (eventually) behaved how I wanted it to, but after entering a file group rule for this app, I did expect it to immediately block the app. I restarted my pc in case a reboot was in order, but it made no difference, I then within Defense+ ->computer security policy → trusted vendors removed the vendor.

I may well of removed the wrong vendor, but in any case I would still expect comodo to block the vendor or its apps if I have any doubts (if this doesn’t happen then I’m not the captain of my own ship!).

A point slightly aside of the above, I was looking in Defense+ → Trusted Files and I would not be happy having to trawl through it having to remove the many entries from the vendor manually.

Thanks for your help, I will keep Comodo and reinstall with the hope it blocks immediately next time.

Rob :slight_smile:

I recommend to use any programs with a setting that you make on your own,
and to use as less automation as possible.

Autoquarantine can lead to serious problems.
Also “Safe mode” includes a kind of automatism. So i would not use that for the FIREWALL aspect!

To describe to you what i have to do ONE time when i start a new unknown program, and want to give it access to the internet:
Answer the question with “treat as OUTgoing only (UDP+TCP outgoing would be the working minimum, if you want to create that rule), remember my answer.”
Thats all. There is no real need to have an “automatism for a firewall”. Apart from, when people are allergic towards any questions, because expencive products tell them: “You dont have to do anything and you cant do anything (you are stupid), but dont forget to send us 60 dollars first.”

Stealth port wizard setting 3 is usefull to. So unrequested ingoing traffic (not requested by an OUTgoing request) will be blocked without question.