I'm moving from Zonealarm to Comodo, Help!

I’ve been using Zonealarm since it came out. I used it to mark which programs were allowed to access the internet. But I don’t like that I have to go check which programs are accessing the internet and then mark them as not allowed. They should never have been allowed to begin with. They also made that program editing window tiny to make it hard to work with. I just downloaded the Comodo installer and it looks like it installed version Wow there’s allot of stuff in there compared to Zonealarm. It looks like I would need to take a class to use the application. Can someone help me to just configure Comodo to pop up each time a program-process tries to access the internet and then allow me to ok it or not? And then where to go to make changes to those programs-processes in case I mark a process incorrectly. I just want the very least process to access the internet but still have the few processes I use to access the internet. I’m guessing there’s somewhere to go to tell it you want to manually ok every process? I searched for Zonealarm on the Comodo forum to see if anyone coming from Zonealarm asked the same question but did not see an answer to this question. Thanks for your help. Rich

Set firewall to custom ruleset mode then change the alert frequency to high if you want to get alerted for each destination port a program wants to communicate on. You have to make sure remember my answer is selected in the alert for the rule to be created for that application, which are then saved under application rules. See the help for more information

As someone who has gone this route for many years, let me give you some additional tips as I believe Comodo is great at this type of custom security.

Having the alert frequency set as high will cause an alert for every possible IP and port combination. When you get a blocking alert, it will give you the option of Allow/Block/Treat as. Allow or Block will make a single rule for that IP/port combination and you will still receive alerts for other combinations. Selecting Treat as, you will see Allowed Application, Blocked Application, etc. These will create application rules for all IP/port combinations if you’ve decided to fully trust or fully block an application. As a side note, understand that Comodo will freeze the blocked application until you choose. If you choose nothing and the alert times out, it will temporarily use the block option without creating a rule.

Many Microsoft programs will update in such a way that their directory path has a seemingly random string in it. So every update will cause new alerts. If you get annoyed with this, you can possibly modify the Comodo application rule to have an asterisk * in-place of the random string. This sort of thing will greatly reduce the annoyance of update related alerts but it means that something like a trojan dropper could take advantage of this if it knew this practice was common.

By default, Comodo Firewall will not allow remote incoming connections from addresses outside of allowed Network Zones that it auto-configures for your LAN. If you run an HTTP server or whatever that needs to receive internet requests, you will need to go to the Global Rules section and look at the catch-all block rule at the bottom. Otherwise, leave it alone.

This last section you may want to avoid if you don’t understand what you’re doing, as it intentionally reduces Comodo’s default protection capabilities. (Cloud lookup)
Lastly for an extra special configuration, it’s possible to automatically allow programs on the basis of their digital signatures. That’s “Safe Mode” instead of “Custom Ruleset”. Of course just switching it to Safe Mode means you’re trusting (what seems like) everyone under the sun that spent some money to get signed. Luckily you can go to the File RatingVendor List & File List and delete all of the Comodo suggested companies/entries. Additionally you will need to go the the File Rating Settings and uncheck most(not the last one) things there or else Comodo will ignore your small whitelist and/or repopulate it with cloud values. After that you can manually add signers to the Vendor List… such Comodo themselves or several of the Microsoft signatures. (Or decide which to trust ahead of time and not delete them to begin with)

If you want strong Malware protection then apply Cruelsister’s settings as shown in this video:

For easily customising Trusted Vendors List, follow steps of this video:

futuretech, I switched it to “custom ruleset mode”, I "changed the alert frequency to “high”, and made sure “remember my answer is selected”. And the help link helped explain that. I think with a few hundred hours of testing I should get it. But your answer pointed me in the right direction. You know the hours it takes to get these kind of things right.

jljtgr, your right, one of the reasons I have to move away from Zonealarm as like you said, the same program can seemingly create an endless supply of program versions even though you blocked the program once. I need to block a program once and not have to continue to block multiple versions it creates. As far as I know you cannot create that kind of rule Zonealarm. I don’t run an http server so that part should be no problem. The last part you talked about “digital signatures”. I just downloaded Comodo a few days ago so that might be over my head right now but as I play with it I will go back and look at it.

mmalheiros, I looked at the two videos but again being that I just downloaded the program a few days ago they might be a bit over my head.

I’m trying to make it most Zonealarm like where new programs pop up asking if I want them to see the internet or not. On a clean win 10 install with a fresh Zonealarm and all my programs installed there are between 100 and 200 programs-processes trying to access the internet. Of the 100-200 processes all I have marked to get through are 5 ish of the 100-200. But again, out of the blue Zonealarm lets others through without asking that I have to keep checking the block list and keep blocking new programs-processes. To get internet I only have to allow “Host Processes for Windows Services” (svchost.exe). Just that one accepted process allows internet to function. Then one Forefox.exe (even though there are 5 firefox.exe’s in the list). You have to test each one to see which one needs to get through for it to work. Only one of the 5 is needed. 1 Google Chrome.exe, 1 Thunderbird.exe. 1 Palemoon.exe. And that’s it. From there it’s like playing wack a mole having to constantly check the list to keep up with all the unnecessary processes that try to get through. I’m hoping I can get Comodo configured to let only these programs through with “Processes for Windows Services” (svchost.exe)" and then not have to play wack a mole. Rich