Is comodo Free Firewall the right product for my site?

Apologies for the long question.

I have 10 PCs. Windows 7, 10 and Linux Mint. For this exercise I’m only concerned about the Windows 10 PCs because Windows will ignore rules on it’s own firewall if those rules attempt to block any of Microsoft’s telemetry (according to reports from multi security researchers). Assuming this to be true I will have to replace the Windows Firewall with a 3rd party product.

I am looking to block incoming and outgoing traffic for a set of about 300 IPs/domains and a couple dozen applications. Some of those applications are Windows executable such as wscript, notepad etc. I run a 3rd party AV (Currently Avast Free).

The PCs have differing hardware specifications. The Windows installs are customized using MSMG Toolkit to de-bloat Windows. Windows is always installed with all NICs disabled to prevent any internet access by Windows during the install phase. After installation a script is run which tweaks several hundred settings (Like task bar, explorer settings, etc), and installs several applications. Once the script is finished it enables the NICs and reboots the PC.

It is during this script execution that I would like to silently install the Comodo Firewall, without the Dragon browser or any 3rd party offers, or changing my DNS etc The only component needed is the Firewall.

There seems to be no offline installer for the firewall, and I can find no information regarding a silent/automated install for the product.
I want only the firewall functionality - Nothing more - nothing less, but the CFF product seems to come with a plethora of other “features” some of which I can disable, and it seems some I cannot. Eg there are 4 processes running, one of which is cavwp (Which I assume to be part of the Comodo Anti-Virus Product?)

Is this the product for me?

Assuming yes, is there a way I can import the windows firewall settings? It would be rather tedious having to manually input each and every rule. TBH, I’ve only taken a quick look at the product. I would then want that configuration automatically applied to every machine after the install of CFF via the script.

Is this doable with this product or am I in for dozens of hours of manual Installation and configuration every year (which is how often I will be upgrading Windows 10)?

thanks for your assistance.

You can extract the msi installer from the offline installer and pass INSTALLANITVIRUS=0 INSTALLFIREWALL=1 as parameters to the installer. To double check you can normally run the offline installer and check the temp folder for the installation logs and see which arguments are used.

No you can’t import windows firewall rules as they are saved in a different format to they way CFW stores rules.

Shame about the inability to import… Looks like I have many days/weeks work ahead of me. I hope it’s worth it.

I’ve tried to extract the MSI from the exe using Winrar 5.61 but it tells me the file is corrupt, yet it runs and installs without issue. How do I extract the MSI file?

If I am only using the Firewall do I have to have the cavwp.exe service running. Seems a little heavy on resources (4 processes), just to run a firewall.

Try extracting the .msi with 7zip
CFW is light on every system, i personally installed it on some crappish hardware and it runs quite smoothly with classic theme and in basic mode even on 15 years old machines.
cavwp is part of firewall as well, it should be part of the file lookup system.
Regarding the settings import…it’s pretty normal that you can’t import (or export) rulesets or config from different products and different software houses, like are MS and Comodo. But you can copy the wanted settings on one CFW on one machine and then export the config file created from CFW and import it on every other CFW on the other machines. In this way you won’t loose time creating same rules on every CFW client

It does not extract an MSI file. It extracts the individual files and folders.

Understand. I just find anything that runs lots of processes to be a PITA. Developers these days seem to have no concern for this sort of thing, and it’s not uncommon to see Windows 10 systems running 200+ processes. Anyway, it is what it is.

I expected that outcome, but it was worth asking I’ve now just got to motivate myself to spend a few days adding rules one by one…

Yes, I did see that. Thanks

EDIT: The show stopper for me though is going to be the silent installation of just the firewall. I’ve seen some posts here about the command line, but they all refer to the .msi file, which I can’t seem to find. The post Install script is run when Windows has no network/internet access.

Well, I finally found the MSI file buried n one of the subfolders, and installed with

msiexec /I cis_setup_x64.msi INSTALLANTIVIRUS=0 INSTALLFIREWALL=1 CLOUD_ANALYSE=0 FWFEATURES=0 SET_HIPS_STATE=0 SET_BBLOCKER_STATE=0 HIDE_SECURITY_ALERTS=0 SEND_STATISTICS=0 INSTALLDEFHOMEPAGE=0 INSTALLASKDEFSEARCH=0 /Quiet /NoRestart

On Windows 10 1809.

The sole purpose of testing this product was for telemetry reasons. Imagine my horror when I found that one of the first things I saw when I installed Comodo was that it installed telemetry components, which I could not disable.

It also came with a bunch of other “features”, most of which I could disable, some of which I could not. All I want is a firewall, nothing more, nothing less.

After several days adding rules and watching tests with Wireshark, Process Monitor and PC Hunter, some of the applications and IP addresses I blocked were still able to get past the firewall. That might be my lack of expertise with this product, but with almost two dozen hours spent, it got to a point where it just wasn’t worth it any more.

One final test - Use a VPN with Comodo running - When Comodo firewall is installed I cannot connect to my VPN. exiting the program didn’t work… In fact, nothing I tried worked. I could not get the VPN to work again until I restored my system from an image before I installed Comodo.

So, the answer to my question - the subject of this thread - is sadly “No this product is not suitable for my site”…