Hey everyone, I have an itnernet stalker who threatened to hack my computer many months ago…i finally wizened up and got a friewall(thought malwarebytes and super anti spyware, plus anti keyloggers were enough)
anyway, im very confused with comodo.
1-it seems to constantly block intrusions. The internet has been on for 5 mins and it has already blocked 200, and it seems to increase as time goes on.
2-if i click on ‘‘outbound’’ i see a ton of connections between my ip and other ip’s.
3- I am not sure what the ebst settings are…idk what safe mode, clean pc mode, paranoid mode, etc is.
4- when i set the firewall into paranoid mode, i got a lot of alerts…it seems someone is really trying to hack me!
5-when i go to firewall settings and global settings, and i try to block ip’s or tcps or anything else, my internet gets blocked too…what am isupposed to be checking here?
6- basically how do iget rid of, or atleast determine if im being hacked? Can you tell me the proper settings? Why is comodo having so many outbound connections, and why is it blocking so many intrusions?
Do you use a router and is your computer then part of a home network? A router will block many incoming attempts, in fact, most of them, before they ever hit your computer. If you are connected directly to the internet, like only through a modem, your computer’s firewall will intercept all attempts and you will see a lot more “intrusions” in your statistics. Being behind a router, even if you only have the one computer in your house, is a lot more secure than connecting directly as long as you enable it’s built in firewall.
I would put the Comodo firewall in Safe mode. In that mode, only connections from unknown sources or new applications that haven’t been seen much before will be monitored. All known things in your trusted lists will be allowed to do what they need to in order to function correctly and you will see no alerts. Leave the cloud functions turned on as well. That greatly increases your protection from new malware and enables Comodo to keep a more up to date database of what to trust and what not to.
Rest assured that even with the default settings of CIS, you are far better protected from malware and hacking than you were with your previous setup.
thanks for the reply!
Yes I do use a router with wpa 2 psk security, qss/wps turned off, and a 63 character password.
The comodo however shows a lot of ‘‘outbound connections’’ some by svc host, some by windows explorer, some by my antilogger(only one)
I have tried looking for the stealth wizard, but i cant find it. i dont see a proactive mode either lol…im lost.
Id like to close my ports, and block outgoing connections.
fyi, ive been using it on safe mode, so yup, no alerts.
been on the internet for 5 minutes today, and it says it blocked 70 intrusions…it says firefox wants to modify my key?
oh btw, when i had it in paranoid mode last night, i denied firefox access to my keyboard, and now in order to use my keyboard each time i open firefox i need to disable comodo, type text, and then put it back on safe lol.
would be relieved if i could give firefox access again…thought it was a keylogger.
one last thing, norton blocked the zemana logger simulation, but i never got an alert from comodo, perhaps because it was in safe.
I would recommend that you use the configuration I suggest in this article. From there you can tighten the Firewall a little more if you wish, but it should not be necessary to change the Defense+ settings.
Also, with CIS some keyloggers will be able to log keys under some settings. However, this is not a real problem as the Firewall would not allow them to transmit any data without you explicitly allowing the Firewall alert.
Please set it up as I advise and let me know what questions you have from there. Those settings are a very good starting point.
still going through your articles. i just opened killswitch, and didnt see a ‘‘hide safe processes’’ , so i did ‘‘only show untrusted processes’’. it says no items are shown, so i guess i did that right
what if comodo is trusting something that is malware though?
here is a screenshot of the autorun analizer. these are ‘‘untrusted’’
I traced the first result to a file ‘‘gathernetworkinfo’’ but when i tried analyzing it in valkyrie, it didnt show up in the list of files to upload…
btw, comodo says it blocked 1084 intrusions, and when i click on the number it says firefox is modifying key…this is crazy…or normal?
You did this correctly. The wording has changed. By the way, which of my articles was this from?
This is possible. However, there are so many safeguards against this that it is very very unlikely. For example, my article about How to Know If Your Computer Is Infected relies on Comodo correctly trusting files. However, in the years which it has been up I have never had anyone find that a computer was infected without that approach seeing any suspicious files.
The option to “Show Only Untrusted Processes” only affects the processes tab. Thus, it is normal to see all of the connections in the network tab.
I do not see a screenshot. However, I will let you know that gathernetworkinfo is actually safe. It is shown only because there is an unfixed bug for Comodo KillSwitch.
How do you have CIS configured? Did you follow my advice exactly or did you make additional changes? If so what changes did you make? This may be normal behavior, it just depends on how you configured CIS.
I would first like to again thank everyone in this thread for their continued assistance, replies, and support.
Now, in reply to this post, I configured the firewall, exactly as you instructed, with one exception. I did not disable HIPS. Your article said, enabling it was unnecessary, but since you didnt mention any HARM in leaving it enabled, I left it in safe mode.
I would like to point out that before applying your instructions I was blocking 1200 intrusions, but now it says 0. Idk if this means your instructions helped kill threats before they tried to intrude, or if it means that I am not being protected as much?
btw, I sent you a pm earlier, I jsut wanted to make sure you received it?
Leaving it enabled will cause you to get more alerts. If you like that it can give you more granular control over applications, but not necessarily more protection.
This is probably normal.
I have responded, and if the issue continues it would probably be best to continue that discussion in this thread.
