Kerio to Comodo Help

Ok, I apologize if this has been discussed before but I have been using the Kerio Personal Firewall for years and recently tried the Comodo Firewall (!). While I never had an issue getting Kerio to do what I want, I feel that I fail completely when it comes to the Firewall. (:SAD)

Could somebody please help me out and point me in the right direction to get Comodo in learning mode for applications (starting, input/output ranges) so that each application can be set up with rules (including the firewall)?

Where to set up how the software deals with attacks?

Is the application information database available for download separately so the program does not need to connect? When is the algorithm going to be published for peer review?

Can the firewall be configured to block ads and kill popups?

Thanks in advance…

Hi sv4u, I’ll try to give some answers below.

The most simple thing you can do is to install it and let it detect all outgoing connections, then create your rules. To add specific details, just go to the Application Monitor, mark the rule and click Edit. There you’ll be able to specify range and other things.

Go to Security/Advanced/Advanced Attack Detection and Prevention, click Configure and you’ll find some interesting options.

Sorry, I have no idea!

No, the firewall only monitors network traffic and application behavior. To block ads and pop-ups you’d better use a decent browser for that, I recommend Firefox - the most used browser on this forum (at least among those who answered the poll).

Hope this helped a bit,

One note to add to what Leoni has told you, regarding application rules. If you edit app rules to include IP ranges, you will have to change Alert Frequency (Security/Advanced/Miscellaneous) to match that level of detail, or your application rules will be overwritten with rules of a detail matching what the current AF level is. If you want to define a high level of detail, you will need to do so for every single application, as this is a global setting - you can’t set the AF level for individual applications. And as a note on that, you will be answering popups and creating application rules all day long…

Inasfar as Comodo’s safelist of applications, this is encrypted and not available for public (or malware) interaction. AFAIK, Comodo, as a private corporation releasing commercial applications (as opposed to open source), does not engage in public peer review in this regard; it is not a community collaboration. Files can be submitted by the community, but all testing, approval, and encrypted signatures are done solely by Comodo.

If you use a service to provide updated lists of known ad sites, you can incorporate those by hostname or IP address into the Network Monitor, to block access.

For software security, also see Security/Advanced/Application Behavior Analysis.


Thanks for the quick reply guys… (:HUG)

Leoni, I am going to reinstall Comodo in the next few days so I will pay attention to the Application Monitor. It is just that when I was trying to set up rules it did not seem to work. Did you use Kerio 4 at some point, was hoping a convert could give me some ideas how Comodo manages the rules…And I seem to remember trying to use the manual but not being able to find the functions…Could be just stupidity on my part though (usually not too patient if an application does not do what I want the first time… (:AGY) )

Firefox is not an option for me, just too slow…Too bad it does not come with web filtering though I might be able to live without that (sniff) if the program is just that much better.

And Mac, you lost me after application rules…lol Can I define individual rules or not? Again, with Kerio you can either set general rules (connect to trusted/internet) or set specific rules (advanced) for individual ports.

Comodo might be a private corporation but I don’t think it is a good idea to use security by obscurity. A program bug could render the security useless and while I am not advocating to make Comodo Firewall open-source, the encryption/security relevant part should be though. Not to mention the privacy concern, it COULD be used to spy on the users. And apparently you cannot download the complete hash file so the application does not need to connect each time. Imagine a corporate intranet that needs each terminal verified…eek!

Either way I will take a look before I upgrade the system here, it might be a viable alternative unless Sunbelt finally gets their act together.

Anyway, I appreciate the help, really do.

That’s why we’re here! :slight_smile:

I don’t know what happened as you say it did not seem to work, but try again, and we’ll be glad to help you out! I haven’t used Kerio, that’s why I gave a more generalized reply, for Comodo Firewall.

Ah, yes, it’s a bit slower than IE - at least to initiate. By the way, here’s a discussion on ad blocking.

As for Little Mac’s answer it goes a bit beyond what I do to configure my firewall, but I’m sure he’s kind enough to answer your question.

Comodo and privacy - this is frequently discussed here and there. Anyway, if we don’t trust Comodos products, then we’re not even open to the company’s core idea, which is trust. I’m not saying that you don’t trust Comodo, but anyone who is suspicious should browse around their website, as well as this forum, to see what they do and who they are. There are many, many things at many, many companies that could be used for spying. As long as one is online, it’s takes quite a lot to be truly anonymous… so the easiest thing I guess, is to be yourself, and to protect yourself from identity theft. This is where Comodo comes in, with all their products. :slight_smile:


Sorry for any confusion about application rules. It can be a little frustrating for some users, so I’m trying to explain it thoroughly.

Alert Frequency level is a global setting (ie, applies to ALL applications) that involves the level of detail in the rule. Very Low is Application only. Low is Application and Direction. Medium Application, Direction, & Protocol. High is App, Direction, Protocol, & Port. Very High adds IP Address to the previous. By default, it is set to Low (application, direction).

Let’s say you leave it at Low, but want to specify that Internet Explorer can only use destination ports 80,443 for standard web browsing. You can do that, no problem. The next time you update Windows, and that update includes any components or upgrade for IE, you will get a popup alert from CFP regarding the change. Naturally, you will Allow w/Remember for IE, as you are aware of the change. This will cause CFP to overwrite your existing rule to the level of detail in the Alert Frequency, thus removing your port specification; you would have to go back in to re-add those ports. If you chose to Allow without Remember (so as not to overwrite your rule), you will continue to receive alerts for IE every time you use it.

On the other side, let’s say you move the AF to Very High, because you want to control the IP addresses that svchost.exe is allowed to connect to (for Windows Updates, time server, etc). This setting will apply to every application that you allow to connect to the net. So every time you open a new website in your browser, you will get a popup from CFP about it (because IP address changes). If you Allow w/Remember for these, you will create multiple Application rules for IE that are all the same except for IP address information.

Where it can be confusing is that regardless of the AF level you select, the popups will include Application, Direction, Protocol, Port & IP Address. Any rules you create from popups will only have a level of detail equal to the Alert Frequency level.

So the answer is, yes, you can create individually-tailored, detailed application rules. Just keep in mind how CFP’s Alert Frequency level works in relation to that.

A lot of users have expressed concern over various aspects of privacy and Comodo, responding to their own fears and (mis)information published on the web. As Leoni notes, you can find plenty of threads on that here (and elsewhere). Comodo has always gone above and beyond to respond to and provide information regarding user privacy. They have discontinued one product (trust toolbar) and changed their software activation process due to concerns about privacy (even tho’ these were shown not to be any risk). Their position is basically that being in the business of creating/developing internet security/privacy TRUST, they’d be fools to do anything that would negate this. Anyone is fully welcomed to run a packet sniffer on any connections that any Comodo product generates, to investigate to their heart’s content.

Not sure what you mean about the full hash not being downloaded… If you’re talking about the safelist being updated, CFP needs to connect to their servers to get updates to the list; the full available list is installed when you install the application, but must update from there, just like an antivirus updates its definitions. At present, this list is relatively small. The next version of the firewall will feature a much larger list, and the ability to profile your system to build a local custom list.

For the ad-blocking, if the only browser issue is speed, then you might try Opera or K-Meleon, as both are faster than Firefox and provide the ability to block ads, popups, and scripts. There are also applications like SpywareBlaster that will integrate block lists into IE (or FF). You can also sign up for services that will provide you a hostname to use in your firewall to block such sites; this would be added to CFP’s network monitor (threatstop is one of these).

Hope that helps answer your questions.


Ok, so let me see if I understood the rules, you can define specific rules but they will be destroyed unless you stop the application which is about to run, update the detailed rules, and then restart the application? Why is it so badly implemented? Did the developers ever explain the purpose of that design?

And I appreciate Comodo seems to be so concerned about privacy issues. What I am concerned about is the safelist format not being disclosed. In addition, it would be advantageous to be able to download the complete signature set or updates for easy deployment as can be done for anti-virus products. Oh I guess at this point I could come up with seemingly endless ideas for a wishlist…lol

In the next few days I am going to try to experiment with Comodo’s firewall and will post results here (or not in case of unexpected downtime…lol). If a former Kerio PFW user reads this, I would appreciate any input.

As much as you would like to see the safelist, imagine how much more malware authors would like to see it. IF the safelist was user visible/editable, it would be vulnerable to having non-authorised entries inserted into it.

Ewen :slight_smile:

What’s wrong with an ASCII file that is converted and encrypted locally? Using a password it would be easy enough to prevent access. Using a public key for encryption would enhance usability since the private key could be on a removable medium that can be disconnected or is an encrypted partition. It might even be possible to encode the private key into the application when first started.

By not disclosing information, only malware authors are going to check whether or not the information is safe. ASCII files can theoretically be compared by just visiting the web page here or using a file comparison tool (or supplied by the admin on a network). Descriptive names = user able to indentify malware if it has been introduced or if they are not needed (unless the program security is broken but that is what checksums are for, both integrated and separate with private key).