Knowing what to block and allow.

Hello all
I just installed the firewall.
When I restarted the first thing which came up was a detection of a new private network.
I tracert-ed the IP and it lead immediately to me so it must be safe so I allowed it.

Then I windows popped up from the bottom right corner saying that some random IP wants to connect to system (really?) I tracert-ed it and it went over 25 hops increasing delay to 100-200 and then a request timed out appeared so I blocked it.

The next thing which came up was again a popup from the firewall when I started Skype. I traced the IP and it lead to another major service provider in my city so I thought it was a random person from my town trying to access me so I blocked him. At first I thought I have blocked skype because in the “outbound connection” skype was being blocked, but then I started talking to a friend and it worked.

My question is how do I know what to block or allow? ( I forgot to mention that when I started nmap a popup appeared which asked me and I allowed it which was the obvious choice…just wanted to mention that)
I am not complaining about popups asking me to block or allow. In fact I like them because in that way I can control the IPs trying to access me (I really enjoy scouting people :D)

Also I want to say that I like the firewall (well I have been using it for 2 hours now :D)

My last question is:
During the install I was asked to choose between 3 kinds of setting I think:
Firewall + something
Firewall + something and something else.

Not knowing the quality of the firewall I chose the first one (I thought it was going to install some additional trail software that is being advertised or sth)
Can you please tell me what I’ve missed?

Thank you!

Welcome to the forums headbuster.

Can you tell us a bit more about your network situation? Are you cable or ADSL? Is there a router in your network set up? YOu made a trusted network. Can you tell us the address range the network is in? Look under Firewall → Firewall Security Policy → My Network Zones.

When installing you probably saw as shown in STEP 6 - Firewall Configuration (scroll down to find it). Then you installed the network firewall only. The other two choices would have installed Defense + with two different levels of protection. Can you take a look in the main screen and see if there is a button for Defense + or not?

On a side note. There is no hidden catch here. Whatever you would be installing is totally free of charge.

I use the complete suite with Firewall, Defense + and AV all integrated. Choice of AV all boils down to a matter of choice. Having both network firewall and Defense + is what I would strongly advice to have.

Defense + is a socalled Host Intrusion Prevention System (HIPS). Which can be called a system firewall; something that looks under Windows hood to keep an eye on what programs are doing as a measure to keep bad guys out.

Thank you for the answer EricJH

First of all I am using cable and I am not using a router.
The trusted network is:
Ip in /

This is the tracert:

1 <1 ms <1 ms <1 ms MyPCName-PC []

After the install I noticed the Defence+ and enabled it to Clean PC but today when i started the computer I noticed it is off and the “deactivate defence+ permanently was ticked” so I set to Clean PC again and will restart now for the changes to take effect.

Also I am using nod32 as my AV (paying for it no pirate) and I think it’s a good combination with the firewall.

Thank you.

Hey and Welcome to the forum! :slight_smile:

make sure that nod32 isn’t block comodo; there have been several cases that shows that nod32 and comodo firewall are a bit incompatible.

If I were you I would use CIS5 and nod32 as on-demand scanner; nod32’s proactive scanner is not that good:)


Well it seem that they are working together pretty good for the moment. I am not having any issues regarding their compatibility with each other.
I hope nothing comes up in the future. I really don’t want to change my AV. I have been using it for 2 years now an it catches lots of stuff :slight_smile:

Since you are using a modem and no router. First thing I advice is to set the firewall to stealth settings. Go to Firewall → Stealth Ports Wizard and click “Block all incoming connections and make my ports stealth for everyone”.

Now the firewall will not alert you anymore for unsolicited incoming traffic. The baseline is that we don’t want to answer to these alerts. When applications, p2p programs, when you run a server etc, need an open port for incoming traffic you can add that in Global Rules. When using a router you won’t see the alerts because the router drops the unsolicited access requests. The standard settings work best for people behind a router (LAN).

If you would decide to install D+ and have the sandbox enabled (default settings) Comodo will do a very good job of isolating malicious software in the sandbox even without using an AV.

During the development of v5 it was tested by letting it respond to 15,000 pieces of malware. None of them could infect the system. It was allowed to run but with limited rights keeping harmless and in check and would not show up after reboot. That’s the real strength of Comodo Firewall with D+ apart from being a kick ■■■ network firewall. It helps to keep malware out in the first place.