need help as a new user

Hi - I just installed the CIS and have some issues right out of the box. I hope someone here can help me. First off, I really don’t know how it should be configured and can’t seem to find much on the subject. This is what has happened and after reading, maybe someone can give me some suggestions. While installing, CIS wanted to run a scan to see if my computer was starting off clean. It was. After installation, I had it run a full scan and it found 13 instances of malware. Most of these I recognized as trusted programs, but some I did not recognize. I don’t know what to do. First it says my computer is clean and then it says it isn’t. I went online and did an F-Secure scan and it said my computer was clean. I then did a McAfee scan and it said I was clean. I am guessing now that these are false positives, but 13?!!! I can’t imagine placing these files I do not recognize in a safe folder of some sort, but maybe that is what I have to do. Or maybe I just have CIS configured wrong? Help please! My other question concerns the firewall. Tell me if I need to start a new topic. It is also a configuration issue I think. It doesn’t seem to be blocking anything. Thanks in advance to any brave soul that offers to help.

It is possible they are FP (false positives). This link shows how to report FP’s.

Concerning Firewall configurations, make System and svchost.exe ‘Outgoing Only’.

svchost.exe - firewall/network Security Policy Locate svchost.exe and select it then click Edit. If it is not there (yet), click ‘Add’/Select/Running Processes. Scroll down and select svchost.exe (any one will do).
Select ‘Use Predefined Policy’, and select Outgoing Only’ from the dropdown box.
Click ‘Apply’ and ‘OK’.
The same method will work for ‘System’.

Also, when you installed CIS, it reported after the first reboot it detected a new network. This is your network between the computer and either a router or the Network Modem.
I am assuming you allowed this. Go to Firewall/Stealth Ports Wizard and select ‘Stealth my Ports to Everyone’.
You should now be secured.

Thanks. Will do as you suggest and report back. If I have a network (2 computers sharing an internet connection and print & file sharing) would I still stealth the ports to everyone? As you can see, I don’t understand this very well. Also why would I not see any evidence that the firewall is blocking anything. I guess I am used to other firewalls that log every time anything is blocked. Also as to configuration, what level should antivirus, firewall, and defense + be in?

First off, I really don't know how it should be configured and can't seem to find much on the subject
If your going to install a new program and comodo pops up. Click on Installation mode(something like that) and make sure to have the check mark "remember my answer" (also click on "yes" in installation mode)
what level should antivirus, firewall, and defense + be in

If you know for a fact your computer is clean, put it in “statefulll mode”

If you hate pop-ups leave defence + alone

Change the firewall settings (click on advanced) to see this “Firewall Behavior Settings”
change it to custom mode. That way you can decide on what programs can go on the internet.

hope this helps you :slight_smile:

After scans with F- secure, McAfee, Norton, and Blink, and none of them found anything, I am still amazed that Comodo found 13 instances of malware. I submitted all 13 and then released them from quarantine as I am sure they must be harmless and my programs such as nero and my brother printer will probably not work right without them. I configured svc host and system to outgoing only as you suggested and still need to know about stealthing. I note that my antivirus is configured to stateful, firewall to safe mode, and defense + to clean pc. This is all the way it came, I changed nothing. Does this sound right? The other querry about the firewall is still pending. Any idea why, after 2 days, it states that it has blocked nothing? I have dsl and I can not believe the firewall has just sat there and had no work to do. By now, other firewalls I have tried would have reported hundreds of blocks.

Sorry to ■■■■ in :slight_smile: but can I just say a quick thank you to JB for the tips regarding svchost.exe and System.exe.

I didn’t know this and have adjusted my FW here accordingly.

Cheers

:slight_smile:

You are welcome, Tsec.
Btw, Beth1949, Welcome to the Forum.

The other computer and printer are located within your ‘Trusted’ local network.

Below is a pic of my Global rules. (I use eVPN, this is the second network). I have my ports stealthed, on a per case basis (I use P2P software). As you can see, ‘Trusted Network’ means anything in and out within this network only. Individual firewall rules will control what software can do within this network.

I have a wireless router between my computer and the Cable modem.
Any other computer (wired or wireless) can see my computer and the folders and printer I share on my system just as I can see them. This is also provided they are connected to my network (i.e. connected to my router - wired or wireless).

So to answer your question, Yes, the other computer can see your computer and the shared printer and folders you have set up.

[attachment deleted by admin]

Many DSL modems have a built in router. If this is the case with your modem, then the router is actually doing most if not all of the work due to NAT addressing. So yes, it is normal to see no or very little activity on your logs.

If other firewalls you’ve used were showing blocks with this same setup, it is likely that what they were showing you was normal chatter from your router or ISP and not any actual unwanted activity from the internet.

I’m behind a router and my activity logs are a ghost town.

I want to thank those who responded to my posts, but I believe I wll uninstall CIS and try something else. I still can’t determine that the firewall is working. I disconnected the router and plugged the computer straight into the modem (according to the isp this modem does NOT have a built in firewall) and still after several hours, the firewall has blocked nothing. Either I am the only person in the world who does not need a firewall, or it is just too difficult for me to configure. Also the antivirus just has too many false positives. I really appreciate free, but if it doesn’t work properly, free doesn’t mean much. Thanks again.

i downloaded this software because my computer shows that i’m infected with viruses when it rebooted itself without me restarting it myself so i don’t know if you can help me fix this plus the virus update won’t update to show that i’m safe or not please help

Hi kitkat. Can you please open two separate topics for the two problems you describe? this way your problems will get all the attention they deserve.

For the malware infection open a topic in Virus/Malware Removal Assistance board and follow What to do if you’re infected - eXPerience Rev.3. That gives you a good start.

For the update of the av database the following. After installing CIS there is a fairly big download of 40 MB waiting. Downloading and installing this may take quite a while. Especially for people on dial up (I have seen one report stating it took 4 hrs). During this process the update progress indicator will stay at 30% for a long time. My advice for now is to give it time and when time doesn’t help open a topic in the Anti Virus Help board.