I think there should be 4 pre-made rules (presets if you want) for Network Monitor
OFF (Network Monitor disabled) Stealth (Blocked all inbound ICMP Echo Requests) Super Stealth (Block all inbound IP requests & allow only outbound IP requests, basically default settings which are enabled out of the box when you install CPF at the moment v2.1.1.1) Custom (leaves user a full control over rules).
Settings for Custom should be saved separately so they remain even if you switch to Stealth in between and then back to Custom.
These 4 options should be placed in dropdown menu under Network Monitor, so users can change it easily.
I’ve checked the machine and got a green status for stealthing (based on GRC.com).
So i think it’s ok. Plus it appears to work just fine with eMule (which doesn’t get HighID if i leave default Network Monitor settings aka Super Stealth).
Just a hint and i hope you’ll impliment this soon. If you need more info or what i meant about something specifically, feel free to ask Also feel free to comment this
Hi RejZoR, is this network rule really necessary? Its been some time ago that I tried sygate sos testing site ,but cpf passed icmp test and all the others with the 2 default rules.
Yes, Comodo Firewall indeed passes tests with default Network Monitor rules, but problem is that it’s way “too secure”. eMule for example simply fails to obtain HighID status (which is required for painless data transfers and clients communications). LowID is ■■■■ because it’s slow and produces loads of overhead. Using just ICMP Echo blocking keeps your PC hidden, though it allows other programs like eMule to function correctly.
No, i’m using direct connection based on PPPoE ADSL. Rules are fully open for eMule (all ports and all IP addresses are allowed, inbound also allows invisible connections).
Now if i left Network Monitor rules as they are, eMule failed to obtain HighID, but if i disabled Network Monitor it failed stealth tests on GRC.
Also please note that i have WinXP SP2 firewall disabled. Comodo firewall doesn’t disable it, so most of users are still running it, thus resulting in stealthed status even if you disable Network Monitor module.
So the default in CPF is “Super Stealth (Block all inbound IP requests)” this makes you stealth, even if you have “act as server” permissions.
But I think with Stealth (Block all inbound ICMP Echo Requests) then any “act as server” permissions would allow inbound IP requests as they no longer have a rule to block them and so you wouldn’t be stealth.
The sygate scan site used to show many ports as Closed when GRC said they were all Stealth. I could only stealth Sygate and Kerio when there were no “act as server”. Its up to you but maybe try some other scan sites too.