I installed the program and made a few settings. I set my email program and browser as trusted and set the updater programs to be blocked. Then, I connected to the internet; bam! hundreds of programs going outbound and stealing my computer blind, and not a single interrogation if I wanted to block or allow.
Question: How do I find the list of programs allowed to go outbound. In reading there seems to be one.
Question: How do go about intelligently blocking programs that I don’t even know about from going outbound.
The outbound conections you are seeing are CIS’s connections to the Comodo Cloud scanner and file lookup service.
Typically, this will occur the first couple of times you boot your system after installing CIS. It will rapidly diminish and soon after stop (until you install an unknown app).
Q1) How do I find the list of programs allowed to go outbound. In reading there seems to be one.
CIS does use a whitelist of well over 1.3 million known good apps. Unfortunately, this whitelist is only acciessible to CIS and it is not readable by the user.
Q2) How do go about intelligently blocking programs that I don’t even know about from going outbound.
If you want to see alerts for every outbound connection, right click the system tray icon for CIS and change the Defense+ configuration to PARANOID MODE. This mode wil produce alerts for each and every application that is attaempting to start, interact with other apps or establish an outbound connection. Similarly, changing the Firewalls configuration settings to VERY HIGH will produce alerts for each and every inbuond or outbound connection attempt.
Please note - make the two changes shown above will give you a high degree of control over what can and cannot connect. In doing so, it will also give you a far higher quantity of alerts to deal with.
Where you establish the trade-off point (security V. convenience) is entirely up to you.
Comodo very kindly sets up rules for your e-mail and web browser which can be selected from the firewall pop up when you run those programs, although, since you’ve made them trusted you probably will never get a pop up.
You can see the predefined sets by clicking -->Firewall -->Network security Policy -->Predefined policies
Personally, I would never make my browser + email trusted, just because you are giving it free reign with no set of rules to follow.
at panic
QUOTE
“If you want to see alerts for every outbound connection, right click the system tray icon for CIS and change the Defense+ configuration to PARANOID MODE.”
i would say, control about connections you will get with a firewall setting .firewall should be in custom mode to have control about any adding of a rule.
.firewall should be in custom mode to have control about any adding of a rule.