New to comodo - worked perfectly, reinstalled, and it now "acts differently"!

Hey all,

Ive recently moved over to comodo firewall since SPF gave my new computer network errors.

It was working perfectly, and then i had to reinstall my system due to unrelated, unsolvable issue. Now, with a clean(ish) XP running, i cant help but notice the firewall is behaving somewhat differently.

By this, i mean that despite trying to set it up as i had it before, i get various pop-ups about System, svchost and alg - all system processes. To stop the pop-ups, i have to allow them/“remember them” - which i never used to do? i.e. to stop some in my App. Control rules i now have 2 rules for “system” (any, any, in, out - allow) - which never used to be there either.

Just woundering why all this is suddenly popping up, when it didnt before?

As ive said, im a new user and still have no idea how to set comodo up properly!

Thanks in advance for any info/advice/tips etc!

Hello AvengerUK, welcome to the forum!

Difficult to tell why there is a difference, without knowing your exact system setup before and after. However, getting a few pop-ups in the beginning is normal (and good).

The simple user (like myself - no LAN, no gaming or other network things) don’t have to configure anything, in my opinion. Just decide which programs to allow, and if any program should be blocked. As for network settings, the default rules in the Network Monitor should be fine. Also, under the Advanced tab, I’d say you don’t have to change anything.

So my advice is to rely on your settings, and check out the different options to learn what the program is capable of!

/LA

Thanks for your reply Aquila,

I have made some changes to the current settings (same as last time) because of gaming + the LAN im on, which is to disable Application behavior analysis, (as that tends to block things i wish to allow!) and to also have the rules (see screenshot!) - of which is the “system” parts which never used to appear.

Because there set to “any” in/out (by default “remember my answer to this application”) - it just made me a little uncomfortable (as in my last firewall, something similar would allow anything…and cease being a firewall!)

[attachment deleted by admin]

Hi, (:WAV)

The latest Windows updates have added for some reason some off road traffic that makes CFP’s behaviour analysis wonder. I’ve gone through it and now the system is calmer even though I allowed without telling CFP to remember anything new, so maybe this traffic is somehow brougth by the latest updates, but not to stay. Maybe just Bill Gates stealing your private data, :smiley: kidding.

Anyway behaviour analysis is just another layer of protection that you won’t find in many other firewalls, but you’re pretty safe without it as well. Especially the OLE stuff which tends to generate most alerts, since it’s part of Windows’ normal operation --but it can also be exploited by malware to get Internet access through trusted programs (both child and parent). You can also leave behaviour analysis on in general and skip it for your trusted programs or some of them.

Judging from your app rules you haven’t scanned for known safe programs, maybe you did for the previous installation and that’s why you’re getting alerts for apps you didn’t hear about the other time, even regardless of behaviour analysis. You can do this so that CFP automatically creates the necessary app rules by going to “Security > Advanced > Tasks > Scan for known applications”.

I think svchost.exe does need Internet access, System doesn’t as far as I know but I guess it’s safe to allow anyway, and alg.exe is necessary to share files and printers over a network and may be blocked otherwise but anyway safe too just like any other Windows app --when it isn’t being exploited.

Also for your LAN I think you need to define a trusted zone, there’s an assistant for that in the settings that will create the necessary network rules.

Hope this helps :■■■■