I’ve been reading the forum and have learned quite a bit.
Running WIN XP SP2 on an HP laptop.
I just installed Comodo Firewall. I like the interface and certain functions work well, but I have a couple of questions. As a previous Zone Alarm user, I am looking for a comparable function in CF.
Most of my programs connected without trouble (Mozilla, Thunderbird), especially after using the wizard to scan for known applications.
But…
I cannot get Comodo to allow (or even recognize and ask about) the Ewido update function. (Yes, I know Grisoft bought it, but I updated it fine last week.) CF does have the scanning engine in its list, but update will not work. I tried putting it into trusted applications and adding it to applications rules list, but neither of these attempts was successful. (I browsed to the ewido.exe file in Programs but didn’t know what “Parent” file to use and telling it to skip the parent file also did not work.) Can anyone tell me how to set Ewido (or any program) up manually?
My second issue has to do with allowing applications to act as servers. In Zone Alarm, I did not allow any app to act as a server—and I want to do the same thing in CF. But, I can’t find where to do that. Are programs automatically prohibited from acting as servers?
I ask because my Netscape browser was not set up by scanning for known applications. When I try to start Netscape, I get “Netscape wants to act as a server.” If I deny it server rights, I cannot connect. CF says it is an invisible application.
Any help, brilliant knowledge, or simple instructions would be appreciated. I haven’t done any programming (or worked in DOS much) since Microsoft took over the world.
In CPF, go to Security/Advanced/Miscellaneous, and move the Alert Frequency slider up to High or Very High. Uncheck the second box from the top, “Do not show alerts for applications…” Reboot for good measure. This will obviously increase your alerts.
Then start up Ewido, and do an update if you can. You should get an alert for it. Set to “Remember” and Allow it. Then you can lower the Alert settings back down… You can also try making an Application Rule for it manually. Go to App Monitor, Add a new rule, find the Ewido update program for Application, for Parent, set it to “Learn”. Then OK.
If you look at that alert for Netscape, I bet it says that the parent is svchost.exe or explorer.exe. At any rate, this is an internal thing, not external; it’s the way the apps communicate with the localhost (system), and how CPF monitors it. If you look at the IP address, you’ll probably see 127.0.0.1, or your router (presuming you’re behind a router). It shouldn’t be something you have to worry about.
If the IP is 127.0.0.1, you can go to Security/Advanced/Miscellaneous, and check the two boxes for “Skip loopback connections…” You can gain an even greater measure of control over all applications by going to Sec/Adv/Misc and unchecking the box, “Do not show alerts for applications certified by Comodo”; if you increase the Alert Frequency with this as well, you’ll get all sorts of popups telling you that programs are trying to connect.
You can also create a rule for Netscape (or edit what’s there already, if there is one); under the Miscellaneous tab for that rule, make sure that “Allow Invisible Connection Attempts” is not checked. Click Ok.
That’s it for now. HOpefully that helps you out. If not, or if you need more clarification, please ask…
Sounds like some of the things I tried already, but I will go through it all again step-by-step.
It still leaves the question–how do I make sure programs/apps are not acting as servers? That is something I want to prevent/block as I did in Zone Alarm.
Lots of new terminology to learn…
I won’t get to trying it out until Monday, then I’ll update here.
As I understand it, in non-technical terms, it’s not doing what a true server would do. What’s happening is that the application is “listening;” ie waiting for action to occur. “Acting as a server” is the way it’s reported; a bit confusing, but it doesn’t mean that it is “being” a server.
If you stop it, as you’ve seen, you lose your internet connection. When you look at the popup alert for Netscape, do you see the Parent as svchost, or system?