<newbie> - trusted vs blocked network for internet -- solved !

Hi folks,
new user here, first let me thank everybody involved in making and supporting this fine free product !
Your efforts are highly appreciated …
FAQs read, some forum & www research done, Chiron’s great guide, a few important Qs remain, please help even if they might seem trivial for a longtime user. All I need is some initial help …
I’ve been setting up everything nicely over the last 2 days, antivirus, behaviour blocker - but a few central Comodo firewall concepts still confuse me.

Here’s my situation :

  • 2 separate networks, one completely trusted LAN, one WWW via router which should follow some restrictions:
  • browsing (Firefox, Opera), mail (OE6) and 2 or 3 specials (freedB lookup etc) should be allowed, everything else blocked.
  • the LAN should be “trusted”, ok, works.
  • if I set WWW to “blocked” I can’t access it with either program, even with the related application rules (browser, mail client) applied - but I can’t really leave WWW “trusted”, can I ?

I got along fine with the learning mode on other firewalls, but can’t get it to work on Comodo so far.

  • basically what I’d like is - I install a tool (not just any ■■■■) from the net, during install it tries to phone home, I’d expect the FW to ask if it should block or allow www access, once or permanently.
    How would I set this up here ?
    Training mode is activated, but e.g. EAC gets www access without any Comodo action.

Any help appreciated, once the basic issues are out of the way, I can work out the details myself, I hope …
many thanks,
balmora

Training mode will automatically trust all programs on your computer. I think you should switch Defense+ to Safe Mode and the Firewall to Custom Ruleset. For the firewall, this will give you the option to create rules for all programs trying to access the internet.

This is just a start, but let me know if you have further questions.

Thanks.

Hello Chiron,
many thanks for answerng, and for your well-written guide !
Some details appear to have slightly changed in the current version, UI and naming things only, I guess.
I set the auto-sandbox pulldown menu to “blocked” and the Firewall to Custom Ruleset, like you suggested, and bingo - Comodo asks first for ever new application wanting access - great, exactly like I wanted !

That still leaves the dilemma about the WWW network - should I really declare it “trusted” ?
If I set it to blocked, none of the main programs gets online, even though their predefined rules are set up, i.e. browser, mail client etc. What gives ?

Bonus question :
The new “stealth ports” dialog gives two big buttons for “block incoming” (I guess that’s what I want) vs “alert incoming”, but there is zero visual feedback which seting is active, and the stealth test [at] shieldsUP gives identical results, no matter which of these two buttons I pressed last, and I don’t get an alert either during the scan.
No need to debate Gibson’s views on stealth, I read the thread here on the forum, just talking about the port scan they use, not discussing the failure of the test atm.
But the “stealth ports” dialog has to be there for a reason, is there any way of verifying how it’s set, either in Comodo or on a trustworthy website ?

Sorry for all those nagging questions, but I don’t take firewall setup lightly, I want it to be configured securely from the start, I can deal with training myself then.
Unfortunately I’m far from being a network expert, just absolute basics and trying to use common sense …

Thanks again,
balmora

Defining a network as Blocked will not allow any programs to get online, regardless of whether they are trusted or not. It’s really only meant to be used when you believe you have malware running on your computer, and want to make sure that nothing can be transmitted.

For the stealth ports option, you won’t really see too much of a difference. The defaults are already quite good. However, I believe it makes some small changes to the Global Rules. I wouldn’t worry about it. It’s working correctly.

No problem about the questions. Let me know if you have any more.

Thanks.

Hi Chiron,
man, you’re fast … 8)

sounds great, so I guess I’m up and running then !
From the user perspective everything works fine now, and I understand that blocked means brickwall, no exceptions. Fine with me, I just needed to verify the concept.

So far so good, Comodo appears to be a valuable and trustworthy tool.
Your generous help is much appreciated, Chiron !
Thanks again,
balmora

I sure will come back in case of further questions, but now everything’s set up ok, the rest will be learning by doing mostly, I hope.

Thank you. I’m glad to hear everything’s up and running.

If you have any questions about how to set it up further, or confusions you had with my article about setting it up, please feel free to ask.

Thank you.

Hi Chiron,
your guide is one of the best I’ve seen anywhere, easy to understand and to the point, only (very, very small criticism) a few UI things look different here, I don’t get the two top left buttons on the main GUI, different stealth dialog, different overview page layout …
Just saying, I guess it’s impossible to keep up with all these little detail changes all the time.
No worries, all the main info led me through nicely, and I guess with your help I’m confident in Comodo now.
Have a great weekend,
balmora

Are you using Comodo Internet Security or Comodo Firewall?

The reason I ask is that all of my images, and specific instructions, are created for Comodo Internet Security. Thus, although everything also works for Comodo Firewall, some minor GUI changes are expected for those instead using Comodo Firewall.

If this was the case, and you’re using Comodo Firewall, were there any situations in which you felt confused because the instructions were specific to Comodo Internet Security? If so, can you please let me know which situations those were so that I can improve the guide?

Thanks.

Hi Chiron,
I was talking about Comodo Internet Security Premium, latest version.
Can’t find any “about” screen or version info, but last update was 2hrs ago.
OS is XP64 SP1

http://www.techsupportalert.com/files/images/CIS%20V6.2%20Advanced%20Screen_Large.jpg

I don’t have this overview anywhere.

I don’t have the two buttons either which you mention here :

http://www.techsupportalert.com/files/images/CIS%20V6.2%20Switch%20To%20Advanced_Large.jpg

Just FYI, personally I’m fine now. :slight_smile:
This is a generous (and free) service you provide here, I wouldn’t ever dream about complaining …
Thanks,
balmora

Can you please post a screenshot of the main screen which you see on your computer?

By the way, constructive criticism should always be welcome. In fact, I always invite it. Constructive criticism is often much more helpful than praise, although both come from the same source.

Thanks.

Hi Chiron,
here you are, jpg attached.
Let me know what else you need, that’s the least I can do. :slight_smile:
Thanks,
balmora

[attachment deleted by admin]

Looks like either something is wrong with your CIS or you are using an older version. You can see the version by clicking the question mark in the top right corner and then clicking “About”

Yes, please check the version (as advised by SanyaIV) and post that. Something is not right with your installation if you have the newest version installed.

Hello SanyaIV, Chiron,
thanks, you’re absolutely correct, apologies ! :embarassed:
It’s v6.026… now that I know where to look.
Just noticed that while sig updates work, program updates fail.
“Error: 0x80070002 - The system cannot find the file specified.”
You only see this when updating manually, I guess.

What do you recommend, install a fresh download of 6.3, uninstall 6.0 and start from scratch, or will the installer update my current legacy version ?

sorry for causing all this trouble,
balmora

I think that’s likely due to a bug that existed with version 6.0.

What I would recommend doing is reinstalling CIS by following the advice I give in this topic. This should allow you to get V 6.3 up and running without carrying over an issues which may have existed with V 6.0.

Let me know how that goes.

Thanks.

Ok, folks, did the complete cleaning / reinstall procedure, went reasonably well.
Now I’m at 6.329 …
Everything seems to work afaics, but I’m kinda missing the tabs for behaviour blocker and sandbox, although both are active and show alerts.
Any ideas ?
thanks,
balmora

[attachment deleted by admin]

I’m sorry, but it appears that you have encountered a known bug. The bug report can be found here.

In the meantime I did a reboot and CIS 6.3 didn’t start up correctly again.
So I uninstalled it …
That’s where I am right now, Windows FW as emergency tool.
Any better version than the (previously working) 6.0 for XP64 SP2 ?
No VM installed here btw, and a very stable, issue-free system that’s got a lot of mileage left.
I’m forced to use W7 on my workstation, I certainly won’t downgrade this machine here to 7 or 8.
thanks,
balmora

Did you run the removal tools in Safe Mode in between uninstalling and reinstalling?

yes, I followed the procedure exactly, restarts, safe mode with network, tools and all.
Thanks,
balmora