Hi there, I’m using the COMODO Firewall for almost 2 weeks, and the program reports no intrusion attempts at all! Is that really possible? Before, while I was using ZoneAlarm, it reported almost 10,000 attempts…
My settings:
Firewall Security Level = Safe Mode
Defense+ Security = Inactive
Alert Frequency Level = Low
Security Policy = Allow all incoming/outgoing requests if the sender/target is in [Local Area Network #1]
I also used the Stealth Ports Wizard upon [Local Area Connection #1] to add it to the Global Rules, and then I disabled the AutoDetect New Private Networks option so that the program doesn’t bother me every time I connect.
Same for me, but if you look the description of the Stealth Ports Wizard’s options, especially option #3, then you see that incoming attempts are being blocked automatically. I think that this is the reason why no logs are seen now and then. But I see all incomings from outbound only defined apps/processes, not many but a few. Added also logging for global rules. If SP Wizard works then it’s ok, if not then it’s a problem.
Thanks for response bulgroz, but just make it sure is not sure enough.
The way of incoming connections is to pass global rules first and then the app rules. Let’s take “Webbrowser” standard rules. All allowed connections are ok, but look at the last rule → block all other connections for IP in/out. Do I need that if SP Wizard’s option #3 is activated? As I understood, if you change options (3 at all) in SP Wizard, it will generate different global rules and not more. And if there are no rules for specific intrusions/ports then it’s open for all ???
If you want logs of your trafic go to Network Security Policy/Global Rules, click each rule, click edit and check the box that says “log as firewall event if this rule is fired”
If you choose option #3 in SP Wizard the following should appear in your Global Rules: Block And Log | IP | In | From Any IP Address | To Any IP Address | Where Protocol is Any
In that case you should have entries in your log.
If you choose option#1 in SP Wizard your ports are hidden and that may explain the absence of intrusion attempts.
Rules are created for individual app’s but the Global Rules always take precedence. So if you decide to block everything in Global Rules it makes no difference what’s in Application Rules.
When sitting behind a router, due to the nature of NAT you are not going to seeing much (if any) unwanted incoming traffic. With NAT, your machine is only going to be seeing the traffic specifically addressed to your IP. You aren’t going to be seeing any of the general internet “chatter”.
As to the reason why ZA showed lots of intrusions, I can only assume it was logging mostly system events which can’t really be classified as “intrustions”.
ZA logged inbound requests from external IPs, and lot of them. Tomahaker talks about thousands of attempts, like me for a longer time period. I changed back to ZA for 1 day long to check the inbound data and didn’t got any message (if you need data, it doesn’t come - murpheys law lol). Tested it with a friend finally and got messages as desired. Back to CIS again with same test and no messages, but ports are closed, so problem solved for me as friend confirmed that correctly (but no protocol option in CIS for that only).
I changed cable modem 2 months ago and ZA was running for years. Already after a short time period ZA incoming intrusion messages wasn’t interesting anymore but protocoled. And yes, the provider gave me a router with hardware firewall as I see. Called the provider and he told me that I have to setup this firewall for myself and it’s still unprotected as long as I don’t make an initial configuration. So your comment is going to come true
