I am looking for a default ruleset I can use to expedite the creation of my custom rule filter set. I would like a template of many common programs to import into Comodo because I am lazy and SURELY this has been done by someone before me!? I want to go through a list of programs and delete the rules of programs I don’t have installed (purge would work well for telling me this). However, I have been searching for the past hour or so and am coming up with nothing.
Doesn’t there exist somewhere a Comodo cfg file listing some of the most common programs and the minimum they require for the network? Like
C:\program files\somecommonapp\app.exe ONLY_INBOUND ONLY_TCP PORT_123
Or better yet, a repository of a bunch of .reg files of common programs that I can download and import into my registry to add to a profile to create my ruleset?
To get rules with min. alerts is easy as select in Firewall settings to create rules for safe applications.
Set alert frequency level to high. so it makes rules with ports and all.
And then in safe mode use/run your machine for a while or till you feel you have run everything and it works.
Then you can go and edit/combine/refine the rules as you like.
Then you can switch from safe mode to custom.
Or switch straight to custom and go through pop up hell for a short period while trying to decide what is safe to allow and not.
I’m sure it’s not what you want, but I hope it helps in some way.
This sort of thing has been discussed several times in that past, but it’s never really gone anywhere. With earlier versions of Comodo firewall there were numerous FAQs that provided information regarding the implementation of rules for quite a few common applications. Unfortunately, for the most part, the only information that’s persisted, tends to relate to p2p applications and these tend to be all over the place.
Personally, I think it would be a great idea to have a single thread, where people could either submit rules they’ve created for applications they use, or for people to request rules for applications yet to be included. From this, it wouldn’t be terribly difficult create a configuration file for download. It would also provide a single point for discussion about ‘advanced’ rule creation.
Clearly, this would not be for everyone, but for those interested in going beyond the ‘Allow all Out’ defaults, it could be a very useful.
Badfrogger: Thanks for such a quick reply as I needed to hear at least one other person has never heard of something I cannot find. I changed the title of my post to better reflect what I’m looking for, hopefully someone will come out of the brush and help me out.
Your method is exactly what I’m doing, but I’m quickly realizing it’s slow and tedious and potentially inexact. I have to look up each program to identify what “should” be allowed. I also thought why just let GoogleUpdate.exe access to ANY web address? Rather than just the IP it is throwing at me. And if I continually block the process, the IP changes along with the PORT (80, 443) used so perhaps it is using a CDN so why not restrict it to only allow it to update from that particular Domain Name? But that’s just it, I’m hoping someone has done this exhaustive, investigative inquiry already (which they have, this forum), and then made these forum discussions digestible to an advanced user who knows how to work quickly by reading the .reg files and import them into their registry…
Radaghast: Failing the above method, I agree a thread would be better than how it is now (doing a search for each app), although an editable (wiki-like) post would be best so you could just Ctrl-F for the app or process name, as I’m sure a thread like that would quickly expand to be quite cumbersome to navigate.