I Would first like to say that the free comodo firewall and the defense mechanism that comes with it is a good thing to have.
However, I have a few small problems of understanding it. I Don’t know where to begin.
Let’s begin with “Trusted files” and “Trusted Applications”. I have no clue which of these two groups will pass through the firewall rules and which will not. God help me.
My second problem is that when I try to add opera (for example) to my trusted files, it says “Opera is already safe”, but I can’t find opera in the trusted files list, neither can I find in the trusted application list. God help me.
My third problem is that I don’t know which priority the global firewall rules are executed, top-down, bottom-up, or is it all the accepted rules first and then all blocked rules last?
I have a few other minor problems, sometimes when I add a file to the trusted files list, it may still not be able to run properly.
The third problem I have is that when I edited the “Predefined Policies” I altered the item called “Trusted Application” so that all trusted applications is not automatically allowed to perform connections, but will ask every time. The icon changed to a questionmark, I click “OK” to save, but no application asks me to allow to connect to the internet whatsoever.
So my problems that I have listed here is that comodo seem to be doing everything I tell it not to do, it runs its own show and I have no clue why it do that. It is like talking to a brick wall, it doesnt listen no matter how many spoons of suger I feed it.
The first video was all about the anti virus, That is 14 minutes wasted. My questions was about the firewall and defense+.
EDIT: I appreciate the video’s, but seriously, no matter how stupid I appear to be from the first post, that guy in the video knows pretty much nothing. I can tell by the way he talks, he skips areas and he seems interested in irrelevant things and he sure as h… does not go into the details that I need. I am deeply disappointed with his explanation, he does not go into details, everything he explained is things I already know and even worse, this guy is not even right about everything, he is very inaccurate.
But then again, it was a comodo “for dummies” so I leave it there. ;D
EDIT2: The third video was nothing breathtaking either, but it gave me an re-insurance. It was refreshing to review what I already knew.
Trusted applications are the rule set for the firewall, trusted files are the rule set for Defense+.
You won’t see Opera in the trusted files list because it exists on the internal whitelist. If you wish to make adjustments for the Opera rules, go to Defense+ → Defense+ Settings → General Settings. Put a check in the box next to Create rules for safe applications. Next time you start Opera, it will show up on your list.
The firewall rules are executed top down. So you’ll want your block rules at the bottom.
If you want CIS to ask you before making connections, I believe you’ll want to run the Proactive Configuration, and set the Firewall Security Level to Custom Policy.
What exactly to mean when you say something will not operate properly when added to the trusted files list? What is the application doing/not doing?
I sometime experience that when I add a file to safe files, it pops right back to the unsafe files even though the file is safe. When I check the file in the cloud, it is safe. But I had to do it at least 6 times before it finally let it in.
I have a last question if you don’t mind; There is something about the global rules that I wonder about. Could you give me a some technical insight into how exactly “Allowed” rules works compared to “Blocked”. Because I sometimes find that when I have one allow rule at the top, it skips my block rule 2 spots below, I have to move it to the second first spot to force it to take effect. I want to understand what makes the firewall accept one rule, what makes it skip another rule, what makes the parsing stop in the middle of the chain. Yes, you probably understand, a bit more technical insight.
I have one final question as well, I have this paranoia that I might have malware on my computer, i’m not sure. But I want to make absolutely sure that my commodo installation is authentic, can anyone provide me with the md5 hashes of each of the files in the commodo folder so I can check the integrity of it?
If the diagnostics under the “More” tab is not reporting any errors the installation should be fine. Also maybe i should have watched those videos my self first. 88)
I will come back to the global firewall rules at a later point. I followed your guide, I used scan at virustotal.com to check the 4 main executables in the comodo folder. Most of the virus scanners found nothing, but one and another found an infection, I do not know if I should trust that scan result. I have added the scan result as a file attachment, see it and let me know what you think.
A md5 hash confirmation on those 4 files would solve everything right away. I will try valkyrie.
Btw, do you know if I can find the md5 hashes somewhere on comodo website?
I’m not going to hash all the files in the folder… I thought there was one file you suspected.
I guess a better question would be, what makes you think malware got past CIS’s self protection? By default, Defense+ monitors anything in the C:\Program Files\COMODO folder. Plus the Comodo files that live in System32 and Application Data.
That is exactly the case my friend, I don’t know what to think, because I havent seen the source code of CIS, therefore I have to take extra precaution.
Never mind about the hashes then. I guess I could just extract the installer and measure the hashes from there.
If you go to Defense+ → Computer Security Policy → Protected Files and Folders, you can see all the files/folders Defense+ monitors by default. If any application tries to do anything with any of these files/folders, CIS will alert you.
However, I have a few small problems of understanding it. I Don’t know where to begin.
Let’s begin with “Trusted files” and “Trusted Applications”. I have no clue which of these two groups will pass through the firewall rules and which will not. God help me.
Trusted Files is for Defense+ (HIPS) | Trusted Application is for Firewall | Exclusions is for AV/Memory Firewall ie Shell Code Injection
My second problem is that when I try to add opera (for example) to my trusted files, it says “Opera is already safe”, but I can’t find opera in the trusted files list, neither can I find in the trusted application list. God help me. Opera is on the whitelist (comodo’s whitelist)…
My third problem is that I don’t know which priority the global firewall rules are executed, top-down, bottom-up, or is it all the accepted rules first and then all blocked rules last? Top is the highest priority rule then goes down (SO if you have a block all rule on the top and a allow port 80 on the bottom, you’ll have no traffic because of the block all rule on the top…
I have a few other minor problems, sometimes when I add a file to the trusted files list, it may still not be able to run properly. What file?
The third problem I have is that when I edited the “Predefined Policies” I altered the item called “Trusted Application” so that all trusted applications is not automatically allowed to perform connections, but will ask every time. The icon changed to a questionmark, I click “OK” to save, but no application asks me to allow to connect to the internet whatsoever. The firewall is probably in ‘safe mode’ please use custom policy mode
I’m getting it. I’m starting to get the philosophy of comodo.
Never mind that minor problem, it was related to the fact that it was launched by another application from the prompt so it was dependent on another application.
I was using edit.exe in the prompt and it was dependent on ntvdm.exe. I had minor problems having ntvdm.exe accepted as a trusted file, it kept disappearing. But the problem is solved now, it is trusted.
