I installed Comodo Firewall on Window Server 2003. I’m interested not only in protecting UI applications, but also in filtering traffic of background services like e.g. MSSQL and IIS.
The question is will Comodo Firewall protect the system while i’m not logged in and no other logon session is active?
Every rule and aspect of the firewall will continue to run while the machine is running. As long as you’re protected while you’re logged in, you’re protected while you’re not. The protection is provided because the firewall engine/drivers are running all the time.
Now if you have something occurring in the background which would create an alert, that will probably be blocked, since there’s no user to interact…
Hope that answers your question,
Yes, that helps. Thank you very much!
I switched off everything except Network Monitor module where i configured which networks may access the computer and which may not.
I guess such a configuration should not pop up alerts, should it?
Anyway it matches the concept perfectly: to block everything which is unknown.
No you probably wouldn’t get any popups by doing that. However, that does decrease the level of security in a sense…
By doing so, you’re essentially allowing ANY application activity that complies with the restrictions of the Network Monitor rules. Thus, let’s say for example that you do have some malware on the computer (or even legitimate application, that you don’t normally allow to connect), that would use UDP Out. As long as you have a NM rule to allow UDP Out (without Port or IP specifications), the application will be able to connect as it pleases…
Now if every single NM rule is IP and/or Port - specific, then that’s a little better, but any application could still connect if it used those same parameters (don’t know that it would happen, just theoretically).
Here’s an explanation of Comodo’s layered rules; perhaps that may help you understand the flow of such things… https://forums.comodo.com/index.php/topic,5372.0.html
Thank you very much for your advise.
I needed it fast and have no experience with Comodo Firewal so i did it just in a simple way.
It’s a web service so i disabled In/Out IP traffic for everything except my office subnet (only 1 gateway actually) for administration purposes and opened ICMP echo request (for monitor service in the office) and HTTP port 80 for everyone and then just concentrated on securing my web server software.
Thanks again for all your support! (R)
Sounds like you’ve got a plan! (:CLP) Rock on, and let us know if you need help.