questions about how comodo works

anonymous · December 1, 2006, 5:17pm

the network monitor is what provides inbound protection,
the application monitor provides outbound protection,
and both modules are separate.

is this correct?

AOwL · December 1, 2006, 5:40pm

Yes.
The only time you should have to set up rules in network monitor, is when you use P2P programs and some other apps. You could say that it works like a router, where you forward port(s) for some apps.

AOwL · December 1, 2006, 5:43pm

I could add that network monitor reads the rules from the top to the bottom, so if you would like to allow a IN connection, you have to put that rule ABOVE the default block rule at the bottom.

Little_Mac · December 1, 2006, 6:31pm

Um, maybe a little clarification…

The Network Control Rules (network monitor) define how your computer connects to its surrounding LAN (if applicable) and the internet in general.

The Application Rules (monitor) work within those confines in regards to allowing/blocking applications from connecting in accordance with your Network rules.

The Component Monitor breaks it down to an even more detailed level, still within the confines of the Network rules. If you have a specific component within an application which you do not want connecting, this is where you can block that (for instance, in update module that is not a separate application/executable).

To explain further…

In the simplest of settings, you only need two network rules:
Rule 0 (top rule) Allow/IP Out/Any/Any/Any
Rule 1 (bottom rule) Block/IP In/Any/Any/Any

At this point, all applications that you allow to connect outbound can do so to any IP, on any port. If you modify this rule to only allow outbound on ports 25, 110, 80, 443 (for instance), and an authorized application tries to connect outbound using port 2259 (for instance), even tho the application is allowed, the network rule will stop it. Isn’t this correct, AOwl?

If you have an allowed application abc.exe, which has a module helper.dll that you want to deny, you “block” that component in the component monitor. Application abc.exe can still connect, but the module helper.dll will be stopped. Isn’t that correct, AOwl?

I think of it as concentric circles, from inside to out: Component, Application, Network.

LM

AOwL · December 1, 2006, 7:01pm

The network monitor is the one that stops all in/out if not allowed. It stealths you from the outside.
Just like a router… :o

If you are correct Little Mac? Just wait… must have another one… 8) :Beer
Yes! All you say is correct… ;D ;D

Little_Mac · December 1, 2006, 7:05pm

heh, tnx, AOwl, it’s nice to be correct! ;D

Here, have another one on me, just to help you thru the day! :Beer

Or two… :Beer

LM