Just began using Comodo’s firewall last night & followed the set-up configurations as suggested by Kyle from the links below. I have a few questions however.
First, it is suggested to “Block All Incoming Connections, Stealth My Ports To Everyone” but the setting will not take hold. Once I click “Finish” & then go back to check the settings, the first option is always ticked, “Define a New Trusted Network…”
Second, a pop-up for my AV displayed & I did nothing for a bit, as I was reading up on the situation, & without my input, after a certain amount of time (120 seconds I believe), the firewall automatically “Allowed” the action as could be seen in the “Application Rules”. This is not good. What can be done to have the default settings changed to “Block” if the pop-up receives no input from the user?
And last, I am a little confused as to this network that is trying to automatically set-up. “Local Area Network #1” seems to try to set-up on start-up & I have just closed the window every time. But this is not following the suggestions by Kyle as he suggests setting up this network. I do not understand what will happen if I choose option 2 in the network prompt window instead of just closing the window. I do have a router which is used to connect other computers but I do not wish to have my computers networked. They presently just share a router to gain internet access but run independently of each other. So, what exactly is this “router/home network” set-up to which Kyle is referring?
That’s correct though the settings are set to the option you chose, only this “wizard” doesn’t remember that, if you open your Network Security Policy and go to the global tab you’ll see a a Block IP any rule on the bottom, that’s where the “Stealth ports wizard” writes it’s settings… So what you see is just a GUI annoyance…
Second, a pop-up for my AV displayed & I did nothing for a bit, as I was reading up on the situation, & without my input, after a certain amount of time (120 seconds I believe), the firewall automatically "Allowed" the action as could be seen in the "Application Rules". This is not good. What can be done to have the default settings changed to "Block" if the pop-up receives no input from the user?
This cannot be, your talking about an AV alert and a Firewall rule those are two different things.
An AV alert will never create a Firewall rule, What could happen is that the firewall created a rule based on the internal whitelist or safelist, depending on your firewall settings.
so something else must have happened here.
Can you post the AV detection (name of the virus) and what application it is?
And the firewall settings you use?
And last, I am a little confused as to this network that is trying to automatically set-up. "Local Area Network #1" seems to try to set-up on start-up & I have just closed the window every time. But this is not following the suggestions by Kyle as he suggests setting up this network. I do not understand what will happen if I choose option 2 in the network prompt window instead of just closing the window. I do have a router which is used to connect other computers but I do not wish to have my computers networked. They presently just share a router to gain internet access but run independently of each other. So, what exactly is this "router/home network" set-up to which Kyle is referring?
You can safely disable "automatic network detection" it will only help you in case you use Firewall rules to allow other PC's in the same local LAN network to access your PC, as you only need outgoing traffic the "Automatically detect network settings" is of no use for your setup...
In regards to the AV window that pops up, it’s not a detection prompt but rather an auto update window. With this in mind, can you better answer my initial question?
You can safely disable "automatic network detection
So as not to have to bother you again, you might as well tell me how to go about this
That depends, it is very common if you use p2p software, Torrents etc.
Reason being is when you are sharing all those people need to know where you are to exchange that information… Even after the torrent has been turned off\finished\whatever those users still beilive they can get the files from you off that address.
Well, this machine is a stand alone machine that only shares a router so as to establish an internet connection. However, there was a time years ago when this machine was part of a two machine network.
So, now I am more confused I do not understand what is happening here.
Also, there are still two of my original set-up questions outstanding. Perhaps you were waiting for Ronny to answer those for me
UPDATE- I have been reading up on those intrusions being blocked & I think they are normal.
Hey Bubster. I’ll try my best to answer your questions however keep in mind I don’t have comodo in front of me! ;D
#1;
You did it correctly, Comodo by design switches the ‘Wizard’ tick box back. :-TU
#2;
Some of the question is confusing and need a bit more info to be clearer.
There are 3 components of CIS, The antivirus, Defense+ and Firewall. Each have their own pop-ups and they are not related.
I think the best way to clear it up is please take screen shots of the logs so we can have a better look;
Comodo → Firewall\Defense+\Antivirus → Events
#3;
Since your Pc is the only one on the network, Clicking Ok should be all you need to do when you get that alert.
If you are still having problems then please tell us what the alert says and post that here as well as a screen shot of your network setup.;;;See below.
You can get some additional info about the networks you are on by going to the command prompt
Start->Run-> type in
Perhaps I am still not explaining the AV window that popped up. First, I am only running Comodo’s firewall. The AV window that popped up & seemingly was “allowed” thru, was from my Avast AV program that was trying to update. While I was reading up on the situation, & without my input, after a certain amount of time (120 seconds I believe), the firewall automatically “Allowed” the action as could be seen in the “Application Rules”.
Now, in regards to the network…upon start-up, I was getting a window/prompt to configure “Local Area Network #1”. I was just hitting close for a while but the window continues to appear & set-up on start-up. So, after Ronny suggested that I "can safely disable “automatic network detection”, the last time the window opened on start-up, I ticked the last/bottom option in the window that said something to the affect of “do not detect network settings”. Did I do this correctly or in other words, did I disable the network?
And Finally, in regards to the repeated blocked intrusion attempts from “Windows OS”, they are mostly to IP 224.0.0.1 & a few to 255.255.255.255. I believe that this is normal when running a router but I digress. What do you think?
Thanks!!
UPDATE Holy Moly! I took a look at “Network Defense”- “Outbound Connections” & there was one connection that was remaining, even though I was not connected via web browser. I checked it out & it is a Facebook IP !! I terminated the connection. Then, I noticed that even after I would close FF, & delete cookies,history, etc. there would still be many connections still remaining, for a little while anyway. I checked a few of them out & they resolve to places like “HAMPTONS”, “Global Crossing” & “Level 3 Communications”. I am guessing that all but the Facebook connections are normal, but maybe I am wrong. But the Facebook connection always remaining…what’s the deal with that?!
The “View Active Connections” has a bug with releasing these connections, once a new on pop’s up it’s shown but a closed connection is still shown as active while in reality it’s no longer there.
You can verify this with a command-line tool, therefor you need to open a command-box (Start, Run, CMD and the press ENTER)
type:
netstat -an
This will show you the actual network connection list.
ESTABLISHED state is still active connection, compare this to the “View active connections”
There is no AV auto update window as far as i know, only a balloon message in the bottom right of the task bar… only AV update window in know of is the one that shows before a manual or scheduled scan…
I’m not certain why they misread you, but the default setting for the amount of time to keep an alert on screen is 120 seconds. You can see/edit that setting by going to Comodo > Firewall > Advanced > Firewall Behavior Settings > General Settings
There still seems to be some confusion…please reread this again carefully
Perhaps I am still not explaining the AV window that popped up. First, I am only running Comodo’s firewall. The AV window that popped up & seemingly was “allowed” thru, was from my Avast AV program that was trying to update. While I was reading up on the situation, & without my input, after a certain amount of time (120 seconds I believe), the firewall automatically “Allowed” the action as could be seen in the “Application Rules”.
Now, in regards to the network…upon start-up, I was getting a window/prompt to configure “Local Area Network #1”. I was just hitting close for a while but the window continues to appear & set-up on start-up. So, after Ronny suggested that I "can safely disable “automatic network detection”, the last time the window opened on start-up, I ticked the last/bottom option in the window that said something to the affect of “do not detect network settings”. Did I do this correctly or in other words, did I disable the network?
Perhaps I am still not explaining the AV window that popped up. First, I am only running Comodo's firewall. The AV window that popped up & seemingly was "allowed" thru, was from my [b]Avast AV[/b] program that was trying to update. While I was reading up on the situation, & without my input, after a certain amount of time (120 seconds I believe), the firewall automatically "Allowed" the action as could be seen in the "Application Rules".
Okay Avast update window is understood, but if you had a Firewall alert it will never “Allow” if you don’t respond, it will always Block if it times out, but it won’t remember it, so something else must have caused the allow and if it’s Avast it’s because it’s a whitelisted/trusted application.
Now, in regards to the network..upon start-up, I was getting a window/prompt to configure "Local Area Network #1". I was just hitting close for a while but the window continues to appear & set-up on start-up. So, after Ronny suggested that I "can safely disable "automatic network detection", the last time the window opened on start-up, I ticked the last/bottom option in the window that said something to the affect of "do not detect network settings". Did I do this correctly or in other words, did I disable the network?
No you did not disable the network, what happens is the following.
You start your PC, and you get an ip address assigned dynamically by [url=http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol]DHCP[/url] once this happens this window pop's up and asks you what you would like to do with it.
If you get a different IP every day you’ll get an alert everyday, this window is only useful if you use and/or create a “Local Network” Zone and use that in your firewall rules.
Since you don’t have other PC’s in the network you are not using this function therefor the alert is useless in your case, because the Zones it creates are not used in the firewall policy.
So you can safely disable this feature without interfering with the firewall and/or network setup.
If you have the Alert window with the Allow / Deny button this will result in 1 alert per app.
If you Allow the App it’s trusted, if you Deny the App it’s totally blocked.
Next to this there is also the internal CIS system that knows which Apps to trust and i think Avast is one of them…
Back to my original question..how do I do that? ???
Thanks!
I think you already did but you can check this on the GUI, Misc, Settings, Generic "Automatically detect new networks".
I have a loopback & local area connection in Network Zones but as you know, I am not part of a network. So, does that mean that I can remove those to zones?
I do not understand what is happening here.