Safe Firewall/D+ Rules for various Windows System Files

Good day everyone!

I have several questions/inquiry as follows:

A. What is the safe (best?) Firewall/D+ rule for the following Windows system files:
1.) System
2.) Explorer.exe
3.) OGAverify.exe
4.) WGATray.exe
5.) Spoolsv.exe

B. Suggestion on other common system files and corresponding rules.

C. Is the predefined “Outgoing Only” policy safer than just clicking “Allow” and can someone please explain the difference of the two and when it is better to use which one?

D. I am behind a proxy and our printers are shared on a Samba server;
1.) Do I need to add proxy and Samba’s ip as trusted?
2.) Do i need to add only the Samba’s ip or each printers’ ip?
3.) Should I do it on Network Zone or on Global Rules?
4.) Is adding an ip on the Network Zone means allow all in/out traffic?

Sorry if it’s too much. And thank you very much in advance.

Any help, anyone? Or a link to suggested rules for Windows common system files.

Isn’t the Windows system files the hardest to configure because denying them (either D+ and/or Network) most of the time broke the system, while allowing them is not always the best decision.

Any suggestion? Or share the rules you are using for Windows system files/common file.

Regards

They are all safe processes i would just leave them alone because it can cause major problems if you configure it wrong.

Safe processes yes but most of them phone home like wga, the reason why I want to know which of them should be allowed out and what protocol to allow. Though they are safe processes it doesn’t mean we should allow everything. Even CIS’s own files are set to Custom (D+) not Trusted, that means have limit.

Regards

Xthink,I agree with you
About A.
3 & 4 it is from legal “spyware” from Microsoft. So it is up to you.
If you don’t want to get an automatic updates, you can even delete them from the system. It is even better, then lose on system performance by blocking with firewall
About number 5- it is belongs to printer. As far i can see, you have some interesting situation, so in your case allow it. Otherwise, i am afraid, you will unable to print.
About Explorer- it is Microsoft file manager, block it. You have a browser, why do you need a Microsoft file manager that going to internet ?
Personally, i did block Internet explorer too, but it is up to you. (I (:LOV) Portable Firefox )
About No 1, the System- it is more complicated.It depends on your system and your needs.For example, i don’t use automatic update, and even dhcp i don’t need.
So i did allow for svchost.exe just a DNS. At least, nothing more for correct internet connection in my system. You can try this too.
I will tell you what i did, perhaps it will help you too.
Go to settings for rules - go to system, delete the default “allowing all” rule.
Do create :
rule#1
allow to UDP, destination: out, a Single port port: 53
Here the pic:

http://img2.pict.com/4a/9b/6d/1424375/0/300/control2520system.png
Of cause, you can be more accurate and choose only specific range of IP’s, it is up to you.Even without a specific range, it is more secure then default “allow all”.
Remember to apply.
rule#2
Block all rule (block all ip for in/out, any source, any destination)
Make sure, to put it in the second order, in the bottom. 88)

Then, please go to" network defense" and choose “Training mode”.
Disconnect from internet. Close your internet browser. Reconnect to internet, open your internet browser.
Comodo will ask you (at least it did asked me ) to create DNS allow rule for svchost.exe. So, allow it.The rule will be created for svchost.exe, Please go there and add second rule :
Block all rule (block all ip for in/out, any source, any destination)
Make sure, to put it in the second order, in the bottom. 88)

Then, you can change “Training mode” to “custom mode”, or " safe mode"(whatever do you prefer)
Remember to apply.
That is it.
If internet or something else won’t work, allow all as it was by default.
Let us know, if it is working for you or dosen’t.

About B- i don’t have an answer… Perhaps, you should better to ask a good admin in your samba network, that using Comodo too Give him at least 2 litter of good ■■■■,i believe he will appreciate it ;D

P.S.Sorry for my English, your corrections are welcome by PM.