I’ve been using Comodo Firewall in Safe Mode for quite a while under XP64 without problems.
Today i had it checked for leaks by a utility from grc.com which found it was leaking. So I switched it to Block All Mode and now some programs connecting to the Internet stopped working e.g. a hard disk temperature monitor, an email checker.
Do I have to configure the firewall to let these programs work and if so how?
If I use a hardware router is it necessary to use the Block All Mode, or is the Safe Mode sufficient?
Unfortunately, I think you have misunderstood what the Block All Mode means. It literally does mean block all - everything. This is why everything stops when you’re in this Mode, that’s its function.
Concerning the actual GRC leak: Often this caused by the GRC test actually testing the communications equipment (ie. routers & other such hardware firewalls) rather than CIS, basically in this case nothing from GRC ever reaches CIS. Alternatively, if there is a real leak, you then need to tighten the rules to block the leak. But, first steps… what did GRC report?
I am using an ATT router which has a firewall built-in. As far as I know, it disallows external applications from entering my computer, but it does not stop apps in my computer from going through. That’s what a sware firewalls like CIS are for.
The GRC test is a utility residing on my computer designed to contact the GRC server. CIS is supposed to intercept the action and prompt me to disallow it, in which case it will fail. GRC tests internal violations of the firewall from inside, which means it tests the software firewall, not the router’s.
If I understand you correctly, the Block All Mode cannot be used if nothing can go through it, so what mode do I use that blocks everything except the apps I want to go through?
When I run the GRC utility, Cis does not even prompt prompt me to disallow and I get “Firewall penetrated. LeakTest was able to connect to the GRC server”. When I set Block All Mode, it doesn’t.
Clearly CIS does not see the attempt and it goes through.
Create a ‘Block’ Rule ‘here’. Or just ‘Remove’ the Policy for the GRC utility, and avoid ‘Training Mode’ & ‘Clean PC Mode’ when you are performing the Test.
Please also read ‘here’. (Ignore ‘Train with Safe Mode’ as it no longer exists.)
You probably have the GRC utility marked as ‘Safe’.
If you find it dificult to understand ‘Defense+’, ‘this’ may help. :-TU
J2045 posted whilst I was typing… gee I’m getting slow. But, the Profile change will still quickly test any configuration/rule issues. So, …
Right, sorry. You mean the LeakTest. Did you get any alerts from CIS when you ran CIS? If not, then perhaps LeakTest was already present on your system when CIS was installed or had been run previously. An easy way to check this is to switch CIS Profiles to Proactive Security & run the test again. Unless you’ve used it before, this Profile is unlikely to have any pre-existing rules for the alerts that it will raise.
I was running in both Safe Modes, wothout any rules of my own.
I did not have the GRC testing utility when I installed CIS. I just downloaded it and when I tested CIS failed.
In some documentation I saw that to prevent leaks one must have Defense+ installed. It looks like the installation default is PC Clean and in that mode leaks are possible. Only when I set it in Safe Mode the leaks are prevented.
I didn’t realise that you didn’t have Defense+ installed. I assumed, sorry. Yes, since Defense+ is the HIPS component (outbound application filtering), you’ll need it to pass GRC’s LeakTest.
You would need to use CFP 2.4 to get that level application leak protection with the firewall alone. Oddly it is that leak protection in 2.4 (application/component monitoring) that later became Defense+ in 3.0. Later, some wanted to ability not to use it & use something else instead. Thus, the ability not to install it. I think CIS’s install warns you, or it did, when you choose not to install Defense+.
Is ‘this’ the Leak Test you are refering to? If so, you don’t need ‘Defense+’ for that Test. Its just a very basic Firewall Test. I have my CIS Configuration set to ‘COMODO - Firewall Security’ which is one of the weakest Configurations (although still much stronger than many other Firewalls). My ‘Defense+’ is set to ‘Disabled’ for this Test, and I have the ‘Firewall’ in ‘Safe Mode’.
CIS ‘Blocked’ it without any problems.
Are you sure there was no Firewall Rule for the ‘LeakTest.exe’ File? It would have Automatically generated an ‘Allow’ Rule for you if your Firewall was in ‘Training Mode’ the first time you tried the Test.