Hey guys, In this post I will be posting down how to configure defense+ for Maximum protection and Also showing you how to make learning rules easier.
If you find any mistakes or improvements that I can make to this guide please let me know.
If you are unsure what features are that I’m talking about you can find them here;
Comodo → Misc → Help
http://img165.imageshack.us/img165/3879/20081121125515do9.png
http://img165.imageshack.us/img165/3879/20081121125515do9.png
^Click to see larger Image^
We are going to start by opening Comodo → Defense+ → Advanced → Defense+ settings.
http://img260.imageshack.us/img260/8503/20081121130559wc3.png
http://img260.imageshack.us/img260/8503/20081121130559wc3.png
^Click for larger Image^
We are going to push the slider up to “Safe Mode” Which is recommended for best security,
Safe Mode: While monitoring critical system activity, Defense+ will automatically learn the activity of executables and applications certified as 'Safe' by Comodo. It will also automatically create 'Allow' rules these activities. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run. Should you choose, you can add that new application to the safe list by choosing 'Treat this application as a Trusted Application' at the alert. This will instruct the Defense+ not to generate an alert the next time it runs. If your machine is not new or known to be free of malware and other threats as in 'Clean PC Mode' then Train with Safe Mode' is recommended setting for most users - combining the highest levels of security with an easy-to-manage number of Defense+ alerts.
Then we are going to tick the select boxes,
“Trust the applications digitally signed by trusted software vendors”
“Block All unknown requests if the application is closed”
Then we will click the next tab in the same window “Monitor Settings”
This is what Defense+ will monitor.
Select them all for maximum protection.
http://img529.imageshack.us/img529/9185/20081121131745kp7.png
http://img529.imageshack.us/img529/9185/20081121131745kp7.png
^Click to see larger image^
Don’t forget to click apply!
Now we will move on to image execution controls.
Comodo → Defense+ → Advanced → Image execution control settings
We will set the slider to “Normal”
On newer versions of CIS there will also be a tick box, ShellCode injections. This should be ticked.
http://img246.imageshack.us/img246/1010/20081121132210fi6.png
http://img246.imageshack.us/img246/1010/20081121132210fi6.png
^Click to see larger Image^
And then we will click on “Files to check”
Click Add → File groups → Executables
http://img266.imageshack.us/img266/8057/20081121132446nq5.png
http://img266.imageshack.us/img266/8057/20081121132446nq5.png
^ Click for larger Image^
Don’t forget to click apply!
That’s pretty much it for the initial configuration, Now let’s move onto some policies and how to deal with pop-ups
and what they mean.