Setting up Defense+ for maximum Security.

Hey guys, In this post I will be posting down how to configure defense+ for Maximum protection and Also showing you how to make learning rules easier.
If you find any mistakes or improvements that I can make to this guide please let me know.

If you are unsure what features are that I’m talking about you can find them here;
Comodo → Misc → Help

http://img165.imageshack.us/img165/3879/20081121125515do9.png

http://img165.imageshack.us/img165/3879/20081121125515do9.png
^Click to see larger Image^

We are going to start by opening Comodo → Defense+ → Advanced → Defense+ settings.

http://img260.imageshack.us/img260/8503/20081121130559wc3.png

http://img260.imageshack.us/img260/8503/20081121130559wc3.png
^Click for larger Image^

We are going to push the slider up to “Safe Mode” Which is recommended for best security,

Safe Mode: While monitoring critical system activity, Defense+ will automatically learn the activity of executables and applications certified as 'Safe' by Comodo. It will also automatically create 'Allow' rules these activities. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run. Should you choose, you can add that new application to the safe list by choosing 'Treat this application as a Trusted Application' at the alert. This will instruct the Defense+ not to generate an alert the next time it runs. If your machine is not new or known to be free of malware and other threats as in 'Clean PC Mode' then Train with Safe Mode' is recommended setting for most users - combining the highest levels of security with an easy-to-manage number of Defense+ alerts.

Then we are going to tick the select boxes,
“Trust the applications digitally signed by trusted software vendors”
“Block All unknown requests if the application is closed”

Then we will click the next tab in the same window “Monitor Settings”
This is what Defense+ will monitor.
Select them all for maximum protection.

http://img529.imageshack.us/img529/9185/20081121131745kp7.png

http://img529.imageshack.us/img529/9185/20081121131745kp7.png
^Click to see larger image^

Don’t forget to click apply!

Now we will move on to image execution controls.
Comodo → Defense+ → Advanced → Image execution control settings
We will set the slider to “Normal”
On newer versions of CIS there will also be a tick box, ShellCode injections. This should be ticked.

http://img246.imageshack.us/img246/1010/20081121132210fi6.png

http://img246.imageshack.us/img246/1010/20081121132210fi6.png
^Click to see larger Image^

And then we will click on “Files to check”
Click Add → File groups → Executables

http://img266.imageshack.us/img266/8057/20081121132446nq5.png

http://img266.imageshack.us/img266/8057/20081121132446nq5.png
^ Click for larger Image^

Don’t forget to click apply!

That’s pretty much it for the initial configuration, Now let’s move onto some policies and how to deal with pop-ups
and what they mean.

If you want to view pre-existing policies you can go here;
Comodo → Defense+ → Advanced → My security policy

http://img408.imageshack.us/img408/9717/20081121133220wr6.png

http://img408.imageshack.us/img408/9717/20081121133220wr6.png
^Click for larger Image^

In here you may add, edit, purge and remove.

Purge means that it will delete all invalid entries for programs that don’t exist anymore (Really great feature I like)
And remove will remove selected entries regardless if the program is valid or not.

You can find out what the predefined policies actually mean and what restrictions they apply,
Comodo → Defense+ → Advanced → Predefined Security Policies

http://img525.imageshack.us/img525/7793/20081121134047qm2.png

http://img525.imageshack.us/img525/7793/20081121134047qm2.png
^Click for larger Image^

When you run a new unrecognized application you may get 2 pop-ups, 1 for the firewall and 1 for Defense+
If it is a trusted application (That you know is safe) you may select "Trusted application)

http://img408.imageshack.us/img408/6473/20081121134829gs5.png

http://img408.imageshack.us/img408/6473/20081121134829gs5.png
^Click for larger image^

'Installation Mode: Installer applications and updaters may need to execute other processes in order to run effectively. These are called 'Child Processes'. In 'Paranoid', Train with Safe' and 'Clean PC modes', Defense+ would raise an alert every time these child processes attempted to execute because they have no access rights. Whilst in one of these 3 modes, Comodo Internet Security Pro will make it easy to install new applications that you trust by offering you the opportunity to temporarily engage 'Installation Mode' - which will temporarily bestow these child processes with the same access rights as the parent process - so allowing the installation to proceed without the usual alerts.

If it is an installer or updater, Select "Installer or updater"

http://img408.imageshack.us/img408/4479/20081121135604ei6.png

http://img408.imageshack.us/img408/4479/20081121135604ei6.png
^Click for larger Image^
You should then get another pop-up asking you if you would like to move into installation mode.

http://img408.imageshack.us/img408/4984/20081121135624ax7.png

http://img408.imageshack.us/img408/4984/20081121135624ax7.png
^Click for larger Image^
And then another one after a few minutes asking you if you would like to switch into your existing mode before installation.

http://img403.imageshack.us/img403/8113/20081121135936nr7.png

http://img403.imageshack.us/img403/8113/20081121135936nr7.png
^Click for larger Image^

Making rules easy! This is great for gamers and for just about any application, With no user input!

Right click on the Comodo tray Icon → Defense+ Security level - > Training Mode

http://img404.imageshack.us/img404/4973/20081121141124gu5.png

http://img404.imageshack.us/img404/4973/20081121141124gu5.png
^Click for larger Image^

You can also do this for the firewall (Recommended for online games etc)

right Click on Comodo Tray Icon → Firewall Security level → Training Mode

http://img408.imageshack.us/img408/1341/20081121141349vn8.png

http://img408.imageshack.us/img408/1341/20081121141349vn8.png
^click for larger Image^

Training Mode: Defense+ will monitor and learn the activity of any and all executables and create automatic 'Allow' rules until the security level is adjusted. You will not receive any Defense+ alerts in 'Training Mode'. If you choose the 'Training Mode' setting, we advise that you are 100% sure that all applications and executables installed on your computer are safe to run.

Tip: This mode can be used as the “Gaming Mode”. It is handy to use this setting temporarily when you are running an (unknown but trusted) application or Games for the first time. This will suppress all Defense+ alerts while the firewall learns the components of the application that need to run on your machine and automatically create ‘Allow’ rules for them. Afterwards, you can switch back to ‘Train with Safe Mode’ mode).

You should only run training mode for as long as it needs to be, 10 minutes should be fine. Then switch back to your previous mode (Safe Mode)

On a Final note, Remember that when running applications in training mode\Installation mode that your computer is not safe from malicious threats, so only run defense+ in these modes if the application your using them for is safe to use.

I hope this helps, Any feed back is appreciated

Feel free to ask about anything you see in this guide, If you have a rather in depth question then please create your own thread within the help section.

https://forums.comodo.com/help_cis-b127.0/

I apologize for some of the pictures that have become broken (Hopefully the steps I provided will be enough for now). When CIS v4 comes out, I will update this guide accordingly and upload new relevant pictures.