It could be that I’m the 102nd person asking this, but I couldn’t find what I wanted to know. Please give me a link to a clear topic if you want to.
This morning I installed Comodo Personal Firewall (Free) v3, because ZoneAlarm has made a huge mistake in their newest update (a lot of systems won’t boot) and I always recommend Comodo to other people.
After installing the firewall and setting up the things I normally do ithe firewall seemed to work fine. Defense+ gave a lot of pop-ups on the first boot, but I understood that could happen in the beginning, and a lowered the amount of seconds the pop-up is displayed from ten to one second.
Some hours ago I started Steam, which is a program used to play several online games including Counter-Strike, and it had to update. A massive amount of pop-ups asking for approval started opening after each other and it didn’t seem to stop. If I wanted to select ‘Installer/Updater’ as type of process it was too late as the new pop-up had started already and the program would say it couldn’t install a file.
By stopping the firewall software I was able to update and after that I reopened Comodo. When I wanted to enter a server the pop-ups started opening again and I stopped Defense+.
Still I’m not confident with that as I read in another thread that half of your security will be gone by disabling Defense+. Now I set the level of Defense+ to ‘Training Mode’ and I hope that’s low enough. I also added the folder which the updater wanted to save the files in to ‘My Own Safe Files’.
Is there anything different I can do to stop this behaviour from happening in case it could happen with other software my parents want to use? There are also some files having to do with a restore point in ‘My Pending Files’ and I want to approve them. What option do I have to click to do that?
you should check out train with safe mode and carefully answer all alerts (putting remember ticks when appropriate, and marking apps you trust as Trusted (and also put a tick to create a rule), updaters as Updaters etc.). then, after all your tribulations set D+ to Clean PC Mode and enjoy best firewall ever :-))
PS gonna answer every question, am writing right now :-))
After installing the firewall and setting up the things I normally do ithe firewall seemed to work fine. Defense+ gave a lot of pop-ups on the first boot, but I understood that could happen in the beginning, and a lowered the amount of seconds the pop-up is displayed from ten to one second.
if you're talking about the popups with "Defence+ learning" - then you can disable them at all, go to Miscellaneous -> Settings and untick the "Show the balloon messages". This poses no danger. However, if you set the timer to 1 second for ALERTS - then you shouldn't have done this, so go right there and change that back. Instead, you MUST read carefully every alert. And decide what to do.
Some hours ago I started Steam, which is a program used to play several online games including Counter-Strike, and it had to update. A massive amount of pop-ups asking for approval started opening after each other and it didn't seem to stop. If I wanted to select 'Installer/Updater' as type of process it was too late as the new pop-up had started already and the program would say it couldn't install a file.
In this situation you should have steam marked as updater. to do this you should select "Treat as..." and choose "Installer/Updater" policy (and check the "Remember" tick to create a rule if you plan to update later. then all actions will be allowed and no popups will be displayed.
By stopping the firewall software I was able to update and after that I reopened Comodo. When I wanted to enter a server the pop-ups started opening again and I stopped Defense+.
You MUST answer EVERY alert. CFP gives advice that can help you to make the right decision.
Still I'm not confident with that as I read in another thread that half of your security will be gone by disabling Defense+. Now I set the level of Defense+ to 'Training Mode' and I hope that's low enough. I also added the folder which the updater wanted to save the files in to 'My Own Safe Files'.
You should set Defence+ level to train with safe mode and then after some time (e. g. a week) put it in Clean PC Mode. AT least that's what i did.
Is there anything different I can do to stop this behaviour from happening in case it could happen with other software my parents want to use? There are also some files having to do with a restore point in 'My Pending Files' and I want to approve them. What option do I have to click to do that?
To approve pending files you should go to the pending files section, check files you want to mark as safe and click "Move to.." and select "My Own Safe Files".
There is no way to stop alerts, but they will be gone when CFP learns your environment. Then they'll show up only if you install something new.
Thanks for the fast replies, Burillo, much appreciated!
Seems like I wasn’t really concentrated when I set the amount of seconds, because changing it to 20 did the trick. I’ll have to read it better next time
Changed the ‘Network Defense’ and ‘Proactive Defense’ to ‘Train with Safe Mode’. Should I only change ‘Proactive Defense’ to ‘Clean PC Mode’ in about a week, or two, or also ‘Network Defense’?
Also changed the setting about balloon messages and I love it, thanks for that.
Another thing I did is move the pending files to ‘My Own Safe Files’.
There’s still one thing I’d like to know. I tried to start Counter-Strike again and Defense+ came with a pop-up about a Nvidia driver which wanted some kind of access. I had to choose between allowing, not allowing, or marking it as something else which included one thing (I forgot the name but it wasn’t what I wanted), system file (I think), and ‘Isolated Application’. Can you explain me what an ‘Isolated Application’ is? Does it matter whether I just allow it or give it some kind of name like system file, etc?
Changed the 'Network Defense' and 'Proactive Defense' to 'Train with Safe Mode'. Should I only change 'Proactive Defense' to 'Clean PC Mode' in about a week, or two, or also 'Network Defense'?
it depends. i prefer handpicking rules, you seem not so tech-savvy so it would be better if you enable training mode for automatic rule creation.
There's still one thing I'd like to know. I tried to start Counter-Strike again and Defense+ came with a pop-up about a Nvidia driver which wanted some kind of access. I had to choose between allowing, not allowing, or marking it as something else which included one thing (I forgot the name but it wasn't what I wanted), system file (I think), and 'Isolated Application'. Can you explain me what an 'Isolated Application' is? Does it matter whether I just allow it or give it some kind of name like system file, etc?
Isolated app means that it is not allowed to do anything :-) to check that - go to D+ -> Advanced -> Security Policies and look for that app and change it's policy to "Trusted Application". I personally don't know exact difference between "Windows System Application" and "Trusted Application".
Thanks Burillo! I don’t know what you mean by ‘you seem not so tech-savvy’, but never mind. We’ll see how the firewall and the rules develop, but I’m sure the firewall is great Thanks again!
well actually you don’t need all that tech stuff about ports and protocols but if you want to - check various sites like grc.com, auditmypc.com… Wiki rulez :-))))
Lol decided to do some checks with grc.com which I did veeery long ago. Passed ‘Common ports’ and ‘All service ports’ but when I checked ‘File sharing’ it said that my security was veeery good because the pc didn’t even respond and wouldn’t give any information about my NetBIOS. I’ll check Wiki sometime. Thanks!
if you are behind a router - that’s no surprise :-))) however, if you’re directly connected to the internet - that means CFP is protecting you :-))) the insecurity is an open port (for example i have a couple of open ports since i use filesharing software (not Windows shares but eMule/Torrent) and hold a http file server), closed port is somewhat secure, but true security is stealthed port, because the bad dude on the other side of the wire doesn’t even know that you exist since he can’t get any response from your IP, CFP just ignores him :-)))
BTW NetBIOS and SMB - these are ports, responsible for Windows sharing :-)) ports 165-169 and port 445)) i like total control over my connections so i have a “default deny” policy - every app has a rule that blocks all, and to allow something i must explicitly add a specific “Allow” rule (for example, i have a LAN and even in this trusted zone i have only allowed network traffic (NetBIOS/SMB/SNMP and broadcasting), every other packet is dropped :-)))
you’d probably find the entries in the pending files list for system restore files are files that are no longer on your computer. always! select purge first to remove old entries of files that no longer are on your computer. then any files remaining after that are entries for files that are on your computer and are either new or modified entries for which you can do a lookup on and add to your safe list etc
Thanks again!