Settings and bugs

We just installed CIS_Setup_3.5.53896.424_XP_Vista_x32
on xp and had some questions-

  1. We use to use zone alarm and @guard and software like that
    on other machines and have a basic understanding…
    Software like that had a nice list of what is allowed to
    access the net and what isn’t…

Does this COMODO Internet Security software allow you to do that also?
It seems to be allowing just about everything
access to the network like ftp pgms, browsers, etc. It never asked if
it was ok to access the net by these pgms either.

We installed the defense+ option and not the antivirus option
although it STILL tried to do a virus scan. Is that a bug?

Worst problem is it is blocking our UPS APC communication for
some odd reason. “apcsystray.exe” which needs to run in case
we lose power. The connection to that is USB. Don’t think
it uses TCP/IP or have any clue why it is blocking that.
Is that a bug? How do we fix this?

  1. We understand this new virus integrated product
    is newer so some guides might not be set up yet, but
    is there any good basic settings guide anywhere?
    Can someone suggest some settings?
    We couldn’t find any in the guides section either

How do we configure things so that programs CAN NOT access the net
BY DEFAULT unless we check that it is ok or does this
software not work this way?

Is a list of what is and isn’t ok maintained somewhere
and can we allow those programs to access lan but
not internet? How do we set this up?

What is the proper way to set things up so all this software
can’t just access the inet by default?

Under My Network Zones we have default as-
Our LAN as:
IP In [192.168.0.4 / 255.255.255.0]

My blocked Networked Zones is empty.
Anyone have a good list for this?
Advanced-FireWall Behavior Settings-Security Level
is set to “Safe Mode”

We noticed things like:
Outgoing app traffic initiated by safe applications are learnt.
HOWEVER, WHERE IS THE LIST of what IS SAFE and what is NOT
or HOW DO WE MAKE THIS LIST?

Lastly, was this problem fixed in this version also:
–cut–
Re: CIS connects back to Comodo at every boot/login?
« Reply #16 on: October 25, 2008, 05:01:52 PM »
Hi Guys,
This is something related to COMODO Internet Security Pro subscription. CFP.exe was NOT supposed to check for subscription status for every user and for everytime it is started. But there seems to be a bug which causes this issue everytime CFP.exe starts. We have already scheduled the fix for this tuesday.
Sorry for the inconvenience.
Egemen
–cut–

Yes you can set the firewall security level to Custom Policy Mode remove all automatically created rules and they will pop up when you use them. You can also fine tune the level of automatic rule creation using Firewall, Advanced, Firewall behavior settings, Alert settings (High, Very High).

If it is the firewall go to the Firewall Application Policy and remove the entry for apcsystray.exe.
If it is in Defense+ look it up there and change the Policy to “Trusted Application”.

That should resolve the problem.

How do you see a list of your .EXEs that you are blocking with the firewall from
ever accessing the internet?

Can you configure each EXE seperately so some can access your LAN but not
the internet?

If the answer is:
Under Firewall > Network Security Policy > Application Rules
then what is the easiest way to set things up to allow access to your LAN
ie: Something like 192.168.1.x
but not the internet?

Also, if you just want messages to come up when an application is
trying to access the internet (instead of many many popups
saying accessing the registry and screen, what is a good way to do that?)
Would we need to do Defense+ security level- DISABLED?

You can configure an application to access LAN but not the Internet by by creating a rule allowing connections for your network zone (auto detected or created manually) and then a rule for blocking all other connections.

If you want to see in log did the Firewall rule worked - set log check-box while creating/editing rules. All block actions for Defense+ are logged too.

If you do not want to answer lots of Defense+ alerts and you are sure that all applications currently installed on the PC are safe - You can set Defense+ to Clean PC mode and it will ask you only about new application assuming all applications on your fixed drives that were there before setting Clean PC mode as safe.

Been using for a few months now. The firewall component is pretty good. 8)

We have SOME applications that we wish to allow access to
our LAN or INTRANET (ie: 192.168.0.0 - 192.168.0.255) but not
anything outside this range (ie: the INTERNET).
We have seen many posts on this but no really good solutions
for CIS 3.5 or newer.

Our current solution is to make a Predefined Firewall Policy
with the following rules:
-Allow Access to Loopback Zone
-Allow UDP-Out-to-IP 255.255.255.255
-Allow All Outgoing Requests If The Target Is NOT In [INTERNET]
-Allow All Incoming Requests If The Sender Is NOT In [INTERNET]
-Block and Log All Unmatching Requests
INTERNET is a ZONE defined as all IPs outside 192.168.0.0 - 192.168.0.255.

Perhaps you can include a predefined policy like this in the future?
Also in areas that list things like all your applications,
it would be nice to sort by different things.

Questions-
For some reason many applications need the
following rule to access the LAN:
UDP-Out-To-IP: 255.255.255.255
WHY and WHAT IS THIS exactly doing?
Is it safe to include this if you don’t want the
application to have INTERNET access?

Allow Access to Loopback Zone
WHAT IS THIS exactly doing?
Is it safe to include this if you don’t want the
application to have INTERNET access?

Any other rules suggested or missing?

Are there other good solutions for easily allowing
LAN access to SOME applications but NOT internet?

Are there other good Predefined Firewall Policies people
have made? If so, perhaps we should create a new thread
and share them?

Does anyone understand the following at least:

For some reason many applications need the
following rule to access the LAN:
UDP-Out-To-IP: 255.255.255.255
WHY and WHAT IS THIS exactly doing?
Is it safe to include this if you don’t want the
application to have INTERNET access?

Allow Access to Loopback Zone
WHAT IS THIS exactly doing?
Is it safe to include this if you don’t want the
application to have INTERNET access?

Hello Graset,

The first one is called a “broadcast” something like asking all systems on your local network (subnet) “hello are you there” see this Wiki for more info: Broadcast address - Wikipedia

The second one “loopback” traffic that’s some sort of “allways up” network interface on your computer.
It’s only used by applications to transport “internal” application traffic, see this Wiki for more info: Loopback - Wikipedia

Is this a good Predefined Firewall Policy for LAN access then?
Are there other good Predefined Firewall Policies people have made
(besides the few included I mean)