On an XPSP3 host, I need to block an application from connecting out to the Internet. The application actually contains multiple binaries, and I don’t know specifically which one will connect out.
I set Comodo FW to “Training mode”, and would like to know if it’s enough to block that application, or if I need to use another setting (Custom Ruleset, Safe Mode).
Training mode will pretty much allow everything to connect to the net so it’s best not to use that. Custom Ruleset will give you an alert if the program wants to connect to the net, then you can completely block it or just allow incoming connections as you don’t want any outgoing ones.
Though you may have to remove the program in question from your firewall rules as it’s probably been allowed as you have used Training mode.
Thanks for the tip. I’ve only installed the app on a test host, so I’ll make sure to use Custom Ruleset on the work host before installing the application for real.
There’s infos on the site about the different options:
In ‘Safe Mode’ Comodo will allow all connections from programs it knows are safe without alerting you. It will alert you to unknown new programs. Custom Ruleset will alert you to everything trying to connect.
Safe mode is fine if you’re happy with Comodo doing the work. Custom ruleset gives you total control of what does and what doesn’t connect to the net, it’s only as safe as the permissions you give programs so only allow what you are sure is okay. If you’re not comfortable with it there’s no problem with safe mode.