[SOLVED] How to prevent outbound connections for an application?

Comodo Internet Security - CIS Firewall Help - CIS
1

Hello

On an XPSP3 host, I need to block an application from connecting out to the Internet. The application actually contains multiple binaries, and I don’t know specifically which one will connect out.

I set Comodo FW to “Training mode”, and would like to know if it’s enough to block that application, or if I need to use another setting (Custom Ruleset, Safe Mode).

FWIW, I’m using CIS 6.2.285401.2860.

Thank you.

2

Training mode will pretty much allow everything to connect to the net so it’s best not to use that. Custom Ruleset will give you an alert if the program wants to connect to the net, then you can completely block it or just allow incoming connections as you don’t want any outgoing ones.

Though you may have to remove the program in question from your firewall rules as it’s probably been allowed as you have used Training mode.

3

Thanks for the tip. I’ve only installed the app on a test host, so I’ll make sure to use Custom Ruleset on the work host before installing the application for real.

There’s infos on the site about the different options:

4

I’ve all Firewalls configured as “Safe Mode” so is this choice not tight enough as “Custom Mode” ???

Please share your thoughts with a brief comparison between those two modes.

Thanks

5

In ‘Safe Mode’ Comodo will allow all connections from programs it knows are safe without alerting you. It will alert you to unknown new programs. Custom Ruleset will alert you to everything trying to connect.

6

Thanks for responding. Will switching to Custom rules help in reducing potential hacks?

Because I see, some IPs are bombarding Port 445 whenever I used uTorrent. I see Firewall blocking at such intrusions. But still I’ve some concern.

Point is, should I switch or I’m good with Safe mode?

Thanks

7

Safe mode is fine if you’re happy with Comodo doing the work. Custom ruleset gives you total control of what does and what doesn’t connect to the net, it’s only as safe as the permissions you give programs so only allow what you are sure is okay. If you’re not comfortable with it there’s no problem with safe mode.