Some Questions....Possible New User

Hi Gd Morning all, :slight_smile:

I am really interested in using Comodo Personal Firewall for protection for my computer.
BUT i have a few questions regarding the functions of this firewall…thats why i started this thread and hope that the experts here can kindly ensure me regarding my questions before i install this firewall for my computer…And sorry in advance for my bad english as its not my main language.>.<

Basically, i am using a single computer at home WITHOUT any other network or computers connected to me…and i am using a Broadband Cable Modem. And my computer knowledge regarding those network rules settings is NIL…I am currently using the FREE version of Zone Alarm Firewall, which is very simple for me to understand…But after reading many positive comments from Wilders Forum, and great supports from this forum, i decided to give Comodo a try…but i am still concern about a few questions that i have for Comodo.

My Questions are:

  1. I have read the user guide and forum’s FAQ and understand that we can install Comodo Firewall and use the “Default” settings and it WILL pass the leaktests. Is this true? Are the “Default” settings really protecting us?

  2. During the installation, we need to install using the “Automatic Configuration” and after installed we need to scan for known applications right? And when Comodo scan finished, what are the “Default” rules for those known applications? Allow IN/OUT, Port=Any whenever i start the applications?

Or what? For example, “MS Internet Explorer”, let say after the scan, what IF i want “MS Internet Explorer” to ASK me everytime whenever it want access to the internet? Can it be done? If so how?

  1. Do i need to set-up a “Zone” during installation as i am the ONLY computer here, no network or computers connected to me?

  2. I always use my computer for Bitttorent + Online gaming (multiplayer game). As i have read from the FAQ here regarding "Opening A Port" for Bittorent / Online Gaming…My concern is:

Example:

Bitcomet Client → i will follow the guide here to “open a port for Bitcomet, say port 5000”

After adding the required rule following the guide here,

when i am using Bitcomet, port 5000 will be OPEN right?
And if i shut down Bitcomet, will port 5000 still be open?
And if Port 5000 is open when using, what IF a hacker happens to be attacking my port 5000?
What will happen? Will Comodo firewall BLOCK it? OR let it through since i have made a rule to open port 5000? Can Comodo ONLY open port 5000 for Bitcomet only? And any connection made to my computer targetting port 5000 are Allow through “Bitcomet” ONLY? And nothing else other than the files i am downloading using Bitcomet can get through port 5000?

The same question for Online gaming…What will happen if i open the port?
And IF let say, i don’t know what are the port that my online game use, HOW can I let my game connect out automatically while COMODO still protecting me???

*According to this thread,

https://forums.comodo.com/index.php/topic,464.0.html

Its stated under pandlouk’s post:,

[i]"It can be done by following the bittorent tuttorial
https://forums.comodo.com/index.php/topic,411.0.html

But for being sure that this port is accessed only by that specific application you must exlude this port on every other program rule. (It can be a very annoying and long process)[/i]

Does that mean that its impossible for Comodo to open port just for Bitcomet ONLY???

  1. Whenever there is a pop-up message asking for application permission for accessing the internet,
    how long will the pop-up message stay on the screen? Will it stay on the screen and BLOCK it until i allow/deny it?

How about during Full-Screen gaming? Will the pop-out message brings me back to the desktop for answering the message?

  1. As for the “Component Monitor”, the default is “Learning Mode” right?
    Can I ALWAYS leave it at “Learning Mode” bcos i don’t know how to use them?
    Is it still protecting me even if its on Learning Mode after a long time?

  2. How about the "Application Behaviour Analysis? The default mode is ON but i dont know how to use it, will leaving it as “ON” mode, pop up any message asking me this and that? Or is it Auto?

  3. Any known conflicts with other application? I am using Kaspersky Anti-Virus 6.0, any problems for the KAV’s build it “Proactive Defence”?

  4. When a newer version is out, do we need to uninstall the old version first before installing the new version? OR the updates will AUTO update the version itself?

Sorry guys for the long post… (:TNG)
I just need to be 100% sure before i start using Comodo firewall…
And yea, from reading through the forum, you guys are really very friendly and helpful…

(:CLP) Cheers

Thanks alot in advance (:AGL)

Regards,
Keai

Yes, the default settings provide tight security out of the box.

2. During the installation, we need to install using the "[b]Automatic Configuration[/b]" and after installed we need to scan for known applications right? And when Comodo scan finished, what are the "[b]Default[/b]" rules for those known applications? [b]Allow IN/OUT, Port=Any[/b] whenever i start the applications?
When CPF scans for known applications, it records what it finds on your system and applies specific rules for inbound/outbound and ports whenever that application is started.
Or what? For example, "[b]MS Internet Explorer[/b]", let say after the scan, what [b]IF[/b] i want "[b]MS Internet Explorer[/b]" to [u][b]ASK[/b][/u] me everytime whenever it want access to the internet? Can it be done? If so how?
This can be done by removing the Internet Explorer rule from the application monitor. CPF will then ask you next time it starts, as it now has no rule for that app. You can now click ALLOW or DENY, and as long as you dont select to remember your decision, it will ask every time its started.
3. Do i need to set-up a "[b]Zone[/b]" during installation as i am the [b]ONLY[/b] computer here, no network or computers connected to me?
Zones are only required if you have a network of some sort or connect to the internet via a router.
4. I always use my computer for Bitttorent + Online gaming (multiplayer game). As i have read from the FAQ here regarding "[b]Opening A Port" for Bittorent / Online Gaming[/b]....My concern is:

Example:

Bitcomet Client → i will follow the guide here to “open a port for Bitcomet, say port 5000”

After adding the required rule following the guide here,

when i am using Bitcomet, port 5000 will be OPEN right?


Only while bitcomet is running.

And if i shut down Bitcomet, will port 5000 still be open?
When the app shuts down, CPF stealths the port - not just closed - stealthed.
And if Port 5000 is open when using, what [b]IF[/b] a hacker happens to be attacking my port 5000? [b]What will happen? Will Comodo firewall BLOCK it? OR let it through since i have made a rule to open port 5000? Can Comodo ONLY open port 5000 for Bitcomet only? And any connection made to my computer targetting port 5000 are Allow through "Bitcomet" ONLY? And nothing else other than the files i am downloading using Bitcomet can get through port 5000?[/b]
The application monitor rule only allows communications on the selected port to the selected application.
The same question for Online gaming....What will happen if i open the port?
As above - the app rule applies to the port, the protocol and the speciofic application.
And [b]IF let say, i don't know what are the port that my online game use, HOW can I let my game connect out automatically while COMODO still protecting me???[/b]
Some games will just work - WOW for example. Others, you have to know the ports, particularly if the game runs in full screen mode and you can't see or get back to the CPF pop-up. Required ports can be easily obtained by googling the game name, followed by the word "ports".
[b]Does that mean that its impossible for Comodo to open port just for Bitcomet ONLY???[/b]
No, it can be done through an explicit application rule - see above.
5. Whenever there is a pop-up message asking for application permission for accessing the internet, how long will the pop-up message stay on the screen? Will it stay on the screen and [b]BLOCK[/b] it until i allow/deny it?
The pop-up should stay until you do something - either click ALLOW or DENY.
How about during Full-Screen gaming? Will the pop-out message brings me back to the desktop for answering the message?
See above - you may need to set the rules before you start the game.
6. As for the "[b]Component Monitor[/b]", the default is "[b]Learning Mod[/b]e" right? Can I [b]ALWAYS[/b] leave it at "Learning Mode" bcos i don't know how to use them? Is it still protecting me even if its on Learning Mode after a long time?
Mine is still in learning mode, even after 8 months. I'd actually forgotten it was still in learning, and I'm yet to find a reason to change it. lol
7. How about the "[b]Application Behaviour Analysis[/b]? The default mode is [b]ON[/b] but i dont know how to use it, will leaving it as "[b]ON[/b]" mode, pop up any message asking me this and that? Or is it Auto?
ABA will do whatever it is currently selected to do. The default options provide an additional layer of protection, but certain applications may require that some of these be tweaked a bit.
8. Any known conflicts with other application? I am using Kaspersky Anti-Virus 6.0, any problems for the KAV's build it "[b]Proactive Defence[/b]"?
The major known conflict at the moment is with Avast's WebShield. This is being worked on.
9. When a newer version is out, do we need to uninstall the old version first before installing the new version? OR the updates will [b]AUTO update the version itself[/b]?
The rule of thumb is if you are upgrading within the same major revision number (e.g. from version 2.3.5 to version 2.3.6), then you will generally be able to upgrade, as opposed to uninstall - reinstall. If you are upgrading from one major version to another (e.g. from version 2.3.X to version 2.4.X, or from version 2.4 to version 3.0) the usual thing is to be back up your settings, uninstall the old version, reinstall the new version and then restore your settings. These are only rule of thumb. A better rule is to check with each upgrade, if it isn't explicitly stated.
I just need to be 100% sure before i start using Comodo firewall....
Nothing will make you 100% sure other than your own learning. Take the time to go through the forums - there's a wealth of info being developed here. If you're uncertain about something, ask. The only really dumb question is the one that doesn't get asked.

Hope all this helps,
Ewen :slight_smile:

Hi, and welcome to the forum.
That was a lot of questions… ;D
I will try to answer them, and if I miss/don’t know anyone, someone else might fill in for me.

1 & 2. You should install the “auto” way… Default settings on Comodo is better than default on other firewalls. Users think that they will be better protected just because they choose “advanced” install, but if you’re not an expert, you shouldn’t use it. We have some “experts” here on the forum, and they use the “auto” install. The point is, that you get the same firewall, with the same possibilities to set up your protection. There are so few settings in the “advanced” install, so you will most likely end up with exactly the same rules that “auto” have. If I worked at Comodo, I would remove that option, because it does do more damage than good for users that believe they get more protected.
Most users should use the "scan for known applications, so they won’t get annoyed by too many pop ups. That is a choice you have to do, but you will be protected anyway. If you want to control everything and are a little paranoid… :wink: you can go to security/advanced/misc and uncheck “do not show alerts for applications certified by Comodo”, and raise the alert frequency level slider to the top (very high). Now you will get pop ups for everything. It depends on if you want to “install and forget”, or if you want to have a really “tight” control.

  1. If you have a router, you should set up a “trusted zone”.

  2. When you want to use P2P/Torrent programs, you have to open a port in network monitor for them.
    No, your port wont be open when you don’t use it. If you’re concerned, you can do a portscan to check it, but you don’t have to worry. If you set a high port like 47000 then there is no risk that any other program you have in application monitor will use it.
    About games, there isn’t always needed to set up a rule in network monitor for it.

  3. You can set how many seconds a pop up is up. Default is 120 seconds. Before starting a fullscreen game, you can add the game as a “trusted application”, so it wont likely be a problem that it doesn’t work.

  4. You should have Component monitor in learning mode in the beginning, and it is as default. After a while when you don’t get any pop ups any more, you can put it to on.

  5. ABA don’t bother you… you should have it on. CPF does give you pop ups if you have updated a program or so, but it’s not that often so it bothers you.

  6. I don’t know if it have conflicts with Kaspersky, but if you search the forum you might find something.

  7. If you use the stable releases, you can update as normal, but if you use Beta versions, you have to uninstall the old one first. The latest release the 16th nov. is a beta.

I hope that you got some help from me, and if there is something that still is unanswered, just ask.

EDIT: Panic was faster than me… ;D I forgot to save…

When CPF scans for known applications, it records what it finds on your system and applies specific rules for inbound/outbound and ports whenever that application is started.

Does that means that CPF know what application use what port and apply the rule automatically?

This can be done by removing the Internet Explorer rule from the application monitor. CPF will then ask you next time it starts, as it now has no rule for that app. You can now click ALLOW or DENY, and as long as you dont select to remember your decision, it will ask every time its started.

So i will just go into the “application monitor” and remove the application named “IExplorer.exe”,
am I right?

When the app shuts down, CPF stealths the port - not just closed - stealthed. The application monitor rule only allows communications on the selected port to the selected application.

Can you please kindly explain alittle more regarding how it works?
Sorry, i dont quite understand it… >.<

When you say the “application monitor rule” for let say “Bitcomet”,
Is Bitcomet currently in the “known application” list?
If not, does it means that when the “First” time Bitcomet runs,
and CPF prompt me asking permission, and i “ALLOW” it…
CPF will AUTO creates your so-called “application monitor rule” for Bitcomet?
Or do i need to create the rule myself?

If you are upgrading from one major version to another (e.g. from version 2.3.X to version 2.4.X, or from version 2.4 to version 3.0) the usual thing is to be back up your settings, uninstall the old version, reinstall the new version and then restore your settings.

Will uninstalling the old version leaving old/useless files or registry entries behind?

The only really dumb question is the one that doesn't get asked.

LOL…i hope you wont mind my questions…

Thks Ewen…

Anyway, this is my first post asking questions, and without much waiting i get the answers from the mod here…Indeed CPF really has a GREAT support… (:CLP)

Well, I am going to reformat my comp soon, and i will install CPF asap after i get rid of Zone Alarm…
Hopes that everything goes well for me…lol…I will post back again after using CPF.

Regards,
Keai :BNC

Correct.

So i will just go into the "application monitor" and remove the application named "IExplorer.exe", am I right?
Can you please kindly explain alittle more regarding how it works? Sorry, i dont quite understand it... >.< [/quote] A TCP/IP port usually has two states OPEN or CLOSED. OPEN means that the port exists and it can and will receive data sent to this port (think of someone phoning you, asking if your front door is open and you answering "come on in"). CLOSED means the port does exist but won't receive data sent to it (think of someone phoning you, asking if your front door is open and you answering "i have a door, but it's shut"). STEALTH is where a system completely "eats" any attempt to communicate with a port. The end effect is that the system somewhere out there that sent the request gets nothing back at all (think of someone phoning you, asking if your front door is open and you simply hang up).
When you say the "application monitor rule" for let say "Bitcomet", Is Bitcomet currently in the "known application" list?
I don't know whether its inthe known list or not, as I don't run torrent clients.
If not, does it means that when the "First" time Bitcomet runs, and CPF prompt me asking permission, and i "ALLOW" it... CPF will AUTO creates your so-called "application monitor rule" for Bitcomet?
Yes, but it will allow with a default set of parameters - parameters. If you know the specific ports that your client needs, you can go ther application monitor, doulbe click on the rule and add the specific port details. This is recommended to keep things tight.
Or do i need to create the rule myself?
See above - it will make a default, but hardening the rule is strongly recommended.
Will uninstalling the old version leaving old/useless files or registry entries behind?
Hopefully not, but stranger things have been known to happen. CPF V2.3 and higher use a custom installer that seems to go a great job cleaning up after itself.
Anyway, this is my first post asking questions, and without much waiting i get the answers
There's a great bunch of users here with a really broad range of experience, generally patient demeanour and usually warped senses of humour. Get used to it.! LOL

Hope all this helps,
Ewen :slight_smile:

P.S. Thanks also to Aowl - type quicker!!! LOL

A TCP/IP port usually has two states OPEN or CLOSED. OPEN means that the port exists and it can and will receive data sent to this port (think of someone phoning you, asking if your front door is open and you answering "come on in"). CLOSED means the port does exist but won't receive data sent to it (think of someone phoning you, asking if your front door is open and you answering "i have a door, but it's shut"). STEALTH is where a system completely "eats" any attempt to communicate with a port. The end effect is that the system somewhere out there that sent the request gets nothing back at all (think of someone phoning you, asking if your front door is open and you simply hang up).

No, sorry…what i am asking is:

When I am using Bitcomet right? Port 5000 = OPEN
When NOT using = Port 5000 = Stealth

I know the difference between OPEN, CLOSE & STEALTH ports…

BUT

When using Bitcomet - Port 5000=OPEN

"What IF there is a hacker happens to be attacking port 5000 WHILE I AM USING Bitcomet?"What will CPF do? Will it Allow or Block it?

The port 5000 is shown as OPEN when using Bitcomet from the outside right?
So can anyone from the outside hack through port 5000 anot, while I am using Bitcomet?

Sorry, i hope you understand i am trying to ask…

Regards,
keai

Thanks AOwL™ for reply too… :slight_smile:

I have jotted down your advises too…same as Ewen’s.

You guys are great…i have learnt alot here…
Just that i dont have enough confidence yet to install CPF bcos i have never ever set-up rules for firewall before…

So far, i have only used Norton (Many Yrs) and now the Free version of Zone Alarm since my Norton expired…I will stay around in this forum to learn as much as i can…and hopefully have the courage to install CPF and set-up the rule…

Sorry for my poor english >.<

Regards,
Keai (:TNG)

It’s open to the IP that bitcomet connects to. Its a point to point type of connection, not open slather.

Cheers,
Ewen :slight_smile:

Hi Keai. (:WAV)
Yes I have to type faster… and maybe not watching a movie at the same time… ;D
I’m not English either, so it takes some time to type… :wink:

When using Bitcomet - Port 5000=OPEN

"What IF there is a hacker happens to be attacking port 5000 WHILE I AM USING Bitcomet?"What will CPF do? Will it Allow or Block it?

The port 5000 is shown as OPEN when using Bitcomet from the outside right?
So can anyone from the outside hack through port 5000 anot, while I am using Bitcomet?

Well, I did a port scan at the same time as i used a program that used an “open” port, and it didn’t see the port anyway.
This isn’t any special with Comodo, and if you have used Bitcomet with ZA you can use Bitcomet with Comodo too. ZA doesn’t protect you any better, I would say that it’s the other way around… :wink:
I think that this is the last thing you have to worry about, because there are bigger threats when downloading… like all kinds of malware that can come with the files you are downloading.
I use NOD32 too, and there have never been any problems between NOD32 and CPF.
If you choose to install the latest beta, it has buffer overflow protection and multilingual support. You can download the English setup and when they release your language you can download the addon file. It has worked great for me.
Good luck with your new firewall! Install it before it’s to late! ;D

Keai - For a guy who says “quote”
my computer knowledge regarding those network rules settings is NIL…
You have certainly asked alot of the right questions that helped us newbies. I don’t have enough experience with firewalls to know what to ask half the time. Please install Comodo so you can keep asking questions. ;D

(CNY)

Keai - Don’t be afraid to install CPF. As i mentioned I’m a newbie to firewalls, and I had no problem installing or using Comodo. During the install, click automatic. After it’s installed just check off accept my apps and the learning mode takes over. ZoneAlarm was never easier.

:â– â– â– â– 

I gotta agree Keai - you’re asking ALL the right questions.

If I had to guess, I’d say you don’t actually realise just how much you do know about firewalls. The ordering and the logic of your questions is first rate.

Please install CPF and keep asking questions.

Cheers,
Ewen :slight_smile:

Hi Ewen,

Thanks alot for answering all my questions…i really appreciate the help i got from both u and AOwL™.

I am sorry if i have asked too much questions…lol (:TNG)

OK last question before i finally install CPF when i reformat my computer in a few days time…

Am I right to say that:

Any Incoming Connections to my computer,

Network Monitor will first

check the Allow/Block “Rules” (eg: to open port 5000 for TCP/UDP IN) inside itself…

IF there is a “Allow, Port 5000 TCP/UDP IN” Rule inside itself…

“Network Monitor” will then pass it to --------->>>>> “Application Monitor” to check…

And when “Application Monitor” checked,

Inside “Application Monitor” its stated that application “Bitcomet” (when running) was requesting that particular packet from the specific IP address from within “Bitcomet”…
It will then be allow IF it matches.

In short, “Network Monitor” will BLOCK all incoming traffic and ONLY ALLOW the “Requested” traffic from me (my computer).

Am I right?

Again sorry if i am asking too much bcos i hope to understand how CPF works regarding the “Network Monitor” & “Application Monitor”…

Regards,
Keai (:WIN)

Hi twl845,

Thanks for the instructions for installing CPF…

Thanks everyone here for encouraging me and giving me confidences in CPF…

Without doubt, i will definly install CPF bcos:

  1. Great support
  2. Almost everything is Automatic except for entering the required rules for my Bittorrent and Games.
  3. Able to pass known leaktest even with the default settings

Cheers :■■■■ from soon-to-be CPF user…

Keai

Good luck! (CNY)

I think you got the Network/Application thingy correct in your previous post. :wink: