Hi all!
I wonder if there is anyway to tell comodo firewall to NOT allow programs to auto-add themselft to trusted applications?`
In other words, I want to select if a program is allowed, and NOT trust the software itself.
…I don’t trust software that has the “add my self to be allowed to do whatever i want” function?`
Isn’t firewalls suppose to stop unwanted software?
CIS doesn’t let programs add themselves to the firewall rules, unlike Windows Firewall (I think Windows Firewall’s exceptions can be modified by other programs, right?).
However, when you get alerts and answer them, your action may be remembered and you won’t get an alert for that action again.
CIS has a list of default trusted vendors, which Comodo updates, not installed programs.
Well, Mine Do!
It has added several program as “custom”, and i have not got any questions of allowing them.
Latest I istalled corel vidoemaker trial, and it added it self to be allowed thru the firewall!
If it can add it self, what says that a malware couldn´t?
I could be wrong here, but I believe that if a file is known to be safe by Comodo the rules for it will automatically be created. This explains why the programs appeared in the ‘Network Security Policy’ under custom. I checked my own rules and there are entries for many programs that are safe and I have never seen a pop-up for. Among these are Malwarebytes, Comodo, Microsoft Office, …
This behavior will not be repeated if a file is malicious. It will only do this if the file has been tested and confirmed to be safe by Comodo or the publisher of the file has been tested and confirmed to be safe by Comodo. Any unknown application will cause pop-ups.
Yes - but just because comodo has it on a trust list, maybe i don’t want it to waste my bandwith?
There must be some kind of “I want to aprove” all connections…
For example, JAVA, java is allowed by default.
if you download a program made in java, it will have free access to the net without you ever knowing about it, since it goes thru the javaw.exe file…
I don’t think that’s a safe way to go…
I don’t trust anyone, not even Comodo itself: i emptied the trust list (excepting Comodo, it is impossible), because it is my decision to allow or deny something, and because no security software is smart enough to know what i do with some application, and what my neighbour does with that same application, which might be very different.
In these conditions, defense+ should maybe not be set to paranoid, very difficult to cope with, but at least to security, while the firewall should be set to custom since comodo “learns” bad.
But still, when a rule is first created, the first thing to do is to make of it a global rule adapted to your needs:
i see no reason to allow dns requests for my mail client outside of the dns of my isp, and i should write it.
I don’t want to hear about Netbios, and when the first request asks me what to do for port 137 with scvhost or system, i also deny 138,139 (and 135+445, even if not strictly Netbios).
The same goes for java: you can deny or ask internet protocols for whatever protocol, port, or range of ports you wish, and you can edict a defense+ rule asking or forbidding the use of java for whatever application or system call you wish.
This being said, it is true that a script written in some language could call the application it is made or used with “in your back”, and this might rather be the behaviour of javascript rather then java, but not that some standalone executable using this same programming language would do the same, as the firewall/defense+ shal definitely ask for its internet access or control of another application.
Set the Firewall to Custom Policy mode
CIS will only make rules when malware could successfully produce a signed executable at the name of a publisher that is in the Trusted Vendors List (I haven’t heard of any such thing) and if Comodo added a malware file to its white list by mistake.
Then simply set Firewall to Custom Policy Mode.