I’m trying to switch from McAfee, which hardly ever asks any questions, to Comodo. It’s asking questions all the time, mostly about svchost.exe and System. Now, I have been reading a LOT about these, and there does not seem to be an easy solution and a straight-forward answer.
From what I gather, it is OK to allow svchost.exe and System outboud access only with Comodo. Could someone please tell me if this is OK or not?
Normally this is no problem if you system is clean, it’s windows that uses these services to connect to DNS servers NTP Timeservers, check for windows updates etc.
If you would like to keep the alerts down, you could try to run the firewall and Defense+ in “training mode” for about a week or so, that will create a lot of what happens without alerting you. After that week of training switch back to the current modes and most of the alerts should be gone, and you can always review what automatic rules it created.
Thank you very much for your reply. Is there a reason the Training mode is not the default running mode for new installations, if Comodo needs to “learn” things first? Most modern firewalls have preset rules for system services which make it easy to install for friends and older relatives etc.
Yeah, It’s because that not all systems are clean and training mode provides you with the least amount of protection because it allows and creates rules for those apps to be allowed in the future. This is good for your safe apps… Not so good for the nasty onees. That’s why you should only have it running in training mode when you need it.
The problem with Training Mode is that IF you are infected, it will train the malware also… i guess that’s the reason they don’t deliver the installer preset to Training Mode the current mode is safer, and the new version is having much less popup’s they are saying, so it will get better :-))
I know TrendMicro does a few “pre-defined” firewall rule sets, CIS does not have this yet.