Tightening firewall rules


I am behind a wifi modem and before I used to keep my MAC Id in place of trusted zone and whatever IP dhcp server proveds i used to go with that…but now I want to tighten up my rules for some applications like wmplayer, firefox and plug-ins, adaware spyware removal, orbit download manager…,so what should I mention as a trusted zone…? could u plz guide me in this…?

Hi all

I found some shared rules in one of the Comodo forum discontinued products written by someone named P2u(topic: share ur settings) can I apply all those rules to the current Comodo version r do I need to change any to stealth my ports…the only difference is he wote it for his LAN but here mine is the only computer connected to the internet?


I have a few suggestions. Most are to be found here, but I have another.

You can tell CIS to “Create rules for safe applications”. Thus you can manually go into the Network Security Policy and edit the rules for the individual applications, even though by default they are trusted by CIS.

Sorry, I can’t help with too much else. I know much more about Defense+ then I do the Firewall component.

Can you give us the link to the shared rules by P2u?

I want to tighten up my rules for some applications like wmplayer, firefox and plug-ins, adaware spyware removal, orbit download manager..,so what should I mention as a trusted zone..?
This is propably where I would start 1) open CIS 2) click on "Firewall" 3) Click on "Firewall Behavior Settings" 4) Put a checkmark on "create rules for safe applications 5) click O.K. 6) click on "network security policy" 7) Then choose your category :)

Hi EricJH and Jay

ThanQ for your kind efforts to hep me solve my issues…actually Im new to all these networking stuff thas why I got so many questions on everything…

The link you requested to shared rules by P2u is : https://forums.comodo.com/help-for-v2/share-your-settings-t2405.0.html

and for Jay: I alread checked up the create rules for safe applications wherever it is applicable…


To ‘Tidy’ Up the firewall;

wmplayer Doesn’t need to access the internet unless you are getting ‘album artwork’ etc,
It’s the service that does (if in Vista/7) for network sharing;

Firefox > Web Browser
Plugin_container.exe > Web Browser
Ad-Aware > OutGoing Only (I do believe)
Find the ports that Orbit Downloader Uses and report back
(CIS > Firewall > Network Security Policy)

I would set the Policy Mode to Custom Policy and Bump up the Alert Settings thus; you’ll see what port or if you want… what IP it’s connecting to but i wouldn’t recommend this unless you are wanting security like fort knox :stuck_out_tongue:

Just following the P2P Guide in the FAQ/guides

Stealth Port Wizard > Block All Incoming Connections

Firewall Settings > Alert Settings > uncheck enable alerts for loopback zone
Advance Tab > Protect/Block Gratuitous ARP Frames

Just need to start googling the ports for certain applications :stuck_out_tongue:
And Apply Them;

Hope this helps


Hi Jake

ThanQ very much for the help tips
I followed your suggestions and about WMplayer, I usually use it to listen some livecast messages or songs, could you plz provide with a stealth rule for that one and also I sometimes listen to some live news, for that Im getting alerts to install some java based exe. file…if possible a rule for this one too…?

have a nice time…

Your Welcome;

As for wmplayer; you can define to use port 80 thus it does use http I do believe,
If you check ‘active connections’ CIS > firewall > active connections
Look for the ports which wmplayer uses

Also; for java, just the same;

Hope this helps


Hi jake

In defense+ rules–>windows system applications–> for services. exe I did not remmebered what was the default rule by mistake I messed up with that, could u plz tell me what rule should be there?


You could remove ‘services.exe’ from the policy thus if needed it will alert you thus will create the rule it needs to create

Hope this helps


ThanQ Jake,

I did as you said…