Trusted Application for Defense+ and for Firewall

I have a few queries which I cannot find the answers to, viz:

  1. If an application is set as a “Trusted Application” under Firewall → Network security policy is it automatically a “Trusted Application” for the purposes of Defense+?? and vice-versa??

Or are the Firewall and Defense+ settings completely independent eg an application could be defined as trusted for Defense+ but blocked for internet access??

  1. Under Defense+ what is the difference between adding an application to the list of “My Own Safe Files” and adding an application under Defense+ → Common Tasks → Computer Security Policy and sefining it as a Trusted Application??
  1. No, D+ and Firewall are two completely different things. Each has their own policy/safe list.

  2. Which version are you running? There is no difference. Both are considered safe.

edit

Btw, welcome to the Forum, dogdog

  1. Does it matter which version I am running??
    Actually using v4.1.150349.920

When I have done some testing, an application defined as My Own Safe Files seems to be a higher level of permissions than defining an application as a Trusted Application under Defense+ Computer Security Policy??

  1. I have just noticed that under More → Manage My Configurations I have:
    COMODO - Proactive Security Active
    but for
    COMODO - Firewall Security I have nothing ie not Active
    I have only the firewall installed (ie not the anti virus) and during the installation I selected “Maximum Proactive Defense” (changed from the default of “Optimum Proactive Defense”

Is this all OK?? It seems to be OK from the Guide but I am not sure what would happen if I used My Configurations to activate the firewall??
What is the significance of the firewall not being active??

  1. Is there an automatic process to tell me when updates are available??

Many thanks for your help - I have installed Comodo today as a new user :slight_smile:

Any responses to last post.

Many thanks.

  1. Again, both are separate from each other. Defense+ is a HIPS to protect your files. Firewall is to protect your Network.

  2. There are settings for each of AV, Firewall, and Defense+. there is also a Configuration for CIS as a whole.
    You can right click on the tray icon to see your options and change them.

  3. When updates are made available on the Comodo update servers, CIS will notify you when you log in. You can also manually check for updates from the More window.

(i) This does not seem to be totally correct. If I add an application to My Own Safe Files (which is under Defense+) then the firewall seems to automatically allow this application to have internet access - is this correct??

(ii) For Defense+ (but also for firewall as per (i) above), when I have done some testing, an application defined as My Own Safe Files seems to be a higher level of permissions than defining an application as a Trusted Application under Defense+ Computer Security Policy - is this correct?? If so could you define the differences for me??

If I right click on the tray icon and look at the Configuration options there are 3 choices - (i) COMODO - Internet Security; (ii) COMODO - Proactive Security; and (iii) COMODO - Firewall Security. These seem to be choices but I cannot find something that defines the differences between them. Can you explain.

What do you mean by “log in”?? Does this happen automatically when PC is started with CIS installed?? (I have free version of CIS).

Yeah, I noticed this - things in My Safe files get ultimate permissions to access the net and bypass defense+ warnings. I think it’s because of how the new sandbox works automatically running unrecognising apps within it then moving them from pending to safe files (same as them being whitelisted), to reduce popups. Problem is, it literally makes the app fully trusted straight away.

I found the best config for expert users, is first change to a proactive config for max protection.

Disable the Sandbox from automatically running unrecognized files as this causes annoying problems, like having to allow the program first and re-run it or it may not make any changes. Plus if you move it to safe files (by running it out of the sandbox), you give it highest permissions straight away. I can see how this works well for non-expert users, who have too many popups.

Now, instead of the sandbox stealing the show, unrecognised files will once again be dealt with by defense+, giving you the option of selectively giving permission or labelling it a trusted/system application etc. You can of course make your own permission configs.

Now go to the firewall, and select custom mode - this will make it actually work like a firewall, alerting you to all outgoing and incoming connections applications make rather than add hidden rules for trusted apps. I suggest leaving the alert level at low as you don’t really need to have a requester for every port or TCP/UDP separate. It’s nice to have every connection attempt ingoing and outgoing to be requesting permission at least once. After all, many trusted apps phone home without our knowledge.

Once the sandbox is more mature, I’ll try it again. But for me, the firewall and defense+ working separate without automatic intervention (except for whitelisted files in defense+ case) is better.

Any other comments ??

Many thanks :slight_smile:

You can tell CIS to make a set of files trusted by both. Go to (eg) My protected files ~ Groups, and create a new file group. Call this globally trusted files. Then go to defense plus ~ my safe files and add this file group. Then go to Firewall ~ Network Security policy, and add this group giving it a pre-defined policy of ‘trusted application’. Obviously you need to make sure there are no existing rule that will over-ride in each case.

In future when you want an application to be trusted by both defense plus and by the firewall add it to the group.

Hope this helps

Mouse

John’s right in general but there are slight differences. The most important is that making something a ‘safe’ file exempts it from the sandbox (unless you hit a bug!). Also safe files can run other safe files without alerts.

Best to use Safe files in CIS 4.1 for most purposes

Best wishes

Mike

To me this does not seem right. If when I get an alert I allow and remember I am creating a rule that is tailored to the requirement - no more and no less. If I make the file a Safe file then far more permissions (including firewall permissions) are given than are really required. Thus it seems to me that Safe files, while easier, are inherently less secure??

Thoughts??

Best wishes

DogDog

Well as always there is merit in what you say. The sandbox and its associated policy is designed to provide good enough security with minimum alerts. You can do better manually if you turn off the sandbox and control every app through the CSP and alerts. Even better in paranoid mode. Quite hard work though! There’s a sticky above and some material in Guides-CIS that may interest you if you want to take this or a mid-way approach.

Best wishes

Mouse