-Application Rules include
System: Allow System to send requests if the Target is in Trusted Hosts … receive requests if the Sender is in Trusted Hosts.
-Global Rules include:
Allow all outgoing requests if the Target is in Trusted Hosts … if the Sender is in Trusted Hosts
In Network Zones, you have a few specific IPs defined (e.g. 192.168.111.111, 192.168.111.23 etc.), which appear in your (home) LAN and need to be available to and from your laptop. As to the above rules, they can communicate pretty much without any barriers with the laptop.
Then you take your laptop to some other place, which by some weird chance uses the same “IP scheme” as the one you use in your home (down to the latest part possible, i.e. 192.168.111.N). It’s probably safe to assume that these eventual “trusted hosts” (e.g. 192.168.111.111, 192.168.111.23 etc.) in the new network could have unobstructed access to your laptop’s “services”.
So what would be the safest course of action in such cases (apart from manually removing either the aforementioned rules or trusted hosts lists each time you leave your home network, which isn’t really practical)?
I have a few “lax” rules in Defense+, but the Firewall part is the main reason for using the software, so this shouldn’t be a problem. Does running the stealth ports wizard create a new profile, or should I export the current configuration into a cfgx file prior to doing it? I kinda “forgot” about the profiles a while ago (as I thought I’d never use it). As far as I can see now, there’s no “new profile” button, so I suppose it only gets created on Import?
Speaking of which, is the only possible way of renaming a profile by changing the line e.g. Name=“COMODO - Firewall Security” into something else, or is this the same as entering a new profile name on “Import As” dialog box?
I coincidentally discovered I don’t have to list any of the hosts as trusted on the laptop at all. If the laptop’s IP is “trusted” by other computers at home, it can connect to their shared folders/drives without any hassle at all. It’s only those computers that won’t be able to connect to the laptop.
Did I miss something? I know M$ made some changes to their folders sharing protocols (esp. with their homegroup stuff), but I did still see lots of blockades of incoming ports 137 at a public wifi the other day, from various other computers around. So I guess this is the safest bet then.
I guess this is the safest and quickest workaround (i.e. not having any “trusted hosts” on the laptop).