what is the best configuration for comodo?

Is proactive security the best to use? And what about the mode?

Hi derekbutch,

Well that depends on what you like the most.

If you say what’s the most complete profile then yes ProActive provides the broadest range of monitored parameters on the system, but it will also cause more alerts… you if you don’t mind alerts ProActive is “the best”

Mode also the more alerts you like (and understand) the more you could use Paranoid but if you wish more then default i would stay on “Safe Mode”.

Both don’t provide anything to the Firewall tough. As you posted it here i assume you are more interested in firewall settings?

Yes, I’m interested in what’s the safest setting.

For firewall the most noisy setting is

  • Custom Policy Mode

Advanced Settings, Alert Settings, Very High.
This will result in creating rules with destination IP and Port numbers so you have to edit some rules after creation, if you are only interested in blocking traffic based on port numbers and don’t care about the destination High is good enough.

If you don’t “host” any services on your PC use Stealth ports wizard to block all incoming traffic.

You could enable Block gratuitous arp, Do protocol analysis, and monitor other NDIS protocols.

That would make a pretty noisy firewall setup :wink:

Will it also cause comodo to pick up potential false threats like explorer.exe? Recently I was trying to uninstall a trend rutbot program (it’s from Trend housecall) and all of a sudden it notified me that explorer.exe is having a overflow buffer attack. comodo asked me to terminate or skip, and I chose skip. I wasn’t connected to the internet then, and so had no idea where it came from. Could it be a false alert or is it something serious?

I’m pretty sure my computer is clean as I’ve just had it checked and all scans came back clean.

A buffer overflow attack is part of D+ and it probably is something caused by RuBotted.
If it gave a buffer overflow warning it probably is a buffer overflow but in this case not an “Attack”.

A firewall will only trigger if this attack would be trying to connect to the internet…

so is it something to worry about? How should I check? I wasn’t connected to the internet when the alert showed up, and I was just uninstalling trend rutbotted and it asked me to terminate or skip. I chose skip but am now really worried. I just ran avira and malwarebytes and results are clean.



[tr][td]Buddy, relax. Look… Happens to me all the time. If you had this screen comming up, I bet you’d freak out. It is supposed tell me what is going on, but the fonts got sweped away by the overflow. It is the same thing that happend to you.

I know it used to happen frequently on my machine because I was playing around with High Resolution Icons and Themes. I wouldn’t worry about it if it happens again. Just keep an eye on your connection (see Picture #2 below.)
Clarification.
You don’t hafta be online in order to get buffer overflow errors from explorer. It is not your firewall that is nervous about what’s going on. It is Defense+ (I have no Idea what I’m talking about. But I think I’m correct[/td][td]
http://img301.imageshack.us/img301/4461/justwantedcontac2t.png
[/td][/tr]



[tr][td]Monitor Connections
[table][tr][td]
http://img33.imageshack.us/img33/863/buffer.png
[/td][td]

  • Click the [Firewall] (top) to reveal [Common Tasks] (left) unless it is already visible.- Click the [Common Tasks] to reveal [View Active Connections] unless it is already visible.- Finally… click [View Active Connections]
    [/td][/tr]
    http://img97.imageshack.us/img97/8610/54995486.png

If you ask me, the monitor tools of CIS isn’t state of the art. There is the Log, that barely suits its purpose (sorry COMODO) and you can also view active processes, very much like the taskmanager.

Copy, right: Thanks for the reassurance, but I’m still a bit worried. My screen (defense + alert you posted) actually looks different from yours in that it showed up completely with the description of what it was (explorer.exe is having an overflow buffer).

I just remembered something though: After uninstalling the trend rutbot it was trying to connect online to a survey to know what I uninstalled it, but since I disconnected the internet I blocked it when comodo alerted me…

I’m almost 99% sure this is a FP in the RuBotted routine causing a Buffer overflow… i wouldn’t worry about it if you have not noticed other behavior… like all of a sudden strange FW and/or D+ alerts…

Not really sure if this behaviour should cause worry or not, but I have had a sudden restart when I was doing an a-squared online scan and then started an application isolation program to start my internet. I was just doing a search on google when it re-started. After it did, I re-started the a-squared scan and results were clean.

Other than this re-start I haven’t noticed anything else strange. Could it be due to the buffer overflow? This does concern me because my computer, though old, has had very few automatic re-starts over the years (probably 2).

Now I’m 100% sure there is nothing to worry about, i have put this on my test system… poof BO on feedback request, you are seeing this alert.

After this happened i had to restart because my system did not respond properly so i guess that’s the reason why you eventually crashed…

[attachment deleted by admin]

that’s the exact same popup. Thank you very much, Ronny, and to all who’s replied. I feel better now :smiley:

Being paranoid saved me lots of times. It also caused me some trouble when I blocked winlogon from logging on and such. I guess a healthy form of paranoia is when you suspect something without acting (emotionally) on it.

Seriously, I’m suspecting everybody, even commodo and microsoft. I still feel that essential processess such as svchost and explorer are acting suspicous sometimes.

Unless you are some kind of an expert… the best advice I can give you - don’t keep stuff on your computer, that you do not want to share.

And if you really have to work with sensitive stuff… have an isolated machine that NEVER connects to the web. Because you can never be too sure. If they can hack FBI’s mainframe, I’m sure they can hack COMODO’s firewall as well.

Being safe is not an issue with your computer. It’s an emotional ability that must be learned.

Now, it sounds like I’m trying to lecture you - I’m sorry. I’m not. I’m probably totaly wrong, and I don’t mean to have your opinion changed or anything. This is just the way I see it today. Tomorrow maybe I see it diffrently.

Regards,
/CopyRight