Whats your method for locking down CIS

How do you guys and gals lock down your machine I seen cruelsisters way which is very good :slight_smile: heres a more different approch to this
***warning this is mostly for desktop and laptop in the house. If you take your computer somewhere else {like a friends house or school} youll be locked out and have to create a new set of rules for that place
cmd ipconfig /all will have the info needed.

this is how i lock down comodo. these are my notes. (there will be grammar error, but this is from my own notes. Theres more to add thats not on here and missing

under setting → firewall–> Application rules → add —> browse → running process →
now do the same for in running process for
"winlogon.exe
“smss.exe”
“csrss.exe”
"wininit.exe
“dwm.exe”
“services.exe”
“searchindexer.exe”
“taskhost.exe”
“lsass.exe”
“lsm.exe”
“explorer.exe”

Now were are done with running process

same as before but click on “files” and change it to “web browser”
go to C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\COMODO\Dragon\dragon.exe
do the same for all the other browsers too like firefox.exe, chrome.exe, opera.exe
if you have firefox add plugiin-contaner.exe and maintenceservice.exe

after this make sure your printer works good, and any messengers, browsers, any browser sync issues, cloud services, google chromecast, firestick if it applys to you (If not check the logs). There shouldn’t be a issue


under setting → firwall–> Application rules → add —> browse → running proccess → click "svchost.exe (there will be several rules for this)

Click on custom rule set → click “add” →
Click actions"allow",
protocal"UDP",
Description"In or Our"

Source Address"IPv4 Single Address"
IP"000.000.000.000"

Destitination Address"IPv4 Single Address" (Note, All bits turned on)
IP"255.255.255.255"

Source Port"A Single Port"
Port"68"

Destition Port"A Single Port"
Port"67"
Click “OK” (This allows network adaptor to request an ip address from the router)

Now click “Add”

Action"Alllow"
Protocal"UDP"
Destiation: In or out
Source Address"IPv4 Subnet Mask"
IP"192.168.001.xxx" (This is mine, you need to got to “CMD” type in ipconfig /all to find YOUR local ip address and mask)
Mask"255.255.255.000 (This is mine, Yours may be different)

Destitonation Address"IPv4 Single Address" (This is your gateway address, check your ipconfig /all to find it)
IP"192.168.001.xxx"
Source Port"A Single Port"
Port"68
Destination Port"A single Port"
Port"67"
Click"OK"


another rule

action"allow"
Protocal"udp"
direction “out”

source address “ipv4 subnet mask”
ip: 192.16.1.68 (this is your local area network
mask:255.255.255.000

DESTINATION ADDRESS: IPV4 SINGLE ADDRESS
type: 1.1.1.1 (THIS WILL BE YOUR DNS ADDRESS)

SOURCE PORT: n/a
Destination Port: 53

another rule

action"allow"
Protocal"udp"
direction “out”

source address “ipv4 subnet mask”
ip: 192.168.1.xxx (this is your local area network
mask:255.255.255.000

SOURCE PORT: n/a
Destination Port: 53

DESTINATION ADDRESS: IPV4 SINGLE ADDRESS
type: 1.0.0.1 (THIS WILL BE YOUR DNS ADDRESS)


another rule

action"allow"
Protocal"tcp"
direction “out”

source address “ipv4 subnet mask”
ip: 192.168.001.xxx (this is your local area network
mask:255.255.255.000

destination address n/a any address
SOURCE PORT: n/a
DESTINATION port:80


another rule

action"allow"
Protocal"tcp"
direction “out”

source address “ipv4 subnet mask”
ip: 192.168.1.xxx (this is your local area network
mask:255.255.255.000

destination address :n/a any address
SOURCE PORT: n/a
DESTINATION port:443

another rule Log as firewall event if rule is fired

action"block"
Protocal"icmp"
direction “in or out”


another rule Log as firewall event if rule is fired

action"block"
Protocal"ip"
direction “in or out”

Thank you for the info :-TU

i do something like this on my machine, but does it have any value these days as cis seems to be abandoned? sorry to ask but some mods are just locking down topics and ereasing posts when we complain about the lack of infos regardless cis.

I did some of this tweaking the other month and then just reverted to Proactive with Containment level set as “Restricted”. Think I’ll save my config and give this another go :smiley:

its very easy to make a error. This is my setup. I still left a few thing out

i do something like this on my machine, but does it have any value these days as cis seems to be abandoned? sorry to ask but some mods are just locking down topics and ereasing posts when we complain about the lack of infos regardless cis.
abandoned or not it works with windows 11 unless you got bug issues. Malware dont really change much over the past 10 years. The technique change. The last real creative malware i seen is "tdss"(rootkit) and "karpinger"(bios rootkit + it had audio advertisting, but thats another story)

While nothing is perfect, comodo still has the best firewall, defence + (hips) and auto-sandbox on the market. And there “bank mode” software. kind of (comodo secure shoppig). Comodo has everything you need. You just have to learn the detail of each mechanism.

In other words (from my point of view only) If your not happy with the default settings, then you need to learn how to lock it down. If neither helps maybe you should try some other software. Im not sure what to say. Yes, I agree development is years slow and nothing has changed. Comodo’s technology is still years ahead of the competition. Unless your suffering from bug issues. As of August 12, 2022 . How many malware can bypass comodo without the human being the weak point

Thank you for your effort. I’m thinking of going back to comodo, applying your suggestions - feeling more protected.

And you are certainly not a fanboy, thxs for your post above, too.

applying your suggestions - feeling more protected.
I just created the topic to learn other other ways of locking down the system. For my way, it is complete overkill and no really needs to lock it down like that. I just do it for fun and learning and see how far i can go without breaking stuff. (Remember, this works for my setup. Every is different (like adding printers, chromecast, useing bluetooth) it can mess with your machiine just be carefull
And you are certainly not a fanboy, thxs for your post above, too.
thanks :■■■■ fyi if you ever find a better software out there, you have my undivided attention :) Anything better would just be pulling the cable modem power adpater

thank you for your reply. sadly i had some problems with win 11 and had to leave comodo… but then, i had to go back to win 10 (problems with the vpn client used by the company im working) and now im back with cis with cruelsister + mine configs… some bugs here but they are not that scary on my win 10 this time, so… i can live with it for now.

:-TU

https://forums.comodo.com/news-announcements-feedback-cis/questions-regarding-development-of-cis-t127440.330.html

prodex Posts: 622 Re: Questions regarding development of CIS Reply #338 on: August 05, 2022, 03:38:48 pm

I rely on this statement. I don’t need new buttons or so (“beautyfication” etc). I trust this statement because the protection is still obvious and the most importzant feature for me. And this statement of a member of the team, who participates as a moderator in meetings and has insight into development status throug exchange among themselvels, I think so.

Thus I am with Avos of the same opinion.

No, I wasn’t looking for a better one, but for a software that is updated for security reasons (hackers are very good programmers). I installed ZoneAlarm, but now I’m back to comodo, again. I feel “better” - PC was always reliably protected , so long.

No, better it is to be attentive! Life is dangerous even without the Internet, as well, as far as criminals or scammers are concerned. I’ve gotten various configurations and load them depending on what I’m doing. But most I use cruelsister’s configuration or a modified proactive.

I wasn't looking for a better one, but for a software that is updated for security reasons (hackers are very good programmers).
I totally agree with you. :-TU For CIS, currently, I can count with 1 hand on how many malwares out there can bypass comodo's security. The weakest link is the human operating the machine. Comodo is still the most secure setup on the market currently (as a bonus, CIS is free) . If that isnt good enough, you can always tweak the setting to meet whatever standard you feel is needed and some people do that too. Most of the them follow cruelsisters method of tweaking it Based on this link https://www.youtube.com/watch?v=vktNQCwB2UY

Currently, most of the important thing comodo needs to do is the bug fixes that a few people are experiencing. Also it should announce that it works for windows 11. Everyone that i know (in the real world outside the internet) that has comodo on there windows 11 machine is working fine, but on the next comodo release (whenever that is) should be announce by comodo saying its compatable with windows 11

Hi jay2007tech,

Thank you for the time you took to analyze and share the information.
Thank you for supporting,

Thanks
C.O.M.O.D.O RT

C.O.M.O.D.O RT
Your welcome, share it with your friends I’m going to post a few more rules in a few days. :slight_smile: Nothing better then locking down the machine and dns. My invisible adversaries (enemies) probably wont like it >:-D

Hi jay2007tech,

Thank you very much for supporting.

Thanks
C.O.M.O.D.O RT

here block all ports not in use;
block all applications system not necessary;

Hello jay2007tech and many thanks for the firewall hardening tutorial. :slight_smile:

Is there any chance you could also include what rules you are using in System(in the application rules), Globalrules and in Networkzones? What about Windows firewall, should i disable it?

Also, is it possible for you to add how to harden svchost to only include the necessary connections such as windows update, defender updates, time and of course “getting an ip”?
Thanks again.

many thanks for the firewall hardening tutorial.
and
Is there any chance you could also include what rules you are using in System(in the application rules), Globalrules and in Networkzones?
wow. this is a long month. I haven't got that far. My friend was trying to upgrade my laptop with some awsume hardware. I been having issueing with it for a while (nothing to do with comodo). theres 1 external harddrive that has a ton of notes and it not working (i have a few external harddrives). Thats why the guild was never finished. (my original notes were trashed so I wrote the notes(I know my notes are sloppy written) from this youtube video. This guild I use is better then mine but this is what im using right now. It took a half a day to find the link in youtube Get it from here in video Clear Config <-- :) https://www.youtube.com/watch?v=4hCoT3fCTxM
is it possible for you to add how to harden svchost to only include the necessary connections such as windows update, defender updates, time and of course "getting an ip"?
Its very easy to mess up your internet connection, if you dont know what your doing. I'm guessing your trying to learn

To keep this short
You have the instructions right there and this works for my computer setup only. you pick and choose on will work for you. This isn’t really for beginners (comodo hardening is overkill for most people) I have no idea what your setup is and you have to read the notes (Ill try to update the second half, If I cant access the harddrive, Ill just write it out or watch the video. Its all there. At least make a backup copy of windows before jumping in

If you take your computer somewhere else {like a friends house or school} youll be locked out and have to create a new set of rules for that place cmd ipconfig /all will have the info needed.

Thanks jay2007tech appreciate it. Yes, im trying to learn. One last question if you don’t mind, should i disable Windows firewall?

I do something similar.

The Center for Internet Security (CIS) provides widely recognized best practice standards for securing various systems and applications. These benchmarks are a set of configuration guidelines that help organizations enhance their security posture.

Here’s a general method for locking down a system using CIS benchmarks:

  1. Familiarize Yourself with CIS Benchmarks: Obtain the relevant CIS benchmark for the system or application you want to secure. CIS offers benchmarks for various operating systems, applications, and cloud environments.

  2. Assessment: Before applying the CIS benchmarks, it’s essential to perform a thorough assessment of your current system configuration. Identify potential vulnerabilities and security gaps.

  3. Backup: Before making any changes, create a backup or snapshot of your system. This ensures you can revert to a stable state if any issues arise during the lockdown process.

  4. Review the Benchmark Recommendations: Go through the CIS benchmark document carefully. Understand the recommended security settings and configurations for each component of your system.

  5. Apply the Benchmark Recommendations: Implement the security configurations specified in the CIS benchmark. This may involve changing settings in the operating system, disabling unnecessary services, modifying user privileges, and more.

  6. Regular Updates: Stay up-to-date with the latest CIS benchmarks as they might get updated to address emerging threats and vulnerabilities.

  7. Testing: After applying the CIS benchmark configurations, thoroughly test your system to ensure that essential functionalities are still working as intended and there are no unexpected issues.

  8. Monitoring and Maintenance: Regularly monitor your system to detect any potential security incidents or deviations from the established security configurations. Also, perform periodic reviews to ensure continued compliance with the CIS benchmarks.

  9. Patch Management: Keep your system updated with the latest security patches and software updates to address any known vulnerabilities.

  10. Security Awareness Training: Educate your team about the importance of security practices and the significance of following CIS benchmark guidelines.

Remember that the specific steps and configurations may vary depending on the system and the version of the CIS benchmark you are using. Always consider your organization’s unique requirements and constraints while implementing any security measures.

1 Like