Where are INTRUSION Attempts Being LOGGED & Several Other Qs

Hi there from a Newbie,

I have the same question/dilemma as Mr. Panic (in older thread):

How do we know where & when our system is experiencing INTRUSION attempts and what this firewall is doing to prevent them?

In Zone Alarm & Norton Internet Security, there are LOGGING options and a lot of detail is provided regarding intrusion attempts. In the older Zone Alarm we used to use, even if we turned off the Logging feature, we always could look at the Z/A console and see a count-out of how many intrusion attempts had occurred in how many minutes we were online.

This Comodo firewall has some very nice features but it has overlooked some very basic ones that will help newbies to feel more at ease.

  1. Why isn’t there just a LOGGING TOGGLE where we click LOGGING ON and OFF as desired?
    And by LOGGING, I mean a record of ALL incoming/outgoing traffic, so we can watch what’s going on. Even if we eventually elect to shut it off because it’s a system drain, we need this sort of visual cue-feedback to enable us to learn how this software works and determine if it’s doing a proper job of protecting our systems.

  2. Where is any CONFIGURATION PANEL where we can customize how things look and which features we want ON and which ones are cluttering up our screen and eyeballs? The present plethora of features is somewhat overwhelming at first. It would also help if we could choose our preferred FONTs (espec. for those with vision problems)and COLORS. The Adv’d Security Config screen uses extremely small and fine print that is very ■■■■■■■ computer-stressed eyeballs.

  3. Another question, unrelated to the above, but of interest to anyone using this product:
    WHY is it necessary to “register” the product if it is free? Please explain what it means in the installation process where it says we can use this product for 30 days but we MUST REGISTER, and then it says Even if we do NOT register, the product will continue to work?? Along with that, why is it necessary to UPDATE this product? It’s not like a Virus Checker that needs to revise its Virus Definitions frequently.

  4. Are there any built-in “trackers” or “snoops” or VECTORS such as used by Zone Alarm that will compromise Comodo-users’ PRIVACY either now or in the future? The need for REGISTRATION prompts that question.

  5. Something on my system keeps turning on mstask.exe: Is this being done by Comodo to “register” this product or check for updates? (Or perhaps it is being done by AVG Antivirus?) (Or perhaps by the system itself?) Either way, we’ve elected to DENY it Net access since we have no idea what TASK it seeks to perform! :slight_smile:

Thank you for creating this nice firewall and this nice forum, and we look forward to some answers.

Cheers!
DonkeyMurk
(V)

I do not feel comfortable answering any other questions as I am somewhat inexperienced with CFP as of today, but these I can answer.

First of all, I do not believe that CFP requires registering anymore. I believe that is only in older versions.

Secondly, it is necessary to update CFP because no security-orientated program is 100% exploit free.
Take, for example, this old advisory:
http://www.matousec.com/info/advisories/Comodo-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php
The latest update fixes this exploit, and is thus no longer a threat. If you do not update CFP, anyone would be able to bypass it, and thus you would not be very protected.
Or, this new advisory:
http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php
As of right now, according to Matousec, it is not yet fixed under “Not Vulnerable Software”. However, it is certain that it will be extremely quickly, and if you did not update you’d be vulnerable. Updates are very important, Firewall or Anti-Virus alike.

Just be happy Comodo even does update and does not have over 307 unpatched vulnerabilities like Norton does as confirmed by us.
(:WIN)

Welcome to the forum, DonkeyMurk!

Intrusions are found in the Activities top tab and then the Logs window on the left tab.

In Zone Alarm & Norton Internet Security, there are LOGGING options and a lot of detail is provided regarding intrusion attempts. In the older Zone Alarm we used to use, even if we turned off the Logging feature, we always could look at the Z/A console and see a count-out of how many intrusion attempts had occurred in how many minutes we were online.
Currently, there is no stats-recording feature in CFP. However, this is already on the [url=https://forums.comodo.com/index.php/topic,4612.msg49377.html#msg49377]wishlist[/url].
1. Why isn't there just a LOGGING TOGGLE where we click LOGGING ON and OFF as desired? And by LOGGING, I mean a record of ALL incoming/outgoing traffic, so we can watch what's going on. Even if we eventually elect to shut it off because it's a system drain, we need this sort of visual cue-feedback to enable us to learn how this software works and determine if it's doing a proper job of protecting our systems.
There is. More than one way, actually. The easiest is to right-click in the Logs window to toggle each monitor logging. Right-clicking also opens the option to export your logs to a html file (which can further be edited with a file editor like Notepad) to post on these forums for troubleshooting.
2. Where is any CONFIGURATION PANEL where we can customize how things look and which features we want ON and which ones are cluttering up our screen and eyeballs? The present plethora of features is somewhat overwhelming at first. It would also help if we could choose our preferred FONTs (espec. for those with vision problems)and COLORS. The Adv'd Security Config screen uses extremely small and fine print that is very ■■■■■■■ computer-stressed eyeballs.
In current versions, there is no way to customize the feature placements and looks. I agree with you in that there [b]appears[/b] to be too many options. It really depends on the knowledge level of the user. Others find it's too simplistic. I also agree that the font size is too small. Please post these in the wishlist if they aren't already included.
3. Another question, unrelated to the above, but of interest to anyone using this product: WHY is it necessary to "register" the product if it is free? Please explain what it means in the installation process where it says we can use this product for 30 days but we MUST REGISTER, and then it says Even if we do NOT register, the product will continue to work?? Along with that, why is it necessary to UPDATE this product? It's not like a Virus Checker that needs to revise its Virus Definitions frequently.
Like Quwen posted, only previous versions of CFP (2.3 and older) require an activation or registration process. And yes, even if one doesn't register it will continue to work. Current 2.4+ versions are self-activated upon installation. Updates are required for vulnerabilities and exploitations on a firewall's weaknesses and/or for patching bugs. In fact, the latest advisory from Matousec regarding Dll Injection on the hash function exploit has been [url=https://forums.comodo.com/index.php/topic,6536.msg48670.html#msg48670]fixed[/url], but is only available on the next big version 3.
4. Are there any built-in "trackers" or "snoops" or VECTORS such as used by Zone Alarm that will compromise Comodo-users' PRIVACY either now or in the future? The need for REGISTRATION prompts that question.
Not that I know or seen of :)
5. Something on my system keeps turning on mstask.exe: Is this being done by Comodo to "register" this product or check for updates? (Or perhaps it is being done by AVG Antivirus?) (Or perhaps by the system itself?) Either way, we've elected to DENY it Net access since we have no idea what TASK it seeks to perform! :-)
According to google and this site, it's the [url=http://www.liutilities.com/products/wintaskspro/processlibrary/mstask/]Windows Task Scheduler[/url]. You might want to check what tasks are scheduled because they could be important on your system. Go to Control Panel and open the Scheduled Tasks. This is a Windows service that is also required for prefetching to work (speeds up boot and application load times).

DonkeyMurk,

Your question about registration and privacy is one that has been raised many times before; it’s why Comodo changed the way it does that process.

It is very explicit that no information is being secretly uploaded to Comodo (or anywhere else) by Comodo products.

The registration is simply to help Comodo track the installation of their software, to get an idea of how many users they have. Keeping count of downloads is not a viable means, as other websites provide the installation packages, and even an accurate count of downloads does not indicate whether the software is in use. That is the sole purpose of the registration.

Their method raised a lot of questions, which really makes little sense to me. If someone uses McAfee, Norton, or TrendMicro’s FW, they have to register including name, email, etc, in order to be able to update the product. And that’s a paid-for product. And I know TrendMicro uses a registration key, so it could self-register with just that; however, they use it for marketing products and upgrades/updates. Hmm, go figure.

Anyway, that’s all there is to it, and as has been noted, that is no longer required for the installation process. You may enter an email address if you desire to be contacted, but do not have to.

LM