Comodo Firewall: Free, functional firewall. Installing and configuring Comodo Firewall for network security purposes Instructions for using comodo firewall pro 3

💖 Do you like it? Share the link with your friends
0

Summary of previous articles: an example of setting up and using Comodo Internet Security 8

Attention! The article is addressed to users who have experience using the Comodo Internet Security complex and have read previous articles about it. “Beginners” are advised to study this product first. For familiarization and relatively effective use, the following setup procedure is suggested:

  1. disconnect your computer from the Internet and/or local network;
  2. install CIS;
  3. open “Main window” > “Tasks” > “Advanced tasks” > “Advanced settings”;
  4. on the “General Settings” > “Configuration” tab, double-click on the “Proactive Security” line;
  5. on the “Protection+” tab > “Sandbox” > “Auto-Sandbox”, disable the “Use Auto-Sandbox” option;
  6. on the “HIPS” tab > “Protected objects” > “Protected files”, add any file through the context menu;
  7. via the context menu, replace the added line with ?:\*
  8. Click “Ok” to close the settings window;
  9. open “Main window” > “Tasks” > “Firewall tasks” > “Hide ports”;
  10. select the “Block incoming connections” option;
  11. perform a reboot;
  12. connect your computer to the network.

Preliminary remarks

This setup procedure is given in abbreviated form. The purpose of the article is to give readers a guide to the variety of configuration options for Comodo Internet Security. It is assumed that readers are familiar with previous articles and understand the reasons for certain recommendations. Only the most general setup details are given here. Additional measures, for example, against firewall bypass (through inter-process memory access, DNS queries and BITS), protection against ransomware or against keyloggers are described in the article on using proactive protection; about access to the local network - in the article about firewall, etc.

I would like to emphasize that this configuration is not “maximum”, but more or less balanced in terms of protection and ease of use. Unidentified programs are automatically virtualized without notification. HIPS alerts are possible, but they will occur very rarely.

The proposed option is intended for personal use by an experienced user, but it is easy to adapt it for “newbies” or users with limited rights. You can, for example, disable all notifications, or replace the automatic virtualization of unidentified programs by blocking them, or switch the firewall to “Safe Mode,” etc.

If following these instructions leads to any problems, I ask readers to report in the comments. Messages supported by configuration export files, a list of files and each CIS log for the entire period, as well as video recording and/or provision of remote access for diagnostics.

Installation and configuration

Installation

It is advisable to install CIS on a system that is guaranteed to be free of malware. Let me remind you that you need to update the system and do it backup copy. It makes sense to first disable Windows Firewall through the Control Panel.

If the system is clean of malware, it is advisable to “familiarize” CIS with the files on it. To avoid conflicts, you can disable the protection components at this time: antivirus, Auto-Sandbox, HIPS, firewall and Viruscope. First, let's perform a “Reputation Scan” (“Main Window” > “Tasks” > “General Tasks” > “Scan”) and after it is completed, we will make all found files trusted. Then we will launch various installed programs and their components. Let's reboot. In the advanced settings window, on the “File Reputation” > “List of Files” tab, mark all files and use the context menu to set them to a trusted rating.

Basic setup

After installation, open the “General Settings” > “Configuration” tab in the advanced settings window and enable the “Proactive Security” configuration. When prompted to reboot, we’ll respond “Postpone.”

If you have previously configured CIS, import the initial “Proactive Security” configuration from the program catalog under a different name and activate it.

If a notification appears about choosing a network status, select the “Public place” option.

On the “Content Filter” > “Rules” tab, make sure that the “Blocked Sites” rule is located at the bottom, and change it: add the categories “MVPS Hosts list” and “Symantec WebSecurity” and set the type of restrictions not to “Block”, but to “Ask” "

Context Menu Extensions

To copy files blocked by the antivirus, add the appropriate item context menu. All materials necessary for this with instructions are given in the archive.

Usage

If an unidentified program is detected, we do not make any concessions in protection without making sure that it is safe. The easiest way to check the program is through the context menu. I note that the absence of antivirus detections is not an absolute guarantee of security. But you can more or less confidently judge the safety of a file if it has been known for a long time and leading antiviruses do not recognize it as malicious.

As an additional test, you can run an unknown program in a virtual environment and then send the contents of the VTRoot directory to VirusTotal. You can independently examine the behavior of the program in a virtual environment by enabling Viruscope with the option “Apply Viruscope action only to applications in Sandbox" and opening the activity report. Viruscope also sometimes automatically classifies program behavior as malicious.

To install a new safe program, call up the context menu on its installer while holding down the Shift key and select the “Run as installer” item. If a HIPS alert occurs during installation, disable the “Remember selection” option in it and select the “Install or update” policy. After installing the program, we perform its first test run through the context menu item “Run as installer without elevation of rights” and close the program. Then, on the “File Reputation” > “List of Files” tab, we transfer the unidentified files of this program to trusted ones. We also add the directory with the new program to the trusted ones.

To update installed program we launch it using the “Run as installer” context menu item, perform the update procedure and similarly transfer new files from unidentified to trusted.

It is possible that a program runs in isolation even after it has been added to the trusted list. Typically, this happens when the program size exceeds 40 MB. The solution is to add the path to such a program to the “AllowedProgs” group.

If you need to temporarily run a program without restrictions, open the context menu on it while holding Shift and select “Run as installer without elevation of rights.” It is important to remember that such a program and its child processes will be able to run any unidentified file without interference.

When any unidentified file is isolated for the first time through Auto-Sandbox, a pop-up notification appears. I remind you that it is dangerous to press the “Don’t isolate anymore” button in it.

If any data needs to be carefully protected from damage, for example, by encryption viruses, we add the word “WriteProtected” to the end of the name of the directory containing it. The contents of directories like “C:\Docs\My Projects - WriteProtected” will be prohibited from being changed by any program except Explorer. When you need to change the data, we will either temporarily rename the directory, or move the data to another directory, and after finishing the work we will return it to protection.

You should look at the event log from time to time, especially the firewall and proactive protection (“Protection+”). There you may find that a certain program requires additional permissions, for example, to carry out an update. Then you will need to adjust the configuration accordingly.

When a program is blocked by an antivirus, first of all we send it to VirusTotal through the context menu. If we are completely confident in its security, we add this program to the trusted ones. If, despite doubts, the program must be used, copy it to the exceptions directory. To do this, open the context menu on it while holding Shift, select the item “Copy infected file...” and save it to the C:\Exclusions directory. From this directory the program will be launched as a normal unidentified program in a virtual environment.

If you are concerned that the program you are running will block the OS interface and prevent you from clearing the sandbox, you can limit its execution time. Convenient way to do this is the context menu item “Run in Comodo sandbox as restricted”, suggested in the article about the virtual environment.

If you need to run a dubious program in a real environment, we do this through the extended context menu item “Run without restrictions Auto-Sandbox”. We monitor program activity through HIPS alerts. To avoid a large number of them, you can immediately select the “Restricted application” or “Isolated” policy in the notification (by enabling the “Remember selection” option). Attention! A malicious program can launch a trusted one, and HIPS will no longer monitor the activity of the child process, which can cause damage. As a mitigating measure, you can temporarily enable Viruscope in order to observe in more detail the activity of not only the dubious program, but also its child processes, and, if necessary, roll back changes.

Typically, HIPS alerts in this configuration will only occur when using the "Run without Auto-Sandbox restrictions" menu item or, less commonly, the "Run as installer" and "Run as installer without elevation" options. However, if HIPS alerts you to activity unidentified programs in other cases are a red flag. It may mean that an unidentified program ran before CIS or received SYSTEM privileges. I recommend selecting the “Block and complete execution” option in such an alert (disabling the “Remember selection” option in it), and then checking the system for vulnerabilities.

Instructions for installing Comodo Firewall on a Windows PC.

1. At the very beginning of the installation, you must select Russian from the list of suggested ones in order to understand the complex settings of the program.

2. In the next dialog box, remove the checkmarks additional functions and DO NOT enter your email address.
In addition, in this window you need to click on the “Configure upgrade” button and carry out some manipulations.

3. In the upgrade settings, uncheck the boxes for Geek Buddy and Dragon Web Browser.

Geek Buddy - another reason to smile if you know English and can translate this expression. This is a small application “for lamers” that will provide you with a 60-day free help from technical support of this firewall.

This means that if you have any questions, you can safely write/call in the USA and consult in English with their team.

Since we are already great, and you can ask questions on our website, we won’t use this opportunity :-)

Dragon Web Browser is a browser that provides supposedly secure network surfing.
In fact, we don’t need it, because the security of surfing will be provided for us by Komodo Firewall, so we remove the checkbox from this item.

Click “Back” -> “I agree.” Install” and begin installing the firewall.

4. After some time, the program will ask you to restart your computer. We save everything open documents and click “Yes”.

5. As soon as the computer is restarted, the program will automatically introduce you to its products and capabilities.
To avoid this in the future, check the box next to “Don’t show this window again” and close it.

Setting up a firewall.

1. After installing Commodo, the firewall will start to complain to you that some applications are trying to access the Internet to update. In this regard, you can either allow them to do this or prohibit them.

Your choice will be permanent and the system will remember it, i.e. if you prohibit/allow some application to update once, after restarting the computer
Komodo will automatically block/give him the ability to update without notification.

If you eventually want to change your anger to mercy and block/allow the connection of a certain program to the Internet, we will later look at how to do this manually.

2. The main thing in setting up any firewall is to make sure that its operation is invisible to you, but at the same time, it reliably protects your PC from external threats.
To do this, run:

    go to the desktop and click on the firewall in the place where the inscription “safe” (there may be some other inscription there).
    The full program menu will open.

    Go to “Tasks”.

    Select “Firewall tasks”. At this point you can allow the connection certain programs from the Internet to update their databases.

    If you are confident in the application and know that it is accessing the World Wide Web for new databases, then click on the “Allow connection” button, then select the application file that needs to be given access to the network and click open.

All other settings can be left at default for now.

Developers this application have already worked hard to make protection against attacks and use of the Firewall convenient for users.

Firewall Comodo Firewall from version 3.5 it is part of the free comprehensive protection of Comodo Internet Security and can be installed as a separate component.

Comodo Firewall is designed to protect users of PCs running Windows OS; its capabilities are practically not inferior to similar products, including some commercial developments.

The interface is extremely simplified, but at the same time provides all the necessary features and functions.

Main components of Comodo Firewall

Key features of Comodo Firewall

Multifunctional firewall - firewall

Comodo Firewall provides a high level of protection against incoming and outgoing threats. This way, you get the most effective protection against hackers, malware, and identity theft. Now the firewall has been improved by adding new features:

  • Stealth Mode to make your computer completely invisible to port scanning;
  • Automatic detection of trusted zones based on a wizard;
  • Predefined firewall policies allow you to quickly apply the necessary security rules;
  • Diagnostics to analyze the system for possible conflicts with the firewall and much more.

Behavior blocker

  • Checking the integrity of each program before allowing it to be loaded into the computer's memory;
  • Performs cloud-based behavior analysis for immediate detection of malware;
  • Warns you every time unknown or untrusted applications try to launch or install;
  • Blocks viruses, Trojans and spyware before they can gain access to your system;
  • Prevents unauthorized modification of critical system files and records Windows registry;
  • Includes an automatic sandboxing feature that completely isolates untrusted files from the rest of the computer

HIPS Intrusion Prevention System

  • Virtually impenetrable protection against rootkits, process injection, keyloggers and other zero-day threats.
  • Comodo's free firewall monitors the activity of all applications and processes on your computer and allows files and processes to run if they comply with prevailing security rules.
  • Blocks malware activity by stopping any activity that could cause damage operating system, system memory, registry or personal data.
  • Allows advanced users to enhance security measures by quick creation custom policies and rule sets using a convenient and powerful rules interface.

Virtual kiosk

  • A virtual sandbox environment for running programs and surfing the Internet, isolated from your real computer. Applications and web browsers run inside the kiosk, leaving no cookies or history behind. real system, making it a secure environment for online banking and online shopping.
  • Prevents installation of viruses, rootkits and spyware to your computer and provides protection against hacking.
  • Includes virtual keyboard, which allows the user to securely enter credit card numbers and passwords without fear of keyloggers.
  • The virtual kiosk in Comodo Firewall allows power users to run beta software in an isolated environment that won't break stability or file structure real system.

Viruscope

This is a system that allows dynamic behavior analysis running processes and keep a record of their activity. Viruscope monitors the activities of processes running on your computer and alerts you if they try to perform suspicious activities.

Internet Security Essentials

The SSL certificate verification tool protects against fake (phishing) sites that try to steal sensitive information.

This lesson is a continuation of the article: Firewall.

So, we found and downloaded latest version Comodo Firewall. Only one firewall can be installed on a computer. Therefore, in order to avoid inter-program conflicts, the built-in Windows firewall must be disabled. You can see how to turn off the firewall in Windows XP and Wiindows 7 in previous lessons: and. But when we install Comodo Firewall, this is not necessary. The Firewall Setup Wizard will automatically disable the built-in Windows firewall.

A firewall controls attempts by applications to communicate on the network. The illustration shows how the firewall intercepted the attempt software Nokia phone to go online. This the right application, so click the "Allow" button:

One of the first to allow connections to the system components “Windows alg.exe” and “svchost.exe”. They are needed to connect to the network. Once installed, Comodo Firewall will issue alerts for various programs over and over again. If the application is known to us, we allow the connection request. If there is any doubt and the program seems suspicious, click the “Block” button. By checking the “Remember my choice” checkbox, we secure our choice for this application. And the next time you connect, the notification window for this program will not appear. You need to act carefully. Only programs known to us can allow connections and secure selections. If you click on the application name, the program properties window will open.

Also, the firewall notifies about incoming connections:

The following illustration shows how Comodo Firewall intercepted an incoming packet for a popular peer-to-peer client:

At first, the firewall notifications are a bit annoying. But we make our choice and over time there are fewer and fewer of them.

Malicious programs can disguise themselves as harmless software in order to deceive the firewall and gain permission to connect. Therefore, you need to regularly scan your machine with an antivirus program. You can read more about choosing and working an antivirus.

Let's move on now to the firewall settings.

We open Comodo Firewall, like any other application, by double-clicking on the icon on the desktop or on the icon in the notification area. The main program window appears with the "Summary" tab open:


This displays traffic information and system status. By clicking on the connection numbers, you can view details of active network connections. Clicking the "Stop all connections" button will stop all network activity. This function can be used in case of inappropriate system behavior - suspicion of interference with the operation of programs. For example, the system freezes for a long time and does not respond. This may be a consequence of the network activity of some malicious application. By blocking traffic, you can find out the reason and identify the program that poses a threat. All connections are turned on by clicking the same “Restore all connections” button.

The firewall operating mode can be changed by opening the drop-down list with the "Safe Mode" button.

"Block all" is a mode that does not allow any network activity - the equivalent of the "Stop all connections" button.

"Custom Policy" is a hard mode in which the firewall will display an alert for each program connecting to the Internet. Here, you need to create program policies yourself - clearly understand which applications can be allowed to connect.

"Safe Mode" is installed by default and is universal. The firewall applies user policies - it carries out user settings for individual programs, and also allows network traffic to applications that it considers safe. There will be few notifications and the firewall will not be too distracting.

We assign “learning mode” when you need to observe various applications without interfering with their operation. Here, Comodo Firewall independently determines program policies without displaying any alerts.

In Inactive mode, the firewall is disabled. You have to turn off the firewall in case of an obvious inter-program conflict, for example, with an anti-virus program or another firewall.

The next tab "Firewall" contains firewall settings. "Firewall Event Log" - the "log" reflects all events - the firewall's reactions to the network activity of various programs.

"Add trusted application" allows you to select the desired application and add it to the allowed ones.

“Add blocked application”, on the contrary, makes it possible to add the selected application to those blocked for connections.

Section "Policies" network security" opens a window where you can select one of the predefined application policies or create your own.

In the "Active" window network connections"programs showing in this moment network activity.

"Hidden Port Wizard" - with these settings you can hide certain ports and make the computer invisible on selected networks.

"Firewall Settings" is a window for selecting an operating mode, duplicating the drop-down list on the "Summary" tab. Also, set the “Safe Mode” slider and check the “Create rules for safe applications” checkbox:


The next tab, "Protection +", contains functions for managing proactive protection. When installing a firewall, proactive protection is enabled by default. Proactive protection is another layer of protection that controls the behavior of programs and prevents infection of the system. Proactive protection settings are basically similar to firewall settings.

The “Run program in Sandbox” option makes it possible to run a dubious application in a kind of “sandbox”. Working in isolation in this protected area, the malware will not be able to harm the system:


The "Proactive Defense Settings" item opens a window of proactive defense operating modes. And, briefly, let's go through these settings.

The "Paranoid" mode implies a paranoid suspicion of the protection towards any network activity. Proactive protection will issue an alert every time any application attempts to establish a connection.

IN safe mode protection applies policies set by the user, and also allows applications that it considers safe to be active.

In Clean PC mode, protection unconditionally trusts all programs installed on the computer and requests connection permissions only for newly installed applications.

"Training mode". In this mode, the protection does not issue alerts and performs monitoring independently.

"Protection disabled." In this mode, proactive protection is disabled. There is no need to disable protection. The optimal solution would be to set the protection to safe mode.

On the "Miscellaneous" tab there are additional settings firewall. You can watch them yourself. The review turned out to be voluminous. The main thing is that Comodo Firewall is a very reliable, flexible, Russian-language and free firewall. Comodo Firewall combined with a good antivirus program will provide comfortable and safe work online.

In detail, about work and choice antivirus program read .

2492 23.12.2009

Tweet

Plus

Let's start getting acquainted with Comodo Firewall by installing it.

On startup installation file A warning window appears about the need to remove other programs of a similar purpose in order to avoid conflict situations

If you already have any firewall installed, remove it; if not, then feel free to continue.
Now click on the “YES” button in the warning window. Further installation is standard for most Windows programs. You just need to click “Next”. At the end, the program will offer configuration options: automatic or custom

Leave it on automatic. To complete the installation, all you have to do is restart your computer.

After the reboot, you will immediately be asked questions about the activity of programs that can use the network.

Here you need to understand which program you allow or prohibit activity. When you click the “Allow” or “Deny” button, the firewall will allow or not allow the program to access the Internet once. If the program tries to access the Internet again, the window about its activity will be displayed again. If you are confident in the program that is trying to access the Internet, you can check the “Remember my answer for this application” checkbox and click “Allow”. Comodo Firewall will now understand that you trust this application and allow it to run without interference. In the same way, a ban is set for the program: check the box “Remember my answer for this application” and click “Ban”. Comodo will always block this program.

During testing, the first questions were asked regarding alg.exe and svchost.exe.

This system programs and they need to be allowed access. About user programs questions will be asked as they are launched. If the program is intended to work on the Internet or via the Internet, then it must be allowed. If it is clear that the program is overly zealous in caring about the user and wants to download something from the Internet or transmit it via the Internet, then its access should be denied. Thus, you, interested in your safe stay in global network, after a while, create rules of behavior for all programs installed on the computer.

Having made an erroneous ban or allowed the program to be active, you can always use the Comodo Firewall settings and correct the situation. Looking at the lower right corner of the screen, where the clock is located, you will see an icon with a shield. This is Comodo. Right-click on the icon and select Open. The main program window will open immediately

The main window clearly shows the basic parameters of the firewall.
At the top of the window you can choose between the “Summary”, “Protection”, “Activity” panels.

On the left are icons for switching between the windows of this panel:

Tasks– In this window, you can quickly allow or deny program access to the network, as well as select other options, the capabilities of which are well described under the name of each option. It is better not to touch anything unless necessary.

Application Monitor– designed to view and edit the list of applications that the user trusts. The window is presented in the form of a table, which indicates:

  • program name (Application),
  • IP address to which the connection is made (Recipient),
  • port number on which communication takes place (Port),
  • protocol within which information is received and transmitted (Protocol),
  • Well, and the column (Permission), which shows whether access to the application is allowed or denied.

Pay attention to the quick action options:

  • Enable/disable – you can temporarily disable some of the rules, for example, for testing purposes.
  • Add – A fully customizable option to create a new rule.
  • Edit – Edit the rule on which the cursor is positioned.
  • Delete – permanently removes the rule from the list.

By double-clicking the left mouse button on the program name or clicking “Edit”, you will be taken to the window for fine-tuning (editing) the rule

This window indicates the full path to the program on disk, the path to the program that is the parent of the one being configured. Nothing needs to be changed here.

And by looking at the tabs below you can:
- assign a program action to the application activity, indicate the protocol and direction of the program activity (whether the program receives information (Incoming), sends (Outgoing) or both receives and sends),
- specify one or more IP addresses with which the application interacts. One or more ports that an application opens when communicating.

Component Monitor– designed to monitor the integrity of important files – sometimes viruses try to change files and Comodo can prevent this.

Network Monitor- Attention! The order of the rules is important here! Comodo Firewall scans rules from top to bottom. This tab allows you to fine-tune the firewall filtering parameters for data transmission by IP addresses and ports. Here you can forcefully close potentially dangerous ports. Here's how to do it:
Click the “Add” button and in the window that appears

select the “block” action and specify “one port” on the “Source Port” tab, and also enter the port number, for example, 137. Click the “OK” button. The new rule will appear in the list.
Use the “Up” or “Down” arrows to specify the location of the rule in the list. To avoid mistakes, for now you can simply place the rule in the middle.

On the bookmark "Additionally" In the “Protection” window, you can further configure the firewall. These features need to be mastered gradually; as you work with the program, you will understand when there is a need for additional settings.

Going to the panel "Activity" we will see two tabs: “Connections” and “Log”
IN "Connections" a list of programs that are currently active is displayed. Here you can see if there is anything suspicious among the programs you trust. As well as the amount of data transmitted/received.

IN "Journal" A chronological record of important events is maintained. You can always refer to it when analyzing the actions of one of the programs.

And of course, don’t forget to update the program components. By clicking the “Update” button at the very top, you will launch the wizard for downloading new components. This simple procedure will prevent new ones from appearing. malware carry out destructive actions on your computer. By default, the settings are set to automatically check for updates.

Easy to use and configure, the Comodo firewall program will protect your Internet browsing and help you learn to understand the processes that occur during the exchange of information over the network.

Tweet

Plus

Please enable JavaScript to view the

tell friends
Twitter
Device with...
Next article
Read also
Office software for a tourism enterprise Automation program for a travel agency self-tour
Office software for a tourism enterprise Automation program for a travel agency self-tour
2023-10-23 00:05:22
VKontakte: quick password recovery is not available
VKontakte: quick password recovery is not available
2023-10-22 00:02:31
Autoclickers for mouse and keyboard Download autoclicker is very fast
Autoclickers for mouse and keyboard Download autoclicker is very fast
2023-10-22 00:02:31
Classmates don't work!
Classmates don't work!
2023-10-22 00:02:31