This page contains a manual for setting up the free Comodo Internet Security (download: www.personalfirewall.comodo.com, the 32-bits version is suitable for most Windows installations). This internet security suite (free, even for commercial use!) contains a complete, professional firewall, suitable for both Windows XP and Windows Vista. Besides the firewall, Comodo Internet Security Suite contains free virusscan software and Defense+ (a feature which verifies the running processes to prevent undesired changes to the system from happening). Thanks to these new features, there is less chance virusses and malware are able to upset the system. Comodo was already known as one of the best firewalls, but in combination with the virusscan software ande Defense+ it keeps the competition ahead! The only disadvantage: for now there is only an English version available.
Firewall software verifies the outgoing and incoming traffic between the computer and the internet/network traffic and blocks all undesired traffic. By doing this, the firewall is not visible for other computers in the network or the internet, which makes it difficult for unauthorized persons to gain access to personal files. A firewall prevents also that installed malware gains access to the internet (without a confirmation by the user) which prevents the malware from sending personal data towards the internet. If the virus scan software has missed a virus, the firewall can prevent further damage. To summarize: the firewall makes the internet connection a lot safer!
|
|
The Comodo firewall verifies the traffic over the internet connection, the virusscan software for virusses while Defense+ verifies the activities of the executable files. For both the firewall and Defense+, Comodo uses pop-ups to inform the user and to ask for permission, with these pop-ups, the user can accept or deny the detected activity. When the option Remember my answer has been activated, the accepted (or denied) activity is added to the database of safe (unsafe) applications and activities (the next time the same activity occurs, there will be no pop-up). In the beginning, Comodo has to 'learn' a lot, which will result in many pop-ups in the first days. Fortunately, Comodo has an option to mark the already installed applications as safe, which safes a lot of time. This option can be used safely after a new Windows installation.
For the less experienced users, it is sometimes hard to interpret the seriousness of the pop-up warnings. In those cases, Comodo can be set on a lower security level which suppresses the pop-ups for the relatively safe activities. This is possible because Comodo has a frequently updated white list of over 1 million known safe programs. Besides the white list, Comodo analyses the behavior of the running applications which results in an advise towards the user what to do. Thanks to these properties, the less experienced users are able to use the Comodo Internet Security as well!
ATTENTION: In case of an upgrade of the Comodo firewall (from the older version), the replacement of an already installed firewall (which can be part of a security suite), it is necessary to uninstall this firewall first (with the exception of the default Windows firewall) before installing Comodo to prevent the risk of boot problems! If the Comodo virusscan software will be installed as well, currently installed virusscan software must be uninstalled first as well. Uninstalling the current firewall and/or virusscan software can be done by the sub Software (XP)/Programs and Features (Vista) in the Control panel. If the firewall/virusscan software is not uninstalled first and Windows no longer boots, Comodo (or the already installed firewall/virusscan software...) can be uninstalled in safe mode (press F8 while booting Windows). If uninstalling is not possible either, try to disable it first with the tool MSCONFIG. If System Restore is active, try to go back to a restore point which was made before the installation of the Comodo firewall (Start, All Programs, Accessories, System Tools, System Restore).
The shown options during the setup procedure of Comodo Internet Security might not be that clear for an inexperienced user. If you don't understand the questions, it is safe to click Next for every question because the default settings are fine. For fine-tuning purposes it is wise to verify each step and if needed to deviate from the default settings.
During the setup procedure the user is recommended to install both the Comodo Firewall and the Comodo Antivirus.
Deactivate the option Antivirus if another antivirus software is used. If the option to install the Comodo Antivirus is disabled, in the following window the user is asked to choose between the basic installation (Firewall Only), the advanced version (Firewall with Optimum Proactive Defense) or the option with maximum use of the options Defence+ has got to offer (Firewall with Maximum Proactive Defence+). The basic Firewall notably limits the number of pop-ups because Comodo will only check the internet activities, which is safe enough for most users. For monitoring the activities of the installed application, it is necessary to select the option Firewall with Optimum Proactive Defense or Firewall with Maximum Proactive Defence+. Be aware that choosing for these options will result in notable more pop-ups to be answered! In the next steps of this manual describes the settings for the Firewall with Optimum Proactive Defense.
The next window asks the user to join the Threatcast community. This option gives statistics about the decisions other users have made on a pop-up asking to allow or to block in a similar situation. This can be useful in case you don't know if a program is safe or not. In return, your answer will be shared (anonymously) with the other users. Although this feature could be useful, my advise would be to disable it.
The next window asks the user to agree with the installation of the Comodo toolbar and to change the default search provider and homepage. These are not necessary, and it is even better to disable them.
Is there any doubt whether the comptuer is infected with malware, the scan of the recommended system can be performed by enabling the option Scan my system for malware (Recommended) in the next window. Disable this option when Windows has just been installed.
After the computer has restarted and Windows is reloaded, Comodo starts automatically. The first time Comodo runs, a pop-up is shown the network where the computer is connected to. If you would like to change the given name for the network, it is the only point in time to do it. Change the already shown name at Step 1 to the desired network name (e.g. Network at home). If the network name has been set, don't change it any ware because it will result in problems! Only activate the option I would like to be fully accessible to the other PCs in this network when files and/or printer on the computers has to be shared with other users in the network.
After installation, the main Comodo window is available by double clicking the Comodo Internet Security icon in the system tray. The icon is recognized by the white colored shield with green and red arrows indicating the down and upload activities. The buttons at the top of this window shows successively a summary, the firewall settings, the Defense+ settings and the other less interesting settings (Miscellaneous).
TIP: The option Stop All Activities in the summary blocks all internet activities immediately. By selecting the option Switch to Installation Mode before installing a new application prevents Defense+ to interact continuously with the installation procedure (if this option is not used in the main window or one of the pop-ups, Comodo will repeatedly show pop-ups until all system changes done by the setup procedure are allowed with a pop-up.
Every process (e.g. a program or a service) which would like to use the internet connection, are blocked by default until the user has allowed it. If a process is not yet available in the database of safe applications the user is asked for allowance using a pop-up. When the user has enabled the option Remember my answer in a previous pop-up for this process, it won't be asked again.
Every request for allowing the traffic comes with an advice what to do. For a relatively safe application, the color orange is used and for an unknown, possibly unsafe application the color red is used. In the example above, the firewall pop-up warns that a specific process mcshell.exe of the security suite McAfee is requesting access to the internet. Because McAfee has been placed on the white list as a relatively safe application, the warning is colored orange. The pop-up warnings of applications which are not registered in the database are colored red. If the application in the pop-up is allowed by the user to access the internet/network, activate the option Treat this application as and select Trusted Application (this procedure will prevent other pop-ups to be shown for a short time period). Activate the option Remember my answer as well (if this is not yet the case) to make sure Comodo saves the answer for future requests of this application.
TIP: If you are not sure whether to trust an application or not, select the option Block this request without remembering the answer (deactivate Remember my answer). If a specific application is not working properly because it has no access to the internet, it should have been allowed. By rebooting Windows, the pop-up will be shown once again which still can be allowed.
Limit the number op pop-up by allowing trusted applications automatically
By default,
Comodo has a database with over 1 million safe applications (the so called white list)
to rely on.
According to the default settings, the applications on this list have the same
permissions as all the other applications: they are only allowed to connect to
the internet/network when the user has allowed it by confirming the pop-up. By
changing the Firewall Security Level from Custom Policy Mode to Safe Mode (the
sub Firewall in the main window, button Advanced in the left task
pane, option Firewall Behavior Settings), those applications are allowed
to go online automatically without showing the pop-up. The Firewall Security
Level setting is also available by right clicking the Comodo icon in the
system tray! Because those applications get access to the internet/network
automatically, it is a disadvantage as well: those applications can not be
blocked at that moment when the user actually would like to block it.
Changing the Network Security Policy rules for the network/internet
traffic
The window Network Security Policy (sub Firewall, button Advanced in the left task pane)
shows an overview of the processes for which security policy rules have been set
(manually with a pop-up or automatically). A security rule defines the network
and internet access rights of a certain process. If a process have been blocked or
allowed unjustly, then this
setting can be changed afterwards by changing the security policy rule: double
click the rule(s) shown below the row with the application (in the newly opened window Network Control Rule)
and change the combo box Action from Allow to Block (or
reverse). The color of the little ball shown in front of the
security rule, will change from green to red (or reverse). The rights of a
process can be changed by double clicking the program row as well (in stead of
the security rule(s) below), the possibilities to change settings are however
less. Another option is to
delete the complete application from the list, which forces Comodo (the next
time the application uses the internet/network) to show a new pop-up, which will
result in a new security rule.
TIP: By disabling the firewall temporarily, it is possible to verify whether the firewall is the cause of a malfunctioning of a running application. Right click the Comodo icon in the system tray and disable the firewall by Firewall Security Level, option Disabled. Test the application and find out whether the are solved or not. Don't forget to turn the firewall on afterwards (Custom Policy Mode or Safe Mode), else the internet connection is not secured any more!
The window with the active connections (sub Firewall, button Common Tasks, option View Active Connections) shows an overview of the applications which are connected to the internet at that specific moment. It also shows the ports and protocols used by these applications.
By default Comodo blocks al incoming traffic. This includes the ports which are necessary for some applications (like file sharing software). The firewall also blocks requests to browse the shared files by other computers in the network. The option View Firewall Events shows an overview of all blocked activities, which can be useful solving problems with the firewall.
The Comodo Antivirus settings can be changed by the sub Antivirus in the main screen. Disable the Comodo virus scan software when virus scan software of another vendor is used. Real-time scanning is stopped by setting Scanner Settings to Disabled. The scheduled scan for viruses is disabled by the option Scheduled Scans, button Remove (use the button Edit to change the date and time of the scheduled scans).
The feature Defense+ protects the user from malicious software. Defense+ verifies the activities of all executable files and asks the user for permission (with a pop-up) in case of changes which have to be done to the system. This additional security feature lowers the chance malware makes undesired changes to the system. So, Defense+ does not secure the internet connection but the activities on the computer itself! Pop-ups are used to ask the user to allow the activities of any application. In case of a trusted (by the user) application select Treat this application as ... Trusted Application in case of (by the user) trusted application. By doing this, the application will be added to the list of trusted application which will prevent the occurrence of new future pop-ups for this application.
If a new installation or update of an earlier installed application is executed, answer the pop-up with the option Installer or Updater. Defense+ will ask whether the Installation Mode has to be activated, which will result in no more interruptions. Because the setup procedure won't be interrupted, all necessary system changes can be done without any interruption (the Installation Mode can be activated by the main Comodo windows as well). After a few minutes a Reminder appears with the question whether the temporary Installation Mode can be switched back to the normal, previously used mode. Only activate the Installation Mode when you are certain the installer is safe to use!
Limit the number of pop-ups
The default Defense+ setting will result in many pop-ups, which can become
irritating. Multiple pop-ups for a single application is not uncommon.
In those cases, the user will quickly click them away without analyzing the
messages (which actually makes Defense+ useless). When all installed
applications are safe, select Clean PC Mode as Security Level
for Defense+ (this can be done by right clicking the Comodo shield in the system
tray). This setting will only verify the newly added applications which limits
the number of pop-ups.
The list of pending files
Thanks to the
white list, many trusted applications are recognized automatically. The
unknown applications are placed in the list
My Pending Files for further research. This list is available by the main Comodo
window with the link
waiting for your review or by the option My Pending Files of the
sub Defense+. Select all files (with the checkbox All?) and click
the button Lookup to verify them online. Some of the files will be
reviewed as safe. The button Purge will remove the already deleted files
from the list. The button Move to will move the remaining files to the
quarantine (My Quarantined Files) or added to the list of own safe
files (My Own Safe Files). With the button Submit, the quarantined
files can be submitted for review by Comodo but don't expect a quick review...
Disable Defense+ when the frequently occurring pop-ups are irritating
If the number of pop-ups irritating, it is better to disable Defense+ by right
clicking the Comodo icon in the system tray and to select Disabled as
Defense+ Security Level.
This will not unload Defense+, it is only disabled! To safe system recourses,
disable Defense+ permanently in the sub Defense+ of the Comodo window,
button Advanced in the left task pane, option Defense+ Settings,
select the option
Deactivate the Defense+ permanently (Requires a system restart) and restart
the computer.
For more information about FREE security see the pages about:
Other free firewall software:
Sunbelt and
ZoneAlarm
antivirus software,
firewall software and
adware software
Home Preparing a reinstallation Windows XP Windows Vista Security Software Miscellaneous WWW