Ping rule in comodo firewall. Resetting custom rules in comodo firewall

Summary of previous articles: an example of setting up and using Comodo Internet Security 8

Attention! The article is addressed to users who have experience using the Comodo Internet Security complex and have read previous articles about it. “Beginners” are advised to study this product first. For familiarization and relatively effective use, the following setup procedure is suggested:

1. disconnect your computer from the Internet and/or local network;
2. install CIS;
3. open “Main window” > “Tasks” > “Advanced tasks” > “Advanced settings”;
4. on the “General Settings” > “Configuration” tab, double-click on the “Proactive Security” line;
5. on the “Protection+” tab > “Sandbox” > “Auto-Sandbox”, disable the “Use Auto-Sandbox” option;
6. on the “HIPS” tab > “Protected objects” > “Protected files”, add any file through the context menu;
7. via the context menu, replace the added line with ?:\*
8. Click “Ok” to close the settings window;
9. open “Main window” > “Tasks” > “Firewall tasks” > “Hide ports”;
10. select the “Block incoming connections” option;
11. perform a reboot;
12. connect your computer to the network.

Preliminary remarks

This setup procedure is given in abbreviated form. The purpose of the article is to give readers a guide to the variety of configuration options for Comodo Internet Security. It is assumed that readers are familiar with previous articles and understand the reasons for certain recommendations. Only the most general setup details are given here. Additional measures, for example, against firewall bypass (through inter-process memory access, DNS queries and BITS), protection against ransomware or against keyloggers are described in the article on using proactive protection; about access to the local network - in the article about firewall, etc.

I would like to emphasize that this configuration is not “maximum”, but more or less balanced in terms of protection and ease of use. Unidentified programs are automatically virtualized without notification. HIPS alerts are possible, but they will occur very rarely.

The proposed option is intended for personal use by an experienced user, but it is not difficult to adapt it for “beginners” or users with advanced limited rights. You can, for example, turn off all notifications, or replace the automatic virtualization of unidentified programs by blocking them, or set the firewall to " Safe Mode"etc.

If following these instructions leads to any problems, I ask readers to report in the comments. Messages supported by configuration export files, a list of files and each CIS log for the entire period, as well as video recording and/or provision of remote access for diagnostics.

Installation and configuration

Installation

It is advisable to install CIS on a system that is guaranteed to be free of malware. Let me remind you that you need to update the system and do it backup copy. It makes sense to disable " Windows Firewall» via the «Control Panel».

If the system is clean of malware, it is advisable to “familiarize” CIS with the files on it. To avoid conflicts, you can disable the protection components at this time: antivirus, Auto-Sandbox, HIPS, firewall and Viruscope. First, let's perform a “Reputation Scan” (“Main Window” > “Tasks” > “General Tasks” > “Scan”) and after it is completed, we will make all found files trusted. Then we will launch various installed programs and their components. Let's reboot. In the advanced settings window, on the “File Reputation” > “List of Files” tab, mark all files and use the context menu to set them to a trusted rating.

Basic setup

After installation, open the “General Settings” > “Configuration” tab in the advanced settings window and enable the “Proactive Security” configuration. When prompted to reboot, we’ll respond “Postpone.”

If you have previously configured CIS, import the initial “Proactive Security” configuration from the program catalog under a different name and activate it.

If a notification appears about choosing a network status, select the “Public place” option.

On the “Content Filter” > “Rules” tab, make sure that the “Blocked Sites” rule is located at the bottom, and change it: add the categories “MVPS Hosts list” and “Symantec WebSecurity” and set the type of restrictions not to “Block”, but to “Ask” "

Context Menu Extensions

To copy files blocked by the antivirus, add the appropriate item context menu. All materials necessary for this with instructions are given in the archive.

Usage

If an unidentified program is detected, we do not make any concessions in protection without making sure that it is safe. The easiest way to check the program is through the context menu. I note that the absence of antivirus detections is not an absolute guarantee of security. But you can more or less confidently judge the safety of a file if it has been known for a long time and leading antiviruses do not recognize it as malicious.

As additional check You can run an unknown program in a virtual environment and then send the contents of the VTRoot directory to VirusTotal. You can independently examine the behavior of the program in a virtual environment by enabling Viruscope with the option “Apply Viruscope action only to applications in Sandbox" and opening the activity report. Viruscope also sometimes automatically classifies program behavior as malicious.

To install a new safe program, call up the context menu on its installer while holding down the Shift key and select the “Run as installer” item. If a HIPS alert occurs during installation, disable the “Remember selection” option in it and select the “Install or update” policy. After installing the program, we perform its first test run through the context menu item “Run as installer without elevation of rights” and close the program. Then, on the “File Reputation” > “List of Files” tab, we transfer the unidentified files of this program to trusted ones. We also add the directory with the new program to the trusted ones.

To update installed program we launch it using the “Run as installer” context menu item, perform the update procedure and similarly transfer new files from unidentified to trusted.

It is possible that a program runs in isolation even after it has been added to the trusted list. Typically, this happens when the program size exceeds 40 MB. The solution is to add the path to such a program to the “AllowedProgs” group.

If you need to temporarily run a program without restrictions, open the context menu on it while holding Shift and select “Run as installer without elevation of rights.” It is important to remember that such a program and its child processes will be able to run any unidentified file without interference.

When any unidentified file is isolated for the first time through Auto-Sandbox, a pop-up notification appears. I remind you that it is dangerous to press the “Don’t isolate anymore” button in it.

If any data needs to be carefully protected from damage, for example, by encryption viruses, we add the word “WriteProtected” to the end of the name of the directory containing it. The contents of directories like “C:\Docs\My Projects - WriteProtected” will be prohibited from being changed by any program except Explorer. When you need to change the data, we will either temporarily rename the directory, or move the data to another directory, and after finishing the work we will return it to protection.

You should look at the event log from time to time, especially the firewall and proactive protection (“Protection+”). There you may find that a certain program requires additional permissions, for example, to carry out an update. Then you will need to adjust the configuration accordingly.

When a program is blocked by an antivirus, first of all we send it to VirusTotal through the context menu. If we are completely confident in its security, we add this program to the trusted ones. If, despite doubts, the program must be used, copy it to the exceptions directory. To do this, open the context menu on it while holding Shift, select the item “Copy infected file...” and save it to the C:\Exclusions directory. From this directory the program will be launched as a normal unidentified program in a virtual environment.

If you are concerned that the program you are running will block the OS interface and prevent you from clearing the sandbox, you can limit its execution time. A convenient way to do this is the context menu item “Run in Comodo sandbox as restricted”, suggested in the article about the virtual environment.

If you need to run a dubious program in a real environment, we do this through the extended context menu item “Run without restrictions Auto-Sandbox”. We monitor program activity through HIPS alerts. To avoid a large number of them, you can immediately select the policy “ Limited application" or "Isolated" (by enabling the "Remember selection" option). Attention! Malicious program can start a trusted one, and HIPS will no longer monitor the activity of the child process, which can cause damage. As a mitigating measure, you can temporarily enable Viruscope in order to observe in more detail the activity of not only the dubious program, but also its child processes, and, if necessary, roll back changes.

Typically, HIPS alerts in this configuration will only occur when using the "Run without restrictions Auto-Sandbox" menu item or, less commonly, the "Run as installer" and "Run as installer without elevation" options. However, if HIPS alerts you to activity unidentified programs in other cases are a red flag. It may mean that an unidentified program ran before CIS or received SYSTEM privileges. I recommend selecting the “Block and complete execution” option in such an alert (disabling the “Remember selection” option in it), and then checking the system for vulnerabilities.

The little son came to his father and the little one asked:

- Whose defense is good, but whose is not so good?

I have no secrets, listen guys.

I publish my opinion on this matter below.

In fact, there is no better firewall, just as there is no best antivirus or browser - each computer user chooses his best software product.

I may have disappointed a lot of people now, but that’s how it is. A huge number of users believe that Comodo Firewall- the best free firewall for Windows and I don’t argue, but before it it worked fine for me for several years ESET NOD32 with its defender, and after him avast worked! Internet Security, also with a firewall...

An excellent and powerful free firewall for Windows

I never had any complaints about their protection until I experienced the last complex program for checking the reliability of the firewall.

He failed the test and the decision was made to change the firewall. The choice fell on Comodo Firewall - it is tested for reliability and, of course, is completely free.

Today I want to describe to you some of the nuances of installing it and configuring it.

Our whole life is a search for something. Search for money, fame, love... the best firewall or browser (folk wisdom).

The first question you may have is about the size of the installer for this firewall, which is downloaded after launching the web installer - 202 MB! Why such a wild size?

Because it has a whole bunch of unnecessary add-ons, they even shoved a browser into it.

I will now show you how to install one Comodo Firewall and after that you can safely remove this giant installer. But you still need to download the entire file using the link from the manufacturers’ official website, which is above...

I met it online, a long time ago, relieved installation file this protective screen, without additions, but firstly, it was not official, and secondly, I lost the link :)

Installing Comodo Firewall

Over time, program producers change the interface of their creations, improve them in every possible way, add new functions and remove unused ones... They have the right to do this. In any case, their logic, purpose and spirit always remain the same - based on this review, you can understand any form of software.

Here they are - unnecessary additions. Uncheck them and move on...

I already described it to you how to find the fastest DNS servers, so - COMODO DNS servers are not only slow, but also completely scared.

If you leave the top checkbox you will get yourself a headache - half of the sites will be blocked. I recommend leaving the second checkbox.

Be sure to go to the “Customize installation” item...

Here it is, our dear one - what would it be without Yandex!!!

Of course, we remove all the boxes...

We look around and find out where we are. If you don’t have your own home local network, I recommend clicking “I’m in a public... place.”

Congratulations! You have installed Comodo Firewall - the best free firewall for Windows.

Let's tweak it a little now...

Setting up Comodo Firewall

In fact, there are many configurations of this firewall settings - the Internet is littered with them (here is one of them). You can configure the defender in such a way that you won’t be able to breathe between its notifications, warnings and questions.

Or you can convince him to work quietly and unobtrusively - it’s up to you, I’ll give just a few tips below...

Go to the program settings...

...and check ALL the boxes in the advanced settings (as many people advise online), but if you have problems connecting to the Internet, uncheck the bottom two.

Here you can disable the display of the widget on the desktop if you don’t need it...

I left it, although I categorically do not like all sorts of widgets on the desktop. I edited it slightly by RIGHT-clicking on the firewall icon in the tray...

But here is the most terrible firewall setting, which will turn it into a real reinforced concrete wall...

Instead of safe mode, you can install...

In this mode, get ready for a million questions from the defense attorney on any occasion. But reliability check Now your Comodo Firewall will pass - 100%.

Firewall questions look like this...

You can check the box at the bottom of this window (remember...) and simply allow execution. This is if you know a program that is trying to access the network. You can also “Process as”...

This way we will get rid of repeated questions, for example, about the Nexus program contacting Clover.

The firewall is designed to protect network connections PC from scanning and attacks. Software in this category is mandatory and not optional, as many users mistakenly believe. Installation only antivirus program(without a firewall) only partially solves the security problem, since with open network ports the computer is still vulnerable to hacking.

One of the best network security options for PC is Comodo Firewall. Free software solution, has a proactive protection module, a sandbox (sanbox) with flexible settings, powerful tools for real-time OS monitoring.

Where and how to download Comodo Firewall, as well as how to install and configure it correctly, the following instructions will help:

Search and download

1. Make a request in a search engine firewall comodo.

2. In the search results, find the official website of the developer and go to it.

3. On the page that opens, on the right side of the image with offers under the inscription “Comodo Free Firewall”, click the “CONTINUE DOWNLOAD” button.

4. A panel will appear with a “Download Now” button, which you need to click to start downloading the installer to your PC.

5. Wait for the installer to finish loading.

Installation.

1. Run the downloaded installation program. On Windows 7 and older, this must be done with administrative user privileges. Click the PC mouse on the installer icon. Select the appropriate item from the context menu.

2. During the installation process, the user has the option to install/not install additional elements and services.

In order to exclude the installation, you need to uncheck the box next to the option name.

3. Wait until the installation wizard activates the license. Progress will be displayed as a percentage in a new window.

5. In the firewall widget that will appear after installation on the right side of the desktop, click on the “Requires attention” message.

6. The comodo panel will appear on the display. Click the “Fix” directive.

The PC will automatically reboot and the firewall settings made will take effect.

7. In order to no longer display the general information panel when you restart the program, you need to set the “Don’t show again...” option at the bottom of the panel.

and close the window.

8. The correct installation of Comodo Firewall will be indicated by a tray icon.

Flexible settings for network traffic filtering in Firewall Comodo allow you to maximally adapt its functioning in relation to specific user tasks and build a reliable bastion of port protection. And also make the process of using the firewall as convenient and understandable as possible.

How to open the settings panel.

1. Firewall settings are accessed through the main Comodo management menu. To open it, you need to double-click the firewall icon in the mouse tray.

2. In the menu that opens, click the “Detailed summary” button at the top left.

Groups of settings.

The settings panel consists of three functional blocks (the screenshot shows one of optimal options settings):

1. Operating mode.

The topmost block of the menu. The checkbox next to “Enable Firewall...” indicates that the firewall is activated and protects the PC. If you need to change the mode, you need to click on the adjacent button located to the right. A drop-down menu will open with the following options:

Full blocking– any network activity is excluded. Great for emergency shutdown in case of problems or infection of the PC.

Custom set of rules (recommended) – strict control over connections, requires user participation. Each network request, if there are no rules for its connection, will be accompanied by a Comodo question - allow/block.

Safe mode - along with the rules created by the user, the firewall automatically allows network activity of software that is in its trusted list. With this semi-automatic configuration, the firewall asks fewer questions and, accordingly, is less distracting.

Training mode – the firewall performs only the function of monitoring events, without interfering with application activity.

2. Alert settings.

The options in this block are responsible for the user information system:

3. Advanced settings. Enabling these options increases the level of protection against intrusion:

1. “Enable IPv6 filtering…” - control over connections via the IPv6 protocol;
2. “Enable loopback filtering...” - control over connections that use the loopback connection mechanism (the application that sent the traffic also receives it);
3. “Block fragmented...” - all fragmented IP traffic will be blocked. Prevents many malware probing and launch methods;
4. “Analyze protocol” - detecting fake packets. If the protocol does not comply with the standard, it is blocked;
5. “Enable protection…” - preventing traffic interception through an ARP spoofing attack;

As they say, the flight is normal, only the product is paid and after 30 days it will stop working and ask for money. Tell me, is there any free firewall of the same quality?

Hello friends! Today's article is about the popular and free firewall Comodo Firewall.

Security software from the developer company Comodo Group has gained popularity in the software market due to the presence of software products three important components - a popular field of application, simplicity and convenience of the interface, as well as free distribution. It is worth noting the flexibility of the developers’ approach. Thus, a computer protection software package consisting of an antivirus, a firewall, a Sandbox and other modules can be installed either entirely or selectively by installing only individual modules of either the Comodo AntiVirus antivirus or the Comodo Firewall into the system. It is the latter that will be discussed in more detail below. Let's look at the features of the Comodo Firewall, how to install this program and how to configure it.

Tasks and features of Comodo Firewall

Comodo Firewall, despite the fact that the product is free, provides complete protection of your computer from online threats. Moreover, it has more than once become the winner of various tests conducted by Internet software resources in order to identify the best software solution of the Firewall class. Comodo Firewall is able to protect against attacks from hackers and malware spreading over the network at the same level as paid advanced firewalls such as Outpost Firewall Pro. To put it simply, you won’t find software of the same quality and especially free on the market..

Comodo Firewall analyzes suspicious program activity on your computer and checks all of its active components, blocking the launch of anything that could harm your computer. The program's Stealth Mode makes your computer invisible to port scanning by malware. Comodo Firewall automatically detects the trusted zones of your computer, that is, those folders and files that are authorized to be opened by public access over your home or local network.

Unlike its counterpart, which does not work well with every antivirus on the same system, Comodo Firewall is more loyal in this regard. Even if you do not like the specificity or effectiveness of the Comodo AntiVirus antivirus module, you can install any other antivirus, since Comodo Firewall, as a rule, does not conflict with third-party security software.

Several operating modes and flexible settings of Comodo Firewall will allow both beginners and more experienced users to configure the desired behavior of the firewall.

Installing Comodo Firewall

Run the downloaded Comodo Firewall installer.

The installation process is somewhat different from the standard one, since it initially involves setting some parameters for the program. After selecting the program language, we will see the installation wizard window, where you need to select some options. It is not necessary to indicate your email.

You can leave all the preset options without changing anything only in the following cases:

When it comes to a powerful computer or laptop and a high-speed Internet connection;

You fundamentally want to participate in the improvement of security software, in particular Comodo products, so that the company improves user protection;

You don't trust your ISP's DNS.

A window will open with options for installing the program, where the developer, hoping that you will quickly complete the installation and not delve into the installation settings, has prepared, in addition to the Comodo Firewall, the automatic installation of two more programs - this is the client technical support from the developer Comodo GeekBuddy and a browser with enhanced protection for web surfing Comodo Dragon. There is no point in contacting the first program for those who do not know English language and is not going to pay for technical support from Comodo at the end of the free period. You can download another program - the Comodo Dragon browser based on Chromium - for free on the Internet and install it at any other convenient time when the question arises about changing the browser.

Now you can safely press the “Forward” button.

In the next window, we are forced to install Yandex elements along the way and the omnipresence of this search engine in the browser. Let's refuse this service, since it can hardly be called a missed opportunity in life. Click the start installation button below.

The program will install. After launching it, we will see that the computer needs to be restarted. Click the “Fix” button.

Launching Comodo Firewall

The computer will reboot and we will find a lot of Comodo Firewall windows on the desktop - information about Comodo technologies, a program gadget and a window presets firewall, where we need to indicate which network the computer is connected to - home, work, or a network in a public place, for example, with a Wi-Fi access point.

After this, Comodo Firewall will minimize to the system tray, from where the program interface can be called up at any time.

For any actions performed on the computer for which the firewall has not yet created a rule, you need to give it approval, unless, of course, we are talking about an unauthorized launch.

You will have to approve the launch of every program unknown to Comodo Firewall on your computer until the firewall develops rules of behavior for each of the programs launched. Of course, at first you will have to tinker, but this is actually a small price to pay for the ability to control network connections.

Setting up Comodo Firewall

Comodo Firewall is designed for a wide range of users, including beginners, and the computer will be safe even with the settings preset by the developer. But more experienced users will certainly be interested in using the capabilities of Comodo Firewall for enhanced computer protection.

We launch the firewall using its shortcut in the system tray. In the main window that opens in front of us, we see the program status - the computer is protected. We also see the number of network intrusions, the number of blocked intrusions, and software updates.

Using the button in the upper left corner, we can switch to the program displaying a detailed summary. And then return to the summary view again.

In the main window of Comodo Firewall there is an option " Game mode" Game mode is essentially a full-screen mode not only in games, but also when watching videos, as well as in any other applications that are displayed in full screen. When we switch to this mode, the firewall will not bother us with its notifications and will make all decisions itself.

To open advanced firewall settings, in the main Comodo Firewall window with a detailed summary, click the “Firewall” link.

Will open detailed settings firewall, where you can change certain preset parameters.

You can, for example, at the top of the settings window, change the preset “Safe Mode” of the firewall, when the network activity of programs in the list of trusted ones is allowed, and Comodo Firewall does not jerk on every occasion, to other modes. For example:

“Full blocking” - in this mode, any network activity is excluded. This mode is simply irreplaceable if your computer is infected with a virus.

“Custom set of rules” - as the name of the mode implies, it provides for strict control and user participation in decision-making for each network request for which there are no previously defined rules.

“Learning mode” - in this case, Comodo Firewall does not interfere with the activity of running programs, but only monitors events.

Comodo Firewall Advanced Settings

1. At the beginning, I suggest changing the default (default) grey-cheerful “face” Comodo Firewall for something more interesting. To do this, in the same “Miscellaneous” tab, click “ Settings" → "Appearance " → in "Theme" change the "gray" theme "COMODO Default Normal" to, for example, "COMODO Blue Norma" (first screenshot) and, "dressed up", move on.

2. The first of the program's advanced settings will be to enable the "invisibility" mode of your computer on the network. To do this, in the tab " Firewall"click applet" Hidden Port Wizard "→ select" Block all incoming connections and hide my ports for all incoming connections "(screenshot above) and confirm your choice via " OK ".

3. Further, in the same tab " Firewall"let's go to" Firewall settings " and on the "General settings" tab we activate " ". Now allowing rules will be automatically created for all applications from the list of trusted ones, which will save you from unnecessary permissions manually. In addition, check the checkbox next to the item "Automatically discover new private networks " (which can be removed after detecting your network) and, most importantly, " Firewall mode "we leave unchanged" Safe ".

Confirm all changes in settings with the " OK".

4. Let's move on to the mode settings" Proactive Defense". To do this, in the tab " Protection+"click" Proactive Defense Settings " and, by analogy with the previous settings item, activate " Create rules for secure applications ". If you are confident that the system is clean from viruses and have an effective anti-virus scanner (the need for which I wrote in the note " ") like free, then feel free to put " Clean PC mode " – again, to get rid of “annoying” alerts. Also check that there is no checkbox next to " Enable enhanced protection mode " and presence - opposite the point " A adapt the operating mode at low system resources " (no comments).

5. In the same settings of Proactive Firewall Protection in the " tab Application execution control settings "check that unrecognized files are treated as " Partially limited " (default) or " Suspicious " – under other settings, some applications will refuse to launch.

6. For users of older versions Comodo Firewall< 5.3 рекомендуется отключить в программе режим "Sandbox " ("Песочница"), по отзывам, работающий некорректно. Лучший вариант – просто перейти на последнюю стабильную версию брандмауэра (на at the moment– v. 5.10), which can be downloaded, for example, from the Catalog of Selected Software. In this case, disabling Sandbox mode is not required.

And don't forget to confirm changes in settings with the " OK ".

Note: When Proactive Defense is completely deactivated, this option ("Sandbox") is automatically disabled.

7. The final tweak from the "optional" category: in the " tab Miscellaneous " → "Settings"→ on tab" General"Uncheck the box next to the item" Automatically check for program updates" (penultimate screenshot), especially since the option " Check for updates "always "at hand" (last screenshot).

Another click on the " OK" and you can close the appropriately configured Comodo Firewall- after reboot Windows, with this configuration, “comfortable” for the user, the program reliably protects the computer from network threats.