| CyberDefenseGuide A How-To Guide To Internet Security and Windows Repair |
| Internet Security | Windows Repair |
| Remotescan Remote Virus Removal and Security Maintenance Service Remotescan |
| Firewall |
If your current firewall has failed leaktests and cannot be configured more securely then you can download this top rated free firewall.
DOWNLOAD Comodo Internet Security
Includes virus scanner, monitoring and attack detection. Detects malware as you come across it, giving you a warning and allowing
you to delete it immediately. It's also one of the easiest ways to stealth all your ports to make your pc invisible to cyber attackers.
Opinion is divided about this program but it is an excellent attempt at complete security protection for free.
"The program is complicated and asks you either too many questions or not enough (depending on your setting)."
"I found it very frustrating and uninstalled it as a result."
But if you're willing to put in the time you can learn how to use it effectively and will feel like
you finally have control over everything that tries to install itself on your pc.
This guide will walk you through setting it up, and explains how to handle alert popups to allow or block individual files being installed.
Before you install Comodo or any new firewall you should do a full Antivirus scan to check your Windows processes
are free from infection and safe to Allow through the firewall. I advise also running the System File Checker utility.
Open the command-line by clicking Start/Run, type cmd, then click OK. In the popup window type sfc /scannow
You will need your Windows disk in the drive to replicate any damaged/infected files it finds.
After the scan you should do a manual Windows Update to update any files that were replaced.
Uninstall any previous firewalls first, and disconnect from the internet until you have Comodo firewall running satisfactorily.
Bear in mind that using a firewall properly requires some level of user interaction to maintain security.
You must be ready to respond to firewall alerts to allow legitimate programs access to the internet when they ask for it, like browsers,
games, chat, p2p etc. But you must be ready to Block other programs that you don't recognise as legitimate, like new downloads that
you haven't scanned for viruses, especially from email attachments and torrent sites - these are the main sources of virus programs.
If you miss the alert for a legitimate program because for example the program is running in full screen (like most games) then you may have to
check the desktop to Allow the alert popup before your program will connect to the internet. To jump out of a fullscreen program to the desktop
press Ctrl and Esc together or either of the Windows keys (on left & right of the Alt keys). To return to your program click its tab on the taskbar.
The alert popup stays for 2 minutes but if you miss an alert the program will be automatically blocked once.
You may need to restart your program and try to connect it to the internet again in order to generate another popup alert that you can Allow.
Browsers are detected by Comodo when you first run one after installation. They have their own special rules that are automatically set up.
Setup help from Comodo.
In most cases, if you scan every file for viruses before you open it, then you can safely Allow a popup.
It will prompt you every time you run a file, so once you're convinced the file is harmless you can also tick Remember My Answer.
If the same file/software gives several popups while you run it, you can set it to Treat as a Trusted Application
when you first open it and relatetd popups will usually be cancelled.
If the file is a software package or installer then you can select Installation Mode to stop all the popups from the installation process.
The default configuration of Comodo is Training Mode and in this mode it will fail a leaktest.
Rightclick the Comodo icon in the notifications area or tray and set the following recommended settings:
The Defense+ Security Level should be set to Safe Mode.
The Antivirus Security Level should be set to Stateful.
The Configuration should be set to COMODO Proactive Security.
The Firewall Security Level should be set to Custom.
These settings are the safest and consequently generate popup alerts on every new file you open or run.
Therefore you have the most control over what gets installed onto your system (right down to registry entries) but it can be annoying
when you go through lots and lots of software. If you do reduce your Security Levels to reduce the number of popup warnings then
you should at least scan each file before running it - rightclick the file and select Comodo Antivirus for a quick virus scan.
After installing and rebooting there will be certain programs like videocard and soundcard software that prompt a popup warning.
You can set Firewall and Defense+ to Training Mode which will discreetly and automatically Allow and Remember these programs
but if you want to know if any undetected malware is running then you should use the settings recommended and investigate each popup.
These are some Windows elements that may cause a Firewall alert popup for trying to access the internet, namely svchost.exe
(Generic Host Process for Win32 Services), csrss.exe (Client Server Runtime Process), rundll32.exe (Run a DLL as an App),
lsass.exe (Local Security Authentication Server), alg.exe (Application Layer Gateway), explorer.exe (Windows Explorer),
ctfmon.exe (Office XP), ccapp.exe (Norton AntiVirus), services.exe (Services Control Manager), smss.exe (NT Session Manager),
winlogon.exe (Windows Logon), mdm.exe (Machine Debug Manager), msascui.exe (Windows Defender).
In most cases you should Block these Windows programs and tick the Remember My Answer box.
However, many programs use svchost, so if this prevents a legitimate program from working then you can change the policy from Block
to Allow in Comodo under Firewall/Advanced/Network Security Policy, or you can remove the program from the list and you will
get the popup back again the next time you run it. If you don't tick Remember then you can decide what to do each time.
In the following cases you can safely Allow these programs through the firewall- spoolsv.exe (if printing across a network),
wuauclt.exe (for Windows Update), jusched.exe (to allow Java to update itself), javaw.exe (more java), javaws.exe (more java),
and jqsnotify.exe (more java). More to follow..
If anything asks to access 127.0.0.1 this is fine, it is the network loopback system where a program can test network functionality, like an internet sandbox.
Examples of safe custom settings for certain programs (Firewall/Advanced/Network Security Policy)-
svchost.exe -
Block and log IP in from IP any to IP any where protocol is any
Allow IP out from IP any to IP any where protocol is any
Allow TCP in from IP in [192.168.0.1/255.255.255.0] to IP any where source port is any and destination is any (used for internet gateway)
If you are on a LAN, are using one computer to share an internet connection, or are behind a router, run the Stealth Ports Wizard
(under Firewall/Common Tasks).
Select 'Define a new trusted network' and enter your LAN details. Your pc will detect your internet gateway and give your pc access.
If you select 'Alert me to incoming connections' your pc will detect an internet gateway if it is available and ask you if you want to use it.
If you set it 'Stealth my ports to everyone' you may not be able to connect to the gateway pc or use P2P applications.
You may need to change certain core settings in Comodo to close any vulnerabilities.
Under Defense+/Defense+ Settings tick the boxes for Trust the applications digitally signed by Trusted Software Vendors and
Block all the unknown requests if the application is closed. Under the Monitor Settings tab make sure every box is ticked.
You will receive alert messages whenever legitimate programs access the keyboard or internet for example, so the first time it pops up check
it's a legitimate game or program and just Allow the alert and Remember. A legitimate program is one you know should be allowed access
to the keyboard (most games) or the internet (browsers, antivirus updaters, online games etc). You are basically looking for anything trying to
do something without your say so - something that you haven't clicked to run, or something you have run but is asking for elevated privileges,
access to system files and folders etc
To tighten up core firewall settings go to Firewall/Attack Detection Settings/Miscellaneous and tick
Block Fragmented IP datagrams, Do protocol analysis and Monitor other NDIS protocols than TCP/IP.
You can experiment with Do packet checksum verification if it doesn't slow down your internet much.
To tighten up your antivirus settings go to Antivirus/Scanner Settings and under each of Realtime, Manual and Scheduled Scanning you
can set Heuristic Scanning Level to High - this will make your scanner look for potentially dangerous code inside a file but it may flag up
legitimate programs occasionally. In most cases these will be 'false positive' results so you can usually ignore them if you know the program
is safe, or you can uninstall the program in question and reinstall a fresh version incase you think it has been compromised by malware.
To find out for sure you can send the file to Comodo under Miscellaneous/Submit Suspicious Files.
Most remote support programs and some antivirus programs will be false positives (only if you know about their existence beforehand of course).
Once you're happy with your firewall's setup you should create a password to protect Comodo's settings from tampering under
Miscellaneous/Settings/Parental Control/Enable the password protection for the settings.
Here you can also suppress all alerts from the firewall, system and antivirus scanners,
this will automatically block any threats that would otherwise poupup an alert.
In the event you ever have to reinstall Windows and set up Comodo from scratch, you can make a backup configuration file to restore your
current settings to the new installation. Open Comodo, select Miscellaneous, Manage My Configurations. Select the configuration marked
as 'Active', which should be COMODO - Proactive Security, and click Export, select a location for the file (ideally an external harddrive)
and name it ComodoConfig or something similar, and add the date, e.g. ComodoConfig240110.
Once you have reinstalled Windows, install Comodo, go to Manage My Configurations and simply click Import and locate your ComodoConfig file.
©Helptree Services 2010