Comodo Firewall Pro 2.4
Contents
1. C 0 M 0 D O Creating You can uninstall Multi Languages in Comodo Firewall Pro as follows STEP 1 Uninstalling Comodo Firewall Pro 1 To uninstall an addon Click Start gt Programs gt Comodo gt Firewall gt Uninstall you would get the following screen To proceed with uninstallion Click Yes to continue COMODO Firewall Pro x Bd You are about to uninstall COMODO Firewall Dro Would vou like bo continue STEP 2 Uninstalling a Specific Language 2 To uninstall Comodo Firewall Pro from the system select Remove the entire product from the system To remove a specific language select Remove the specific supported language s for the product and Select the language which you need uninstall from the list of languages appearing in this section Then Click Next to proceed or Click Cancel to exit the uninstallion wizard COMODO Firewall Pro Unirstatation Remove the entire product from the system Ce Remove the specific supported languagets For the product fa Turkish Cancel STEP 3 Finish 3 Once the uninstallation of the language is finished the following screen would appear Comodo Firewall Pro 2 4 User Guide 23 C 0 M 0 D O Creating Uninstallation j x SA COMODO Firewall Pro Language specific support for COMODO Firewall Pro is removed successfully starting Comodo Firewall After installation Comodo Firewal2. A set of ports comma seperated e g 80 443 Figure Define Port A Port Number is used to decide which service you are about to use for example Web browsing HTTP has a port number of 80 You must enter which ports are used by the application s by selecting the port number s from the list Define Port Types 1 You can choose any port number by selecting Any set by default 0 65535 2 You can choose a Single Port number by selecting Single Port and selecting the single port numbers from the list 3 You can choose a Port Range by selecting Port Range and selecting the port numbers from the From and To list 4 You can choose a set of ports seperated by commas eg 80 443 Miscellaneous tab Destination Port Allow invisible connection attempts Skip advanced security checks Limit number of connections Allow invisible connection attempts Checking this box means the application is trusted to make invisible connections to the internet and will not generate an alert Comodo Firewall Pro 2 4 User Guide 68 C 0 M 0 D O Creating Skip advanced security checks This option is for applications which user allows but still for some reasons they fail to connect eg AVG e mail scanner Limit number of connections This controls the amount of connections per minute that an application can create If you select this feature then the menu defaults to a limit of 10 connec
3. Parent Application Path CAWINOOMW4 S Vexplorer ese Version gt 6 00 2900 2190 Company Microsoft Corporation Security SAFE Description explorer exe is the Windows Program Manager or Windows Explorer It manages the Windows Graphical Shell including the Start menu taskbar desktop and File Manager By Update License You can update the Comodo Firewall Pro license by clicking on the Update License tab in the main Comodo Firewall Pro GUI and the license wizard will open to guide you through the process of updating your license After activation of your license the summary screen will no longer show this link Computer Security Level Comodo Firewall Pro allows you to customize firewall security by using the Computer Security Level slider to change preset security levels The Computer Security Level Slider allows you to select Block All Custom or Allow All security settings by adjusting the slider to change the security levels Comodo Firewall Pro 2 4 User Guide 40 C 0 M 0 D 0 Creating To Change the Computer Security Level slider 1 Open Comodo Firewall Pro GUI 2 Inthe Computer Security Level adjust the slider to Block All Custom or Allow All Fa Computer Security Level Sy Test your current security configuration Custom Your computer s security level is set ta Custom Custom This means all restrictions set by you are applied Block All Allow Al Figure Com
4. Block gt Ask Cancel If any of the components loaded by application is set to be blocked the application is not allowed to connect So in order for an application to connect out all it s components must be allowed Comodo Firewall Pro 2 4 User Guide 71 C 0 M 0 D 0 Creating When you select Ask against a component you will be prompted to Allow Deny access every time this component appears in any application s memory Component monitor Ont When Turn Off is selected the Component Monitor section of the Summary screen will dispay ES Component Monitor Deactivating the component monitor means the firewall does not check components loaded by an application making a connection and therefore any rules set for it s components are ignored Component monitor Learn Mode When you install Comodo Firewall the Component Montitor is set to Learn mode by default eh Component Monitor Whereas the number of internet accessing applications will usually be relatively small there is always a huge number of components loaded within these applications By enabling learn mode the firewall will be forced to learn and build the component profile of the PC Whenever an allowed application attempts to connect to the internet Comodo Firewall will add all the components it loads to the control rule list By default each of these components inherit the applications Allow status Users have the optio
5. Choose options Once you understand the risk you can respond in the following ways Remember my answer for this application check this box to instruct the Firewall not to generate an alert again if the parameters of the application are the same Allow allows the current instance of the application to access the internet according to the declinated parameters Deny Blocks the application from accessing the internet More Details Fei If you are unsure about the application you can view more information about the application by clicking the icon at the top of any alert K COMODO Firewall Pro Application Detalls E C Parent Application Path CAProgram Files Internet ExplorersiESPLOAE EE Version gt 6 00 2900 21 80 Company Microsoft Corporation Security E OARE Description euplore eveiz the main executable for Microsoft Internet Explorer This Microsoft Windows application allows you to surf the web and local ntranets Figure More Details About The Application Selecting the Parent Application radio button enables the user to view information about the application that originally caused the child application to try to access the internet In this case Explorer exe commanded Internet Explorer exe to access the internet Explorer exe is therefore the parent application to Internet Explorer exe om COMODO Firewall Pro x Application Detalls x Smee Application Parent Applica
6. Define a new Trusted Network gt Scan For Known Applications Comodo Firewall Pro 2 4 User Guide 53 C 0 M 0 D O Creating Define a New Allowed Trusted Application This shortcut represents a convenient way to create an automatic allow rule by configuring the level of trust that individual applications have Comodo Firewall Pro allows you to prepare a list of trusted allowed applications and configure their access rights to networks and the internet 1 Click on Add a New Allowed Trusted Application link 2 A dialogue box will appear asking you the select the application to be allowed Trusted Application i COMODO Firewall Pro zx Trusted Applicaton Specify Application OE Specify the Parent Application C Cancel Figure Select Application to be allowed 3 Click browse to locate the application on your local or network drive Trusted Application r rE awe COMODO Firewall Pro S Specify Application CAD ocuments and Denge uuvataiJlesklopclog Specify the Parent Application Cancel Figure Application to be allowed selected 4 The selected application appears along with its location in file system path 5 You are given the option to specify an application s parent as well Check the box and browse to locate the Parent Application The Firewall will automatically learn it even if it is not specified Comodo Firewall Pro verifies the
7. 0 0 0 0 0 0 0 0 al Name st IP Address Subnet Mask Type Adapter MAC Address 00 13 02 57 23 95 Next gt gt Figure Comodo Firewall Summary Comodo Firewall Pro 2 4 User Guide 34 C 0 M 0 D 0 Creating Highlights The Highlights section displays information about Security Alerts and News related to Comodo Firewall Pro amp latest Critical security updates You can view information about News and Alerts by clicking on News and Alerts tabs in the Highlights section of the main Comodo Firewall Pro GUI News This section contains direct news feeds from from the Comodo Server You can also download the latest information about critical security updates and latest news about Comodo from the News section Hews Join the Comodo Forums wand meet up with thousands of other Comodo users to ask questions find answers make suggestions about our products Figure News Traffic Info Comodo Firewall Pro produces a Traffic history graph to give an overview of the last one minute of your traffic history in terms of the most used Applications and Network protocols Application You can view the information about the most active applications in the last 1 minute based on the traffic used by the applications The Application Traffic History graphs produce a real time picture of the last one minute of your traffic in terms of the highest number of simultaneous open network connection
8. 2 4 User Guide 43 C 0 M 0 D O Creating Ge Comodo Firewall Pro Automatic Updater s COMODO Firewall Pro Updater Checking updates If the software finds any new updates it will start installing Ge Comodo Firewall Pro Automatic Updater f ml El COMODO Firewall Pre Updater Installing updates 42 Once the installation of updates is finished the message Updates have been installed will appear on the screen Comodo Firewall Pro 2 4 User Guide 44 C 0 M 0 D O Creating Ge Comodo Firewall Pro Automatic Updater Vo liam ae COMODO Firewall Pro Updater Updates have been installed After the installation process is completed Click OK It will request you to restart the system T SECURITY ACTIVITY Custo comol The Firewall has E Jick here to try s Ir Free products download and us Updates have been installed on Validity Exp ype Expired re gt iy Comodo Firewall Pro Automatic Updater ES Comodo Firewall Pro requires system to be re started For update to take affect Do you want to re start the system now S IS e oF ication Behavic iter Security Le our current secu E Realtek RTL OR Help i Family POI F z 192 165 20 Subnet Mask 255 255 25 Type Ethernet Ad lack all Sikh Your computer s security level is set
9. MB available RAM e 32 MB of available free hard disk space Comodo Firewall Installation Before you install Comodo Firewall Pro read the installation instructions carefully and also review the system requirements listed in this chapter Installation Process To install download the Comodo Firewall Pro setup files to your local hard drive Next double click on downloaded setup to start the installation wizard and follow the process as below STEP 1 Uninstall Other Firewall Programs 1 Before you install Comodo Firewall Pro you must uninstall any third party Firewall programs installed in your PC This is necessary as other firewall programs may interfere with the installation of Comodo Firewall Pro and reduce the protection offered by it Click Yes to continue COMODO Firewall Pro Installer x lt 3 In case vou have any third party personal Firewall installed please un install that before installing COMODO Firewall Pro Would you like bo continue Figure Uninstall Third Party Firewalls Comodo Firewall Pro 2 4 User Guide 10 C 0 M 0 D O Creating STEP 2 Welcome Dialogue box 2 The set up program starts automatically and the Welcome wizard is displayed At this time you may cancel the install process or continue with the Comodo Firewall Pro Setup program It is recommended that you exit all Windows programs before running the setup Click Next to continue T COMODO Firewall Pr
10. Port Scan 4 The Fourth Column Date amp Time represents the date and time when the alerts were triggered Comodo Firewall Pro 2 4 User Guide 37 C 0 M 0 D 0 Creating Context Sensitive Menu Right clicking on the alert list reveals a context sensitive menu containing futher log options Application Behavior Analysis Suspicic Show Logs For d Log Events From P SuspicioL suspicio Export HTML Suspicion j Clear All Logs Suspicio Show Logs For The user can choose to view logs of all alerts from Today Last 7 days or Last 30 days The default is to show today s alerts only Log Events From There are four seperate components of Comodo Firewall that have the potential to populate the Log area with the alerts they generate This entry lets the user change which events are recorded in the logs according to the component that generated them By default alerts generated by all four components are recorded Comodo advise users to leave this setting at the default Export HTML Users can export a more detailed HTML copy of the logs to local or network drives This is very useful for records and troubleshooting purposes Click the Export HTML entry choose a filename and destination and click Save Clear All Logs Empties the current view Types of Alerts There are three types of alerts based on their severity levels High Medium and Low High Medium and Low Severi
11. application s behavior and detects any suspicious activity before allowing internet access This powerful new feature enables it to detect more trojan activity than any other firewall including e DLL Code injections e Hidden Connection Attempts NEW Defense against Trojan Protocols Comodo Firewall Pro now features advanced protocol driver level protection essential forthe defense of your PC against trojans having their own protocol drivers NEW Smart Alerts Alerts are completely redesigned in Comodo Firewall Pro They are now simple and more intuitive Every alert now includes a Security Considerations section which provides significant advices to users Each alert also has an associated Security Risk level shown on the top of it to help users decide a course of action Although they are simple the new alerts also have an option to be more verbose or simple Basic popup logic removes unnecessary popup alerts whereas verbose logic reveals each activity to provide more details NEW Windows Security Center Integration Comodo Firewall Pro is now recognized by Windows XP SP2 Security Center as a trusted firewall and reports its state NEW Self Protection against Termination of Critical Firewall Processes A Trojan Spyware Virus may need to disable the firewall protection before performing its malicious operations Comodo Firewall Pro secures itself to make sure its critical processes are always active and running NEW PC Security durin
12. cause error message FIXED When no adapter active was showing wrong adapter information New in Version 2 3 4 NEW Reduced Memory Usage NEW Added Protocol Analysis Option Protocol Analysis is key to the detection of fake packets used in denial of service attacks This new feature means Comodo Firewall Pro checks every packet conforms to that protocols standards If not then the packets are blocked NEW Added packet checksum verification feature Comodo Firewall Pro 2 4 User Guide 5 C 0 M 0 D 0 Creating Every packet of data sent to your machine has a signature attached Comodo Firewall Pro will recalculate the checksum of the target packet and compare this against the checksum stated in the signature If the two do not match then Comodo Firewall Pro will block the packet Altered checksums indicate that a packet has been altered since transmission NEW Added an option to define Alert Frequency level Users can now quickly configure the amount of alerts that Comodo Firewall Pro generates by raising or lowering a new slider NEW Added defense for own registry keys and files against malware tampering Meaning that Comodo Firewall Pro registry entries and files cannot be deleted or modified either accidentally or deliberately This vital security feature prevents malicious programs or intruders from being able to shut down or sabotage your installation of Comodo Firewall Pro NEW Added Suspicious file submission capability
13. connect to the Internet hat would you like to do Details ei Application g explore exe Remote IP 4 739 142 200 Port Attp 80 TCF Parent tooleaky ese Gh Send to COMODO for analysis Security Considerations it i x iexplore exe i an invisible application Invisible aha applicatione connecting to the Internet could be a sign of trojan spyiwareviris activity A new parent application hat been detected for explore exe tooleaky exe may be Using lexplore exe to connect to the Internet OLE Automation This alert occurs when any application is deducted to occur by misuse of COM OLE interfaces which can hijack other applications Comodo Firewall Pro 2 4 User Guide 32 C 0 M 0 D Creating 0 K e irevwra Pro 7 ue COMODO Firewall Pro Security Alert Internet Explorer i tring to connect to the Internet What would pou like to do Details Fe Application E iexplore exe Remote IF 195 131 4 164 Port Attp s0 TCF Farent F tooleaky exe Gh Send to COMODO for analysis Security Considerations x C Leaktesters PCFlank exe has tried to use evplore exe through OLE Automation which can be used to hijack other applications PCFlank exe might be using explore ese to connect to the Internet Remember my answer for this application Comodo Firewall Pro 2 4 User Guide 33 C 0 M 0 D O Creating Firewall Summary The Main Interface Afte
14. denied by specifying it in filtering rules This section lets you manage the network zones Send files to COMODO for analysis Suspicious about a file You can send it to Comodo Research Lab for further analysis Define a new Trusted Network This wizard will help you to define the network zone from to which all network trafic will be allowed Figure Firewall Security ra E E si Define a new Banned Application Select an application for which you do not want to grant any Internet access rights Check for updates Make sure you have the latest versions af COMODO Firewall Pra and the safe application database Need Help Need Help Find the answers to your questions at COMODO forums Our developers regularly post and we d lowe to hear fram you Scan for known applications Searches your DC for a wide range of popular applications such as Internet Explorer Skype or MSM Messenger and allows you to automatically create the Internet access rules for them Comodo Firewall Pro 2 4 User Guide 52 C 0 M 0 D O Creating Tasks The Tasks section allows you to create rules for applications and network connections through a series of shortcuts and wizards The section contains two main areas Tasks and Wizards COMODO Firewall Pro COMODO Firewall Pro SY SUMMARY SEC ACTIVITY Application Define a new Trusted Application Monitor T Select an application for which you SS
15. icon and the management interface will open 2 CoOMooo Firewall Pro Figure Comodo Firewall Pro Desktop Shortcut Your computer is automatically protected by the firewall every time you start it You do not have to explicitly start the firewall to protect your computer The start screen of the firewall appears every time you re start your computer Furthermore the main window of the Comodo Firewall Pro will be opened by default when you re start your computer If you choose not to show the application window upon system start up by unchecking this setting inProgram Settings under Advanced Configuration Via the main window the Comodo Firewall Pro is administered You find information on the main window and on administering the Comodo Firewall Pro in Firewall Summary Firewall Activity and Firewall security Comodo Firewall Pro 2 4 User Guide 15 C 0 M 0 D O Creating Gi COMODO Firewall Pro RI F h Vi k w COMODO Firewall Pro 5 LANGUAGE UPDATER HELP ABOUT Zb E SUMMARY SECURITY ACTIVITY COMODO Firewall Pro Phishing Victim Don t be See how The firewall has logged O high severity events LU Comodo can protect you with yet another free tool Please CLICK Subscription Validity Lifetime License Type Full eh Security Monitoring Lei Application Monitor On es 10055 cpfupdat exe e Protection Strength GU Component Monitor Learning Lei Networ
16. internet For a more detailed explanation of the type of information you will see in this area please refer to Types of Alerts Choose options Once you understand the risk you can respond in the following ways Remember my answer for this application check this box to instruct the Firewall not to generate an alert again if the parameters of the application are the same Allow allows the current instance of the application to access the internet according to the delinated parameters Deny Blocks the application from accessing the internet More Details ij If you are unsure about the application you can view more information about the application by clicking the more details Icon iy When you click More Details a dialog window will appear with detailed information about the application helping you decide what to do SG COMODO Firewall Pro Application Detalls E C Parent Application Path C Program Files Internet E splorel Es PLORE EE Version lt 6 00 2900 21 80 Company Microsoft Corporation Security gt SAFE Description evplore eue is the main executable for Microsoft Internet Explorer This Microsoft Windows application allows you to surf the web and local mtrarets Selecting the Parent Application radio button enables the user to view information about the application that originally caused the child application to try to access the internet In this case Ex
17. of currently installed programs click Comodo Firewall Pro e Click Change Remove 2 A dialogue box appears asking for confirmation of uninstallation Click Yes to uninstall Comodo Firewall Pro You are about to uninstall Comodo Firewall Pro Would you like bo continue Figure Uninstall CPF configuration settings 3 Next the firewall notifies you that the Comodo Application Agent is to be shut down Click Yes to continue uninstallation Comodo Firewall Pro C Program Files Comodo Comodo Firewall Pro x c Comodo Application Agent service is going to be closed a IF you are uninstalling or upgrading Comodo Firewall Pro press Yes Otherwise press No Comodo Firewall Pro 2 4 User Guide 21 C 0 M 0 D O Creating 4 A Setup Status dialogue box informs you that un installation is taking place IPE ae COMODO Firewall Pro UnAiristallation Removing firewall configuration Figure Uninstall CPF 5 After un installation InstallShield Wizard appears Check the Restart Computer box and click OR to complete the un installation COMODO Firewall Pro Uninstallation BRA Comodo Firewall Pro requires the auslem to be re started to complete the uninstallation M Restart System Figure Restart Your Computer Comodo Firewall Pro Multi Language Uninstallation Uninstalling an Addon Comodo Firewall Pro 2 4 User Guide 22
18. scans alerting you and temporarily blocking the banning the IP address of the scanner ensuring that they are cut off before they can discover any useful information about your system This is enabled by the Port Scan Probe Rate i e by default when the number of individual ports scans exceeds 50 per second at your system this pattern is detected as a port scan This indicates that someone is scanning your system for services or vulnerabilities Comodo Firewall will detect this as a port scan How long should a suspicious host be If a port san is detected the Firewall identifies the host scanning your system as suspicious and automatically blocks its access for example 5 minutes as set by default During these 5 minutes the suspicious host cannot access the user s system but the user s system can access it How long should the firewall stay in emergency mode When a DOS is detected the Firewall goes into emergency mode for a duration set by default to 120 seconds During this stealth mode the existence of your computer becomes invisible as all inbound traffic is blocked for that duration When your machine does not reply to network events the sender is led to believe that there is no machine at the IP addresses which they re pinging Hiding your machine s presence on the Internet is in some ways good from a security standpoint because if a hacker thinks that your machine is not online they may not make further attempts to ac
19. the firewall appears every time you re start your computer Furthermore by default settings the main window of the firewall will be opened every time you re start your computer If you do not wish to see the application window on system start up just uncheck the Show Application Window on System Start Up box Protect own registry keys and files from unauthorized modifications Meaning that Comodo Firewall Pro registry entries and files cannot be deleted or modified either accidentally or deliberately This vital security feature prevents malicious programs or intruders from being able to shut down or sabotage your installation of Comodo Firewall Pro Leaving this option checked will protect your system from e Malicious trojan horse programs and spyware The first thing a burglar does when he breaks in to a house is to switch the alarm off To avoid detection many trojan horse programs follow the same logic and attempt to modify or remove the user s firewall This feature prevents any such attacks e Manual deletion or modification User interaction with Comodo Firewall libraries and files is disabled e g A user cannot accidentally delete firewall registry keys using utilities such as Windows RegEdit Similarly a hacker is not able to disable or delete critical firewall system files such as cpf exe Comodo Firewall Pro 2 4 User Guide 83 C 0 M 0 D O Creating About Comodo Firewall Clicking the About tab on the Comodo Fire
20. thus deny access to the network even for that trusted application HELP Click Help to view the Help page for how to add a new application control rule If you want specify the network to be allowed access you will have to provide details about Host IP Address Services Port and select the mode of Action Direction amp Protocol This is done using the four tabs at the foot of the Application Control Window General tab O General el Action SE Protocol TCP ot UDP r Direction Du gt Comodo Firewall Pro 2 4 User Guide 66 C 0 M 0 D 0 Creating This area allows you to specify general attibutes concerning an applications rule From here you can instruct the Firewall on whether to allow an application to connect using which protocol and in which direction information is permitted to move Action Select the action you want Comodo Firewall Pro to take when the rule is matched Select from Allow Deny or Ask as the action you wish the Firewall to take Protocol All information sent over the Internet is communicated using a protocol called TCP IP Because all of the computers on the Internet understand this protocol each one can communicate with every other computer on the Internet TCP and IP are separate parts of this protocol Now you should select the protocol as TCP Transmission Control Protocol UDP User Datagram Protocol or Both TCP UDP used by the application s TCP is t
21. to allow or deny traffic Although they sound complex firewalls are relatively easy to install setup and operate gt Why do I need one As the Internet has come to play a role in the home and business alike protection from unauthorized Internet users is a necessity When your network is connected to a public network it is exposed to spies thieves hackers thrill seekers and various other threats Internet users need to be increasingly vigilant of security issues as network traffic coming into the computer can cause damage to files and programs even when the user is away from the computer and the computer is idle In a system that is not protected with any security measures malicious code such as viruses can infect systems and cause damage that may be difficult to repair The loss of financial records e mail customer files can be devastating to a business or to an individual What s New in Comodo Firewall Pro New in Version 2 4 16 NEW Multilanguage capabilities Releasing version 2 4 with following 13 languages 1 Chinese Traditional 2 Chinese Simplified 3 Dutch 4 French 5 Greek 6 Hungarian 7 Portugese Brazilian 8 Portugese Continental 9 Russian 10 Spanish LA 11 Spanish Spain 12 Swedish 13 Turkish NEW Activity gt Connections sections shows per connection bytes in out NEW Firewall icon shows animation as per incoming outgoing traffic in system tray FIXED At times certain folder could remain lo
22. would like ta grant full Internet access Component s Monitor Add Remove Modify a Zone Network A network can be represented as a Monitor zone to which an access can be granted or denied by specifying it in filtering rules This section lets you Advanced manage the network zones Send files to COMODO for analysis Suspicious about a file You can send it to Comodo Research Lab for further analysis Wizards Define a new Trusted Network This wizard will help you to define the network zone from to which all network trafic will be allowed Se SR LANGUAGE UPDATER HELP AROUT Custom Define a new Banned Application Select an application for which you do not want to grant any Internet access rights Check for updates Make sure you have the latest versions of COMODO Firewall Dro and the safe application database Need Help Need Help Find the answers to your questions at COMODO forums Our developers regularly post and we d love to hear from you Scan for known applications Searches your PC for a wide range of popular applications such as Internet Explorer Skype or MSM Messenger and allows you to automatically create the Internet access rules for them Figure Create Rules Tasks gt Define a New Trusted Application gt Define a New Banned Application gt Add Remove Modify a Zone gt Send files to COMODO for analysis gt Need Help gt Check for Updates Wizards gt
23. 01 103 h 135 P P L5455 EXE TCP Out 192 168 201 103 1 192 168 200 1 13 P L54A55 EXE TCP Out 192 168 201 103 5 192 es 20011 Fl system TCP InfOut 192 168 201 103 1 192 168 200 167 i 3 419MB 4 766 MB ai SN S Hz KAN e zs pm an mn rm eT Ee a JO JO Hin im T AaS i a a Er Ge E E D mei a ien Ce aa e a OS Ke te fe Details Security Risk SAFE Version 3 00 2195 7011 Path CHV wINhT systems2 LS455 EXE Company Microsoft Corporation Description Ilsass exe is a system process of the Microsoft Windows security mechanisms It specifically deals with local security and login policies and is HOT to be confused with the Figure List of Active Connections Columns Description e The First Column Application represents each application s icon and name description if the application has no icon the default system icon for executable files will be used if no description name is available the name of the file without the extension will be displayed e The Second Column Protocol represents the Protocols usually TCP UDP or Both used by the applications e The Third Column Source IP Port represents the ports used by the individual applications e The Fourth Column Destination IP Port represents IP Address of the application In case the application is waiting for communication and the port is open it is described as Listening e The Fifth Column Bytes In represents the Tot
24. 2 Network Monitor Inbound Policy violation Access Denied IP 10 31 51 21 12 2 Network Monitor Inbound Policy Violation Access Denied IP 10 31 46 21 12 2 E Details Please select an item to view its details Figure Alerts Reports Max Log Size Comodo stores the events reported by the firewall engine in the log You can view the details of the alerts triggered by the possible attacks on your computer The events are reported and stored in HTML format You can reduce the maximum size of the log file from 5 MB 10 MB 15 MB 25 MB 50 MB and 100 MB by selecting the File size from the Maximum Log size Drop down menu Columns Description 1 The First Column Severity represents the threat level of an attack High Medium and Low High severity alerts are very serious security risks like DOS and Port Scan attacks and the firewall goes into emergency to temporarily block incoming traffic Medium and Low severity alerts are not so serious and are caused by transgression of one or more Network Control rules 2 The Second Column Reporter states which subsystem generated the attack report Application Monitor Network Monitor Component Monitor or Application Behaviour Monitor 3 The Third Column Description represents the nature of the logged alert For example alerts could be caused by policy violation caused by transgressing a Network Control Rule DOS Denial Of Service attack or TCP UDP
25. 61 AD En EEN 64 Add a New ADplicaton Control RUIG osisssa nsaan aa ana aaia aaia 65 COMPONENT MONRO eet 69 eaae aean o a PP A E T E E A E T A O A A E 74 Advanced Reger ET E 75 Applicaton Behaviour ut 76 Advanced Attack Detection and Prevention cccccssseresscserenesseesesserssaserseaaeesensssnensaseeenaneeencusarecesereansetnenanecensass 78 lee TER 81 ADOUL Comodo Firewall egeegeeegt eege Eege ENEE EES EEEEEe 84 ADOI COMO O EE 85 Geng SUDDO GE 86 Comodo Firewall Pro 2 4 User Guide 3 C 0 M 0 D 0 Creating Getting Started Firewall Basics gt What is a Firewall Broadly speaking a computer firewall is a software program that prevents unauthorized access to or from a private network Firewalls are tools that can be used to enhance the security of computers connected to a network such as LAN or the Internet They are an integral part of a comprehensive security framework for your network A firewall absolutely isolates your computer from the Internet using a wall of code that inspects each individual packet of data as it arrives at either side of the firewall inbound to or outbound from your computer to determine whether it should be allowed to pass or be blocked Firewalls have the ability to further enhance security by enabling granular control over what types of system functions and processes have access to networking resources These firewalls can use various types of signatures and host conditions
26. Analysis Switches the functionality on or off Monitor Inter Process Injections Memory Modifications Forces the firewall to monitor common code injection techniques that can be used by viruses Monitor DLL Injections Forces the firewall to monitor common DLL injection techniques used by viruses Monitor Window Messages Forces the firewall to monitor special window messages that can be used to manipulate an application s behavior by a virus Monitor DNS Queries Forces the firewall to monitor DNS requests so that viruses trying to use Windows system services for DNS queries will be detected Monitor Parent Application Leaks Forces the firewall to check if there is a leaking attempt in the parent application i e if Process Injection is selected above Comodo Firewall will look for the parent application to see if there is a process injection in it before allowing the internet request Monitor COM OLE automation attempts When enabled forces the firewall to detect any program hijacking attempt which may occur by misuse of COM OLE interfaces by other programs Comodo Firewall Pro 2 4 User Guide 77 C 0 M 0 D O Creating Advanced Attack Detection and Prevention Intrusion Detection tab Comodo Firewall Pro Advanced Attack Detection protects against a common type of denial of service DoS attack used against servers When launching a denial of service or flood attack an attacker bombards you with so many con
27. Internet Explorer is trying to connect to the Internet What would wou like to do Details Fe Application EI E PLORE EXE Remote IP 192 168 0 1 Port drs Ss UDF Security Considerations v IESFPLORE EsE is a safe application A4 Iw Remember mu answer for this application 1 of 7 Oo Allow Figure Alert Pop Up The Alert includes information like name of Application which triggered the alert the Parent Application the Protocol used by the Application its IP address and its Port Number The top right corner of the pop up also shows the Security Alert Severity Level The colour assignations correspond to those outlined above in High Medium and Low Severity Alerts For example pop window shown above indicates a green severity security level SS Security Alert This is because Internet Explorer is considered a safe application Quickly glancing at the alert level indicator provides a quick way to determine whether an application or activity should concern the user Details Contains e The application name e The IP address of the site it is attempting to connect to e The port it is using to make the connection e The protocol it is using to facilitate the connect Comodo Firewall Pro 2 4 User Guide 50 C 0 M 0 D O Creating Security Considerations This area provides a consise at a glance summary of the security risk involved with allowing this application to access the internet
28. MARY SECURITY ACTIVITY COMODO Firewall Pro The firewall has logged O high severity events Comodo can protect you with yet another free tooll Please CLICK HERE to READ 4 Phishing Victim Don t bel See how Subscription Validity Lifetime License Type Full amp Security Monitoring E Application Monitor On ns 100 cofupdatexe e Protection Strength i Component Monitor Learning a e em em E Network Monitor On Excellent n Le Application Behavior Analysis On Adapter SH Computer Security Level Intel R PRO 100 VE 2 Name Network Connection GL View More DN Test your current security configuration IP Address 192 168 201 103 erer Subnet Mask Zod 200 204 0 f Block All Your computer s security level is set to Custom This pee ee i rei Custom means your configuration settings are applied Type Ethernet Adapter MAC Address O0 11 11 1B SE FE E Allow All Comodo Firewall Pro 2 4 User Guide 25 C 0 M 0 D O Creating Alerts Understanding Alerts You may see an alert message for example if an application for which you have not set rules tries to access your network connection In this case firewall asks you whether to allow or deny access The basic layout of a Comodo Firewall Pro Alert is illustrated below Cap COMODO Fires wall P Be oA Fisk Level associated with each popup Green rations the trust Details Appication gg iexplore exe IP Listen P
29. Trust Online NEE Comodo Firewall Pro 2 4 C 0 M 0 D O Creating CONTENTS Gerung Sre WEE 4 What s New in Comodo Firewall Pro sssassssnnsnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn nnnm nnmnnn nnne 4 Comodo Firewall Pro CHEM eege 8 ER e UE E 10 Comodo Firewall Tu E 10 Comodo Firewall Pro Multi Language Installation AAA 16 Comodo Firewall Uninstallati on gegen 21 Comodo Firewall Pro Multi Language Uninstallation AEN 22 SANNO COMORO TT EE 24 E EE EE TE ETE E A A OA E EA E E T N ET EEE E E A EEA T 26 leie ee te aen EE 26 Kielen E 29 BUGS W ECHT Vun EE 34 Rat Ee A EE 34 leist EEN 33 UEA GE Se re I UNV ae E E A EA AA E AE AA A E E TA 36 Biet GE 40 Computer EE gege anii enaena aadi EnA ain aaar AEA 40 Test Teens EE 41 SUEY WO ETET E EE E E AE E E AE E E A pias hardline E E ETE 41 teilen MET aieiaa ana EE EAEE EA EIEE EA a AE EEA 42 Bet E 42 E eg 42 VT IR e EE 43 Comodo Firewall Pro 2 4 User Guide 2 C 0 M 0 D 0 Creating POW UR IVY E 46 SEENEN 46 e LN 48 Firewall Security eebe 52 E CG 53 Define a New Allowed Trusted Application cccccccccescccsscecceceeceececseeeeeeceesaeeeseaeessaeeesaeeeseaeeseaeesseeesegessegeesenees 54 Define a New Banned Application E 55 PT Te LONE E 56 Seria files to Comodo for BANS Ss ccccsdiencoriedzmmsnaoactnsnngiaddaateanaceienicoadouins aan aiaia aiaiai 58 PECOT E 60 GNEC Tar ele 60 Define a new Trusted Network EE
30. Wizard page confirm the location of the Firewall installation files To install the program in the default destination location click Next The default destination directory is the C Program Files Comodo Firewall F e 1 Ww COMODO Firewall Pro S Astallation Wizard fg ea Choose Destination Folder Select tolder where Setup will install tiles Setup will install COMODO Firewall Pro in the following folder To install to this folder click nest To install to a different folderclick Browse and select another folder Destination Folder C Program Files Comodo Firewall Disk status on drive C Available space 9156 53 MB Required space 20 56 MB ea Hert zz Cancel Figure Default Destination Folder If you do not wish to install the Firewall files in the default location to install to a different folder click BROWSE and select another folder Click OK to continue with the installation process Browse For Folder x Please select a Folder and press OK F Comodo Personal Firewall Help Guide 9 Contig Msi Al Documents and Settings PL Driver 2 maseddriver H Macht Analyser H Program Files Ca E i Cancel Hew Folder E Figure Choose Destination Folder Comodo Firewall Pro 2 4 User Guide 12 C 0 M 0 D O Creating STEP 5 Set Up Status Box 5 A setup status dialogue box is displayed You will see a progress bar indicating that files are b
31. al extent of incoming In data within the particular connection in Bytes e The Sixth Column Bytes Out represents the Total extent of Outgoing Out data within the particular connection in Bytes Comodo Firewall Pro 2 4 User Guide 47 C 0 M 0 D O Creating Details You can view additional information about individual applications by selecting an application in column 1 The Details panel at the foot of the interface displays in depth information about the particular application In the example above you can view Application information like Application name c Program Files Skype Skype exe Company Description a concise description of the progam polled from the application database Version and Security Risk SAFE Logs You can view information about the type of security alerts the threat level and the communication that triggered this alert by clicking on the Logs tab in the Activity main screen Q COMODO Firewall Pro COMODO firewall eg ef h LANGUAGE UPDATER HELP ABOUT ACTIVITY Max Log Size 5 ME Today WY Medium Network Monitor Inbound Policy Violation 4ccess Denied IF 10 32 16 21 12 27 Medium Inbound Policy Violation 4ccess Denied IF Network Monitor Inbound Policy Violation Access Denied IF 10 32 11 21 12 2 Network Monitor Inbound Policy Violation 4ccess Denied IP 10 32 06 EE F Network Monitor Inbound Policy Violation Access Denied IP 10 32 06 eil
32. allows you to choose which files you wish to submit Click Add to manually add suspicious files to the List of Files Similarly to remove a file from the submission process click the Remove button You have the option to add an accompanying description to each file you submit lt j COMODO Firewall Pro 4 Pes SUBMISSION im Bad List of Files File Hame File Path Description Optional e e e 9 Appi description fo selected file Apply description fo all the files E Mail ID Optional Cancel Figure Send files to COMODO Comodo Firewall Pro 2 4 User Guide 59 COMODO Creating Using Add button you can add a file which will bring up following dialog ke COMODO Firewall Pro PIGS submission im Es Let of Files File Hame File Path weather bmp C V rogram Fles uwaboolbieseenger Vd Remove Remove All Description Optional Apply description to selected nie E Mail ID Optional Figure Send files to COMODO Add In case you want to remove a particular file you can select it from the list and click on Remove button and if you want to remove all the files in the list Click on Remove All button Click Submit to send the files to Comodo Need Help Comodo Forums The fastest way to get further assistance on Comodo Firewall Pro is by joining Comodo Forums a message board exclusively created for our users to discuss anything relate
33. apidly Many of such programs employ very advanced techniques to conceal their malicious activities so that they easily bypass the standard protection mechanism provided by the most personal firewalls These techniques are commonly known as leak techniques Comodo Firewall Pro 2 4 User Guide 9 C 0 M 0 D 0 Creating Comodo Firewall Pro passed ALL LEAK TESTS with an outstanding success rate not seen in any other firewalls available Although passing the known leak tests are often enough to provide you a robust protection Trojans do not have to limit themselves to these known techniques and they always try to find new ones to cheat the protection mechanism you have Due to this fact Comodo developers constantly research to improve our firewall to keep you protected at all times against emerging and unknown threats User Friendliness Comodo Firewall Pro has an easy to use and intuitive GUI which is suitable for both advanced and novice users Our selection of wizards make sure novice users will face no difficulties in managing vital security configurations Advanced users and experts can fine tune Comodo Firewall Pro using its extensive configuration options System Requirements To ensure optimal performance of Comodo Firewall Pro please ensure that your PC complies with the minimum system requirements as stated below e Windows 2000 e Windows XP All 32 bit versions e Internet Explorer Version 5 1 or above e 64
34. can scan your computer for applications which seek Internet access and create access rules for them When the scan is complete you can use the results to determine which programs should have access to the Internet and if desired adjust their access rules Comodo Firewall Pro has the following wizards gt Define a new Trusted Application gt Scan For Known Applications Define a new Trusted Network The Trusted Network Zone Wizard Computers or Web sites in the Trusted Zone have full access to your computer The trusted zone is for machines you trust filesharing is allowed and by default no stealthing is done The Trusted zone includes the computer under protection and usually the local network and allows any network operations These network operations are expected safe because the zone is trusted There are still some restrictions though to prevent fragmented packets or denial of service type attacks and port scanning You can specify the addresses of trusted machines and websites either by name or by IP address Trusted Network Zone Wizard E xj Welcome to the Hew Trusted Network Zone wizard d This wizard will help you to create a new trusted network zone Once you are finished with this wizard your computer will be fully accesible to the computers in this zone while still remaining safe against the attacks such as DoS or port Scanning Cou may need to create a trusted zone If this i2 an internet connection sharin
35. ccording to the protection level at which it is configured e Any part of the firewall can be enabled or disabled with one click IMPROVED Application Recognition Only in Comodo Firewall Pro Comodo Firewall Pro 2 can recognize over 10000 applications and determine their security risks This database allows users to easily notice if an activity is coming from a safe virus or spyware program Comodo Firewall Pro Overview Introduction Comodo Firewall Pro is designed as an endpoint security enforcer which fulfills all the requirements of a host based security system should do With its layered security architecture it is one of the most challenging personal firewalls available providing an all in one security enforcer for all OSI network communication layers Comodo Firewall Pro includes an integrated executable file database which is a comprehensive classification of all known executable files It is the only firewall which provides such significant information with users Network Protection Comodo Firewall Pro 2 4 User Guide 8 C 0 M 0 D 0 Creating Comodo Firewall Pro although designed for personal use includes an industrial strength stateful inspection firewall acting at OSI Layers 2 3 and 4 to filter incoming and outgoing network traffic Such an advanced filter keeps track of each and every packet sent received and performs intelligent analysis on critical protocols such as TCP UDP FTP etc Comodo Firewall Pro also
36. cess it Comodo Firewall Pro 2 4 User Guide 79 C 0 M 0 D O Creating Miscellaneous tab Advanced Attack Detection and Prevention om COMODO Firewall Pro 3 Advanced Attack Detection Instrusion Detection Block all outgoing connections while booting Blacks all outgoing connections before Comodo Firewall services are up and running Inbound defense is always active while booting independent of this option Block fragmented IP datagrams Blacks all autgoing incoming fragmented IP packets A personal computer barely needs to send or receive fragmented IP packets These types of packets are more useful for routers This option must not be disabled unless necessary Do protocol analysis Analyzes all incoming and outgoing packets to verify that they have the correct parameters according to the specific protocol s standards and stop therm if found suspicious Do packet checksum verification Verifies the checksum of all incoming outgoing packets to verify integrities A personal computer usually do not need such a check May slow down internet connection speed and requires protocol analysis option to be enabled Monitor other NDIS protocols than TCP IP Monitors packets originated from other protocols which use their own drivers to create TCP IP packets e g Wincap Enabling this option may affect system performance Changing this option requires a system restart Cancel Figure Misce
37. cked when using firewall FIXED The bug causing SHA 1 replies to be forgotten Comodo Firewall Pro 2 4 User Guide 4 C 0 M 0 D 0 Creating FIXED Few BSODs reported via forums and support IMPROVED Now firewall does not require user to activate license It comes with lifetime free license on installation itself IMPROVED Significantly improved self defense a Defense against automated windows messaging Simulated mouse clicks b File digital ceritificate verification for own binaries c Fixed DOS conditions in self defense handling d Fixed system driver crashes e Fixed some bugs that can cause priviledge escallation IMPROVED Improved OLE automation handling IMPROVED Fixed some minor bugs in tooltip texts IMPROVED Removed non TCP UDP application alerts until version 3 0 New in Version 2 3 6 81 FIXED Network monitor rules were not loaded during system boot FIXED DHCP protocol stateful analysis were causing reconnection problems FIXED Comodo Firewall Pro no longer crashes when ShellExecute hooking software is installed SuperAdblocker counterspy etc FIXED Minor inaccuracies in tooltip text FIXED Log size is not remembered correctly FIXED Many other bugs are fixed according to the user bug reports New in Version 2 3 5 NEW Removed Comodo LaunchPad Installation FIXED Startup Delay if Terminal Services service is disabled FIXED Navigating between adapters using Next and Previous links could
38. d to our products Register free at http forums comodo com You ll benefit from the expert contributions of developers and fellow users alike and we d love to hear your thoughts and suggestions Users can also access the forums by clicking Need Help in the Tasks main screen Online Knowledge Base We also have an online knowledge base and support ticketing system at http support comodo com Registration is free Check for Updates To download the updates manually Click on the Updater icon at the top right hand corner of the application A Eer To know more see Manual Updater and Automatic Updater UPDATER Comodo Firewall Pro 2 4 User Guide 60 C 0 M 0 D O Creating Wizards If you use specific services that require Internet or network access on a regular basis you may want to adjust access settings for these services or machines You can configure security settings for each application on your computer by setting certain restrictions on which IP addresses and ports an application can utilize Wizards Define a new Trusted Network ZG Scan for known applications This wizard will help you to define the TF Searches your PC for a wide range of network zone from to which all network popular applications such as Internet traffic will be allowed Explorer Skype or MSN Messenger and allows you to automatically create the Internet access rules for them Comodo Firewall Pro
39. de 16 C 0 M 0 D 0 Creating 2 Adding foreign language support to an existing installation version 2 4 and above onl Installing a foreign language version of the application You should pick this option if you do NOT have Comodo Firewall Pro 2 4 or above installed or have an earlier version installed that you need to update Using this option will download and install the latest version of the firewall in the language you choose Please visit http www personalfirewall comodo com download_firewall html to make your choice of language Please select your preference below Chinese Simplitied Chinese Traditional Dutch French Greek Hungaran Portuguese Brazilian Portuguese Continental Russian Spanish LA Spanish Spain Swedish lish Version omodo Firewall Pro 2 4 Size T 66 MB You will then be presented with two download Options You should choose Option 1 because this is a clean install of the firewall in your choice of language Please select your preference below Turkish Continue Comodo Firewall Pro Turkish Version Option 1 Download Turkish Version of Comodo Firewall Pro 2 4 Size 6 48 MB Download if you do not have Comodo Firewall Pro 2 4 installed This will install the full application with English and Turkish language support Option 2 Download Turkish language pack add on Size 1 60 MB Download this if you just want to add Turkish
40. detects and prevents DOS DDOS attacks including e SYN UDP ICMP Floods e TCP UDP Port Scans Upon facing such an intrusive attack it switches to an emergency mode by creating some automatic rules and updating its internal states according to the attack behavior to secure the host against it until the attack ceases Users will not notice such a change in terms of functionality but will remain protected Quick Features e Advanced TCP UDP ICMP and IP protocol filtering e IP fragmentation handling e DOS DDOS resistance and handling e Stateful TCP UDP Protocol Inspection Application Protection Although the network protection is adequate to defeat the most of the network based attacks today s threats require highly sophisticated application based access filtering mechanisms to enforce true host based security policies Comodo Firewall Pro provides a powerful application firewall which is one of the best application filters available in the market Restricting network traffic according to the application which generates it requires filtering at OSI Layers 3 4 5 6 and 7 Application Filtering Comodo Firewall Pro provides full control on applications networking behaviors Application firewall can e Limit applications network access characteristics such as port protocol and host e Give users the ability to control number of connections per minute an application can create Leak Resistance Unfortunately malware programs are evolving r
41. e S Network Monitor Inbound ple violation fOccess Denied IF ac 32 01 21 12 2 Inbound Policy Violation Access SSC IP 10 51 56 21 12 2 Unbound Se violation Access Doried IP 4083156 tg Network Monitor Inbound Policy Violation Access SS IF Network Monitor Inbound Policy violation Access Denied IP D 31 46 21 12 2 Je Details Please select an item to view its details Figure Alerts Reports Max Log Size Comodo stores the events reported by the firewall engine in the log You can view the details of the alerts triggered by the possible attacks on your computer The events are reported and stored in HTML format You can reduce the maximum size of the log file from 5 MB 10 MB 15 MB 25 MB 50 MB and 100 MB by selecting the File size from the Maximum Log size Drop down menu Comodo Firewall Pro 2 4 User Guide 48 C 0 M 0 D 0 Creating Columns Description 1 The First Column Severity represents the threat level of an attack High Medium and Low High severity alerts are very serious security risks like DOS and Port Scan attacks and the CPF goes into emergency to temporarily blocks incoming traffic Medium and Low severity alerts are not so serious and are caused by Network Control rules 2 The Second Column Reporter represents the subsystems like Application Control engine or Network Control Engine which generated the attack reports 3 The Third Column Description represents
42. e an alert again if the parameters of the application are the same Allow allows the current instance of the application to access the internet according to the delinated parameters Comodo Firewall Pro 2 4 User Guide 39 C 0 M 0 D O Creating Deny Blocks the application from accessing the internet More Details Fp If you are unsure about the application you can view more information about the application by clicking More Details tab so that you can decide what to do When you click More Details a Pop up window will appear a brief information about the application a K COMODO Firewall Pro Application Detalls Ed Parent Application Path C Program Files Internet ExplorerlES3PLOARE EXE Version gt 6 00 2900 2190 Company gt Microsoft Corporation Security SAFE Description jexplore ese is the main executable for Microsott Internet Explorer This Microsoft Windows application allows you to surf the web and local mtranets Figure More Details About The Application Selecting the Parent Application radio button enables the user to view information about the application that originally caused the child application to try to access the internet In this case Explorer exe commanded Internet Explorer exe to access the internet Explorer exe is therefore the parent application to Internet Explorer exe Sie COMODO Firewall Pro x Application Detalls D Application
43. eing installed Wi COMODO Firewall Pro Installation Wizard El Ba Extracting Files 98 File Mame cmdmonsys Figure Setup Status STEP 6 License Configuration 6 This screen appears only when license is not already activated Now COMODO Firewall Pro comes with lifetime license on installation itself and so you do not have to activate it again It does implicit activation and in that process generates a unique id that it sends to a COMODO server If you wish to sign up for news letter and want to give your e mail id you can enter that here To receive news about Comodo products check the box stating Sign me up for news about COMODO products if you don t wish to receive any news from COMODO uncheck the box Firewall Configuration Wizard K sl COMODO Firewall Pro comes with a lifetime free license Gel During configuration the firewall will alzo activate your FREE lifetime license The firewall wll do this by communicating with a COMODO server and sending this server a uniquely generated id Please insert your email address below and click Nest to continue with the configuration process Email ID Optional Jh Sign me up for news about COMODO products Optional d Back Finish Comodo Firewall Pro 2 4 User Guide 13 C 0 M 0 D O Creating STEP 7 Configuration 7 Next you are presented with a choice of automatic or manually configuration Automatic configuration is
44. encies across digital ecommerce operations Comodo s solutions include SSL certificates integrated Web hosting management solutions web content authentication infrastructure services digital ecommerce services digital certification identity assurance customer privacy and vulnerability management solutions is delivering the highly rated Comodo Firewall Pro free to consumers as part of an initiative Co mM Od O to empower consumers to create a safe and trusted online experience whenever they go online This initiative will make available free to all consumers some of the leading tools that consumers can use to be safe and avoid leading threats such as Phishing attacks To download Comodo Firewall Pro and other free security products visit http www Comodogroup com products free_products html Comodo Firewall Pro 2 4 User Guide 85 C 0 M 0 D 0 Creating Getting Support Need Help Comodo Forums The fastest way to get further assistance on Comodo Firewall Pro is by joining Comodo Forums a message board exclusively created for our users to discuss anything related to our products Register free at http forums comodo com You ll benefit from the expert contributions of developers and fellow users alike and we d love to hear your thoughts and suggestions Users can also access the forums by clicking Need Help in the Tasks main screen Online Knowledge Base We also have an online knowledge base and support ticketi
45. es from unauthorized modifications Cancel Comodo Firewall Pro 2 4 User Guide 81 C 0 M 0 D 0 Creating Firewall Alerts Enable Alerts Switches alerts on or off Unchecking this option means no alerts will be generated by the program Whilst this does not affect your security which is determined by the rules that you have created for the firewall it will diminish your awareness of connection attempts Without alerts any connection attempts that do not have any matching rules will be blocked but you will not be notified However in the case of serious attacks this setting will be over ruled and an alert generated It is highly recommended that you leave this option checked and configure pop up frequency using the Alert Frequency Slider see below Do not show alerts for applications certified by Comodo This option automatically approves safe applications When enabled it forces the firewall to allow all activities of an application which is recognized as safe by its internal database of over 10000 applications Unless explicitly blocked by a rule the firewall will allow any activity of the safe applications while still watching for suspicious activities The firewall will still raise an alert if it detects anything suspicious This option is useful for avoiding unnecessary number of alerts Skip loopback 127 x x x UDP connections Loopback connections refer to the internal communcations within your PC Any messa
46. for the zone starting from the Start IP to the End IP range for which you want unrestricted access The addresses you define here specify the IP s that traffic can be directed to from the Internet 3 Click OK to create the new Zone rule 4 Repeat for any other zones which you want to add Comodo Firewall Pro 2 4 User Guide 57 C 0 M 0 D O Creating If you want to edit any zone for Name Start IP End IP You can select it from the list and click on Edit button and again just like Add you can modify each field of it ae AOE name mic Facket Scheduler Minipor start Range ta tbeas 400 O COMODO Firewall Pro Adda New Zone End Range E ibe 2400 250 Cantel Figure Edit Zone In case you want to remove a particular zone you can select it from the list and click on Remove button Send files to Comodo for analysis If there is no advice available for an application and or parent and they are not in the Comodo Firewall Pro safe list then you have the option to submit them to Comodo for analysis Clicking the Send files to COMODO for analysis link will automatically begin the file submission process After sending the file to us our developers will determine whether or not it represents a threat to your security If it does we will take immediate action to nullify it The submit function is an important component of our coordinated strategy to combat emerging threats t
47. g ICS host to share your files with the other computers in that zone to allow all network activities to and from that zone Please note that you do not need to create such a zone to access network resources on the other computers such as shared files or a shared internet connection Back Finish To begin adding a trusted zone click Next Comodo Firewall Pro 2 4 User Guide 61 C 0 M 0 D 0 Creating Firewall Configuration Wizard Zone 1 of 1 The wizard has detected the following new network zone Please name it before going on to the next step Broadcom 440x 10 100 Integrated Controller Packet Scheduler Miniport one Name Broadcom 440 10 100 Integrated Controller StatingIP 57 85 0 0 Ending IF Bf D 259 lt Back Finish The wizard auto detects any new network zones and displays the range of IP addresses to be contained within the trusted zone This will usually represent your computer and other machines on your local network Click next to continue Trusted Network Zone Wizard x Please select the Zone you wish to trust and press Next button Please select a Zone from the list below and press Newt button 67 85 0 0 67 85 7 255 Back Next gt Finish You are now required to selected the network zone you wish to Trust Select the network zone from the drop down list and click Next At the ensuing confirmation dial
48. g Booting Comodo Firewall Pro 2 4 User Guide 7 C 0 M 0 D 0 Creating Comodo Firewall Pro 2 includes an option to secure the host while the operating system is booting When enabled it makes sure that no connections are established until booting process is completed NEW Automatic Updater Comodo Firewall Pro now includes an interactive automatic updater component so that users can check for updates any time NEW Error Reporting Interface To improve users satisfaction Comodo Firewall Pro 2 now includes an XP style bug reporting interface IMPROVED Firewall Logging The new logging structure in Comodo Firewall Pro is more powerful than before It reveals all the activities with detailed descriptions of the events It also allows exporting the logs in HTML format IMPROVED Security Rules Interface Comodo Firewall Pro 2 has a completely redesigned security rules interface More powerful flexible security rules structure is combined with an easy to use GUI IMPROVED Application Activity Control In this version application connections are shown better It allows watching each application in detail by showing addresses ports and amount of traffic it used Users can intercept and close any application connection with a simple click IMPROVED Graphical User Interface The GUI of Comodo Firewall Pro has significant improvements e It allows full control over the firewall operations e It shows a host security index a
49. ge transmitted by your computer through a loopback connection is immediately also received by it This involves no connection outside your computer to the internet or a local network This option is checked by default because the threat profile is very low for UDP attack using this channel whilst enabling would lead to a large increase in unnecessary alerts Skip loopback 127 x x x TCP connections Loopback connections refer to the internal communciations within your PC Any message transmitted by your computer through a loopback connection is immediately also received by it This involves no connection outside your computer to the internet or a local network The TCP option is not checked by default because in the case of someone using a proxy server there is a higher chance of attacks being launched using a loopback connection Alert Frequency Level Users can configure the amount of alerts that Comodo Firewall generates with this slider Raising or lowering the slider will change the amount of alerts accordingly It should be noted that this does not affect your security which is determined by the rules you have configured For the vast majority of users the default setting of Low is the perfect level ensuring you are kept informed of connection attempts and suspicious behaviours whilst not overwhelming you with waves of alerts How many alerts at a time should be generated The user can configure the generation of a maximum number of aler
50. he standard for file transfers as it has built in error handling UDP is faster than TCP but doesn t provide error handling Its normally used for streaming data such as video feeds and on line games where loss of data is of less importance Direction Then select the direction of connection whether it is made by a remote computer In by you Out or if it has been established by Both Destination IP tab Destnation Port a an Een T Exclude fie NOT the choice below e Am t Single IP C IF Range C IF Mask C Zone C Host Name When voure connected to a network for example the Internet your computer as any other computer is assigned a unique identification This is called an IP address It consists of 4 groups of numbers ranging from 0 to 255 separated by a dot Example 192 168 200 113 Specify the hosts IP addresses from which you will allow or deny connections You can select the IP Addresses number s from the list Select the IP address 1 You can choose any IP Address by selecting Any This menu defaults to the IP range of 0 0 0 0 255 255 255 255 to allow connection from all IP addresses 2 You can choose a Single IP address by selecting Single and entering the IP address in the IP address text box for ex 192 168 200 113 3 You can choose an IP Range by selecting IP Range for example the range in your private network and entering the IP addresses in the Start Range and End Ra
51. in the first column also displays addition information in the Details panel at the foot of the screen These are Secutity Risk the file path of individual applications Connections the state of connection of the application as established at the rate of number per minute Path the file path of individual application on your hard drive Parent path the Parent application s location on your hard drive Description The name of the application If the application is in the firewall database you will see a brief outline of the production functionality and main features Invisible Which action the firewall should take if this application attempts to make an invisible connection This feature is set in the Application Rules Miscellaneous tab Version The specific version number of the application you have selected Add Edit an Application Control Rule You can add or modify or remove an application control rule by clicking on the Add Edit Remove buttons at the top of the list e Add FN Edit CH Remove 21 Move Lp Go Mowe Down Alternatively selecting any application and right clicking will display a context sensitive menu of the same functionality CLPConfig exe RANGE 0 0 0 0 25 SE 65535 TCP UDP Out kg clPUpdaterexe RANGE 0 0 0 0 21 edit a 65535 TCRIUIOP Out any CR TCP UDP InfOul Se E Si SCo se Too mn Te Add a New Application Control Rule To create a new application contro
52. integrity of the application trying to communicate If this is modified you are informed By tracing an application s parent process the firewall knows if another application is trying to spawn an already trusted application and thus deny access to the network even for that trusted application This system provides the very highest Comodo Firewall Pro 2 4 User Guide 54 C 0 M 0 D O Creating protection against trojans and malware that try to use trusted software such as Internet Explorer to sneakily access the internet 6 Click OK to finalize the settings An entry about the Trusted Allowed Application will appear in the list of Application Control Rules viewable in the Application Monitor section The Rule takes effect immediately and the application is classified as Trusted Allowed so that inbound and outbound connections are permitted When an application seeks internet access Comodo Firewall Pro first checks whether it recognizes the application as trusted allowed or banned If the application is recognized as trusted allowed Comodo Firewall Pro automatically allows it access to the Internet 7 Click Help to view the Help page for how to add a new allowed application Define a New Banned Application If you do not recognize a program then we would recommend that you block it from accessing the internet If you later identify the application or realize that a program has stopped working because of this action you can change
53. ion lo Allow TCP UDP Any Ary la alow ICMP Ou Pany Arny Gesten Ier fian iam 3 Anw janv 3 16 o G add poen Edit Add Eefor DiCrme zwerz Add After Mowe Up Mowe Down Shortcut Buttons Alternatively you can add modify remove promote or de escalate a network control rule by first selecting a rule then clicking on the desired button in the taskbar cia Add A Edit mg Remove m Move Up CG Move Down See below for more details on these actions Network Monitor Rule Configuration Options Add Rule Adds a new Network Control Rule to the list Add Before Adds the new rule above the currently selected rule Add After Adds the new rule after the currently selected rule Edit Allows the user to amend the network control rule options for the selected rule Remove Deletes the currently selected rule Move Up Moves the currently selected rule up one row in the priority list Move Down Shifts the currently selected rule down one row in the priority list Advanced Configuration One of the key capabilities of Comodo Firewall Pro is Intrusion detection and intrusion prevention It analyzes network packets and compares them with both known attacks and known patterns of attack and then blocks those attacks Advanced Configuration allows the user to configure the security settings at an advanced level In Advanced Configuration you can configure the security settings at the foll
54. ion 5 iexplore exe Remote IF 195 131 4 164 Fort holl TCP Parent tooleak yas Ce send to COMODO for analysis Security Consideration e jg C SLeaktesters PCFlank exe has tried to use WD iexplore exe through OLE Automation which can be used to hijack other applications PLCFlank exe might be using euplore eve to connect to the Internet Remember my answer for this application Clicking this link begins the file submission process outlined later in this guide What Alerts tell you Risk Level The top right corner of the pop up also shows the Security Alert Severity Level The colour assignations correspond to those outlined in High Medium and Low Severity Alerts For example the alert shown above indicates a green severity security level eS Security Alert This is because Internet Explorer is considered a safe application Quickly glancing at the alert level indicator provides a quick way to determine whether an application or activity should concern the user Details Contains The application name The IP address of the site it is attempting to connect to The port it is using to make the connection Comodo Firewall Pro 2 4 User Guide 27 C 0 M 0 D 0 Creating The protocol it is using to facilitate the connect Security Considerations This area provides a consise at a glance summary of the security risk involved with allowing this application to access the
55. ist of Application Control Rules The Rule takes effect immediately and the application is classified as Banned so that inbound and out bound connections are disallowed When an application seeks Internet access Comodo Firewall Pro first checks whether it recognizes the application as trusted or banned If the application is recognized as banned Comodo Firewall Pro automatically disallows it access to the Internet 7 If you do not want application to be banned click cancel 8 Click Help to view the Help page for how to add a new banned application Add Remove Modify a Zone An individual machine or network can be represented as a zone to which access can be granted or denied in Application Control Rules and Network rules This section lets you Add Edit Remove Zones Comodo Firewall Pro allows users to add edit remove zone through Modify Zone dialog box 1 Click on Add Remove Modify a Zone in the Tasks section 2 A dialogue box will appear asking you to add edit remove zone Comodo Firewall Pro 2 4 User Guide 56 C 0 M 0 D O Creating Modify Zone To T COMODO Firewall Pro Modify Zone Figure Modify Zone Click the Add button to define a new zone Specity Zone E 7 we COMODO Firewall Pro si Add a New Zong one name Start Range End Range Cantel Figure Specify Zone 1 Give the Zone a name for example Home 2 Enter the IP
56. its settings in the Application Control Rules list This shortcut represents a convenient way to create an automatic block rule for an application and to fine tune its access rights to networks and the internet 1 Click on Define a New Banned Application link in the Tasks section 2 A dialogue box will appear asking you the select the application to be banned Banned Application COMODO Firewall Pro A Banned Application Specify Application Browse Specify the Parent Application TK a Cancel Figure Select Application to be banned 3 Click Browse to locate the application on your computer Comodo Firewall Pro 2 4 User Guide 55 C 0 M 0 D O Creating Banned Application oe COMODO Firewall Pro x Specify Application C Program Files ahool Messengeryoagqer exe Specify the Parent Application Figure Application to be banned selected 4 The selected application appears along with its location in file system path 5 You are given the option to specify an application s parent as well Check the box and browse to locate the Parent Application The Firewall will automatically learn it even if it is not specified Comodo Firewall Pro verifies the integrity of the application trying to communicate If this is modified you are informed 6 Click OK to finalize the settings An entry about the Banned Application will appear in the l
57. k Monitor On Excellent On Lei Application Behavior Analysis On see Adapter ef Computer Security Level Intel R PRO 100 VE a Name Network Connection Sy Test your current security configuration IP Address 192 168 201 103 Custom S Subnet Mask 295 250 2704 0 Block all Your computer s security level is set to Custom This Kee i eg 7 TE custom means your configuration settings are applied ype MAC Address O0 11 11 1B 8E FE Allow All Ethernet Adapter Figure Comodo Firewall GUI Closing this window will exit the Comodo Firewall Pro management interface The firewall will remain active protecting your computer in the background To completely shut the program down right click on the Comodo Firewall Pro and select Exit If you choose to exit you will see a dialogue box confirming whether you want to exit or not COMODO Firewall Pro x COMODO Firewall Pro will not be protecting your PC Are you sure you want to exit Figure Exit Comodo Firewall If you choose to exit the Firewall will be disabled and will not protect your PC Comodo Firewall Pro Multi Language Installation You can choose to use Comodo Firewall Pro in any one of 13 languages English language support is also included with each of the multi language versions You have two main installation options 1 Installing a foreign language version of the application Comodo Firewall Pro 2 4 User Gui
58. l Pro will automatically start whenever you start Windows In order to configure and view settings within Comodo Firewall Pro you need to access the management interface There are 3 different ways to access the management interface of Comodo Firewall Pro System Tray Icon via Windows Desktop via the Windows Start menu 1 Comodo Firewall Pro Tray Icon Just double click the shield icon to start the main firewall interface 2 Windows Desktop CoOMooo Firewall Pro Just double click the shield icon in the desktop to start Comodo Firewall Pro 3 Start Menu You can also access Comodo Firewall via the Windows Start Menu Click Start and select Programs gt Comodo gt Firewall gt Comodo Firewall Pro Comodo Firewall Pro 2 4 User Guide 24 C 0 M 0 D O Creating Wwinglp e op Progeare Accessories 8 E FJ ActiveState ActivePerl 5 8 e CH Documents b e Adobe b Eh SCC ch Download Accelerator ettings Ae J Intel Application Accelerator Q KI Search t LS Mach5 Analyzer V z FA winzip JO w LE World ast Run 1 Yahoo Messenger i gt MSN Messenger 7 0 2 Shut Down Ka Comodo EE E COMODO Firewall Pro d start H A Wicomono Firewarrra Using any of the methods outlined above will lead you to the main interface as shown below COMODO Firewall Pro I COMODO Firewall Pro 7 ee i k LANGUAGE UPDATER HELP ABOUT ay e e ist SUM
59. l rule click the Add button at the top right corner of Application Monitor Add Jr Frotocol A dialogue box will appear allowing you to configure the new application rule Comodo Firewall Pro 2 4 User Guide 65 C 0 M 0 D O Creating Application Control Rule Ge COMODO Firewall Pro Application Control Rule Application Parent Application C Program Files MSM Messenger msnmeagr exe Browse C Skip parent C Learn the parent Ze Specify a parent CAWINDOWS explorer exe Browse Allow all activities for this application Ce Apply the following criteria General Destination Ip Action Allow Protocol TCR or UDP Direction Out M Cancel Figure Add Application Rule Select the Application 1 Click Browse to locate the new application on your computer s hard drive In this case we have chosen MSN Messenger 2 The selected application appears along with its location in file system path 3 You are given the option to specify an application s parent as well Check the appropriate radio button to browse to the Parent Application The Firewall will automatically learn it even if it is not specified Comodo Firewall Pro verifies the integrity of the application trying to communicate If this is modified you are informed By tracing an application s parent process the firewall knows if another application is trying to spawn an already trusted application and
60. language support to an existing installation of Comodo Firewall Pro 2 4 for above Mote You must install version 2 4 for above before installing this language pack You will now be taken through the firewall installation and setup process as outlined in Comodo Firewall Pro Installation After setup you can switch between languages at any time by click the Language button Comodo Firewall Pro 2 4 User Guide 17 C 0 M 0 D 0 Creating Adding a language pack to an existing installation If you already installed Comodo Firewall Pro 2 4 or above then you can ADD support for a specific language Installing an additional language pack to Comodo Firewall Pro English Version To install a language pack follow the steps below STEP 1 Download your language pack at the Comodo Website 1 Assuming you have installed firewall 2 4 or above please visit http www personalfirewall comodo com download_firewall html to begin the language selection process Choose your preferred language from the drop down box In the example below we have chosen to install Turkish as an additional language Please select your preference below gis CH Chinese Simplified Chinese Traditional Dutch French Greek omodo Firewall Pro 2 4 Size T 68 MB Hungaran Portuguese Brazilian Fortuguese Continental Russian Spanish LA Spanish Spain Swedish ish Version Click Continue You
61. llaneous tab Block all outgoing connections while booting This option allows the user to secure the host whilst booting by blocking all connection attempts until the system is up and running Block fragmented IP Datagrams When a connection is opened between two computers they must agree on a Mass Transmission Unit MTU IP fragmentation occurs when you pass through a router with an MTU less than the MTU you are using i e when a datagram is larger than the MTU of the network over which it must be sent it is divided into smaller fragments which are each sent separately Fragemented IP packets can create threats like DOS attack Moreover these fragmentations can double the amount of time it takes to send a single packet and slow down your download time Comodo Firewall Pro is set by default to block fragmented IP datagrams i e the option Block Fragmented IP datagrams is checked by default Do Protocol Analysis Protocol Analysis is key to the detection of fake packets used in denial of service attacks Checking this Comodo Firewall Pro 2 4 User Guide 80 C 0 M 0 D O Creating option means Comodo Firewall Pro checks every packet conforms to that protocols standards If not then the packets are blocked Do Packet Checksum Verification Every packet of data sent to your machine has a signature attached With this option enabled Comodo Firewall will recalculate the checksum of the incoming packet and compare this against
62. local security and login policies and is HOT to be confused withthe Figure Firewall Activity Connections A list of active connections on the network and the connection parameters used in the Connections section of Activity Report Comodo Firewall Pro records information about all application and network connections actions that the firewall has taken and any alerts that have been triggered Select the Connections tab in the Activity Overview section to view the list of active connections on the network and the connection parameters used by individual applications Comodo Firewall Pro 2 4 User Guide 46 C 0 M 0 D O Creating COMODO Firewall Pro r To m y 7 Vi lt E COMODO Firewall Pro LANGUAGE UPDATER E E SCH SUMMARY SECURITY ACTIVITY Custom Application A Protocol Source IP Port Destination OD P Bytes In Bytes Out ei EAR OHE EXE TCP In 192 168 201 103 ia 64 233 167 99 020 4596 OB MS IEMPLORE EXE UDP Out 192 168 201 103 192 168 200 202 i 0B 74B 5 TEXPLORE EXE 4266 626 a IEXPLORE EXE 469 B 62 B OS TEXPLORE EXE TCP In Out 471 B 62 B o IEXPLORE EXE TCP In Out 64 233 189 104 80 471B i IExPLORE EXE TCP InfOut 192 168 201 103 64 233 189 104 80 392 B FA L5455 E E TCP Out 192 168 201 103 1 192 168 200 1 389 192 168 200 1 13 FA sass EXE TCPOut 192 168 201 103 i 192 168 135 l F L5455 ExE TCP Out 192 168 2
63. low C Block AcroForm api 7 0 0 200 Adobe Systems In Adobe Acrobat Forms Plug In iG Allow Bock EN Advanced L Ee 7 0 0 0 Adobe Systems In Adobe IE plugin O Allow L Block S T Arone 7 0 0 0 Adobe systems In Adobe Acrobat IE Helper V TE Helper V Allow Allow C Block IR activeds cl activeds dl 5 1 2600 Microsoft Corporat ADs Router Layer DLL Ge Allow C Allow gt Block al actxprxy d 6 00 2900 SE Corporat ActiveX Interface Marshalli Allow Allow LC Block apec api E 0 H 200 Adobe Systems In Adobe Acrobat ADBC Plug In G Allow Block e AdobePDF Unknown VadobePOF Maker d Ce Allow 7 Block iS adsidpe d 5 1 2600 Microsoft Corporat ADs LDAP Provider C DLL Le Allow C Block FES dil 5 1 2600 a Advanced Windows 32 Bas te Allow C Block wi Details Company Adobe Systems Incorporated Version 7 0 0 0 Path C Program Files Adobe Acrobat 7 0 Acrobat AcrolEFayClient dll Description Adobe IE plugin Figure Component Control Rules Comodo Firewall Pro 2 4 User Guide 69 C 0 M 0 D 0 Creating Column Description 1 The First Column Component represents the component files 2 The Second Column Version represents the version of the components 3 The Third Column Company represents the developer of the components 4 The Fourth Column Description represents the description of
64. n to change this status by selecting one the appropriate Allow Block Ask radio button Add Remove an Component Control Rule You can add or remove an Component control rule by clicking on the Add Remove buttons at the top of the list Add Gi Remove sp Apply a gt Refresh Add Opens a new component dialog and lets you chose the component you want to add as a rule Comodo Firewall Pro 2 4 User Guide 72 C 0 M 0 D O Creating _Ji aulk Desktop J LaunchPad Comodo Firewall ISSER Type Application Extension Size 1 10 MB File name JESicil al D dE Files of type Library Files dll gt Cancel My Network F h Open as read only Ls After the rule is added you can choose the permission to Allow or Block access Remove Remove the selected components from the list mn SECURITY ACTIVITY Custom Ge Turn On Turn Off C Learn Mode G Add activeds dl 5 00 2195 6601 Microsoft Corporation ADs Router Layer DLL Le Allow E Block S adsidpc dl 5 00 2195 6993 Microsoft Corporation ADs LDAP Provider C DLL G Allow Block ADVAPTS2 0LL 5 00 2195 7038 Microsoft Corporation Advanced Windows 32 Base API Le Allow C3 Block Je appguard dll 0 0 1 COMODO Comodo Personal Firewall LSP Interf Le Allow C Block atl dill 6 00 9435 Microsoft Corporation ATL Module for Windows NT Unicode Ce Allow Block Ja browser d 5 00 2195 6866 Microsof
65. n your computer and provides you with a summary of the details of the network adapters in your system A network adapter could be a modem an Ethernet network card a virtual VPN adapter or a virtual PPPoE adapter used for some DSL Connections Dial up If you are using a Dial up coonection then you can view the Dial Up Adapter details by clicking Next View Alerts You can view information about the type of security alerts the threat level and the communication that triggered this alert by clicking on the Logs tab in the Activity main screen Comodo Firewall Pro 2 4 User Guide 36 C 0 M 0 D O Creating i COMODO Firewall Pro emm E PE zi o s Se Ze COMODO Firewall Pro 8 LANGUAGE UPDATER Si E SC SUMMARY SECURITY ACTIVITY Custom Max Log Size 5 ME Today Date Time U Medium Network Monitor Inbound Policy Violation 4ccess Denied IP 10 32 16 21 12 2 Network Monitor Inbound Policy Violation Access Denied IP 10 32 11 21 12 2 Network Monitor Inbound Policy Violation Access Denied IP 10 32 06 21 12 2 Inbound Policy violation Access Denied IP 10 32 06 21 12 2 Inbound Policy Violation 4ccess Denied IP 10 32 01 21 12 2 Network Monitor Inbound Policy Violation Access Denied IP 10 31 56 21 12 2 Inbound Policy violation Access Denied IP 10 31 56 21 12 2 Network Monitor Inbound Policy Violation Access Denied IF 10 31 51 21 12
66. nection requests that your computer is unable to accept legitimate connections effectively shutting down your web email FTP or VPN server Comodo Firewall employs parameters to detect and protect you from flood attacks Advanced Attack Detection and Prevention Se COMODO Firewall Pro Advanced Attack Detection TCP Flood Trafic Rate packets f second Duration seconds UDP Flood Traffic Rate packets f second EE Em Duration 20 seconds EN ICMP Flood Traffic Rate packets f second Duration seconds 50 on en an 50 20 Port Scan Probing rate ol ports Z second How long should a suspicious host be _ SE EE automatically blacked after it attempts a port scan How long should the firewall stay in 120 SE ah emergency mode while the hast is Under DOS attack eat Cancel Figure Intrusion Detection tab Comodo Firewall Pro is capable of filtering traffic based on TCP UDP ports and packet types It can be configured to accept limited traffic from specific addresses or completely prohibit all access In addition specific TCP UDP traffic or any application based on these protocols can be restricted Advanced mechanism for flood detection such as TCP flood UDP flood and ICMP flood allows for quick isolation of such malicious attacks Comodo Firewall Pro 2 4 User Guide 78 C 0 M 0 D 0 Creating TCP Flood UDP Flood ICMP Flood Flood attacks happen when many packet
67. ng system at http support comodo com Registration is free Comodo Firewall Pro 2 4 User Guide 86
68. nge text boxes Comodo Firewall Pro 2 4 User Guide 67 C 0 M 0 D 0 Creating 4 You can choose IP address mask by selecting IP Mask IP networks can be divided into smaller networks called subnetworks or subnets An IP address Mask is a subnet defined by IP address and mask of the network Enter the IP address and Mask of the network 5 You can choose an entire zone by selecting Zone This menu defaults to the zone first defined during installation But you can also define your own zone by first creating a Zone through the Add a Zone shortcut 6 You can choose to give a name by selecting Host Name which denotes your IP address Exclude i e NOT the choice below The opposite of what you specify is applicable So if you Check the Exclude box in say the Destination IP tab and enter values for the IP range those values will be not be applicable and values other than those specified become applicable If you have chosen to exclude a certain range of IP addresses you will have to create a seperate Application Rule for the range of IP addresses that you DO want to use The exclude feature is limited to the subject tab and does not affect any other parameters you choose within the specific rule so you can have one Application rule that Excludes certain IP addresses whilst Including certain Ports Destination Port tab Destinato n Port Miscellaneous Ze Any C A single port A port range
69. nguages in Comodo Firewall Pro To switch between languages first select the LANGUAGE button at the top right of the firewall interface shown below v SN e fe LANGUAGE UPDATER HELF ABOUT Select the language you wish to select from the list of languages displayed in the Language Selection Click OK to proceed Language Selection x Canguage Please select the language Turkish OR Cancel Select OR to confirm your choice Comodo Firewall Pro 2 4 User Guide 20 C 0 M 0 D 0 Creating COMODO Firewall Pro ES Li LD Change in language will take effect after you re start Firewall In order for your choice to take effect you must restart the firewall You can do this by either i Restarting your computer recommended ii Closing then restarting the firewall by right clicking on the firewall tray icon firewall select Start gt Comodo gt Firewall gt Comodo Firewall Pro and selecting Exit To restart the The firewall will be in your choice of language the next time you restart the application Comodo Firewall Uninstallation If you need to uninstall Comodo Firewall Pro do the following 1 Click the Windows Start button and browse to All Programs gt Comodo gt Firewall gt Uninstall OR e On the Windows taskbar click Start gt Settings gt Control Panel e Inthe Control Panel double click Add Remove Programs e Inthe list
70. o installation Wizard ETES Welcome to COMODS Firewall Pro Installer This will install COMODO ch COMO Firewall Pro on your computer To continue please Firewall Tf click on Hext button Pro Figure InstallShield Welcome Wizard STEP 3 License Agreement 3 When Comodo Firewall Pro is installed for the first time you must complete the initialization phase by reading and accepting the license agreement After you read the End User License Agreement click Yes to continue installation If you decline you cannot continue with the installation Sy COMODO Firewall Pro installation Wizard b gt Oh dE License Agreement MV e d Please read the tollaying license agr Press PAGE DOWN key to see the rest of the agreement MaD EMO USER LICENSE AGREEMENT Software License Agreement for COMODO Firewall Pro This license agreement for COMODO Firewall Pro license agreement is This license agreement cantains rights and restrictions associated with use ha D vide E di m uies Pres m des Fan ithir Aistei b ntima m KH Le Ab ss le a ee a M Do you accept all the terms of the praceding license agreement If you choose Mo the setup will clase To Install the COMOGSO Firewall Dro you must accept this agreement Figure End User License Agreement Comodo Firewall Pro 2 4 User Guide 11 COMODO Creating STEP 4 Location Destination Folder 4 On the Destination
71. o your security Users can access the submit feature in two ways The first is by clicking on Send files to COMODO for analysis in the main Common Tasks interface shown below Send files to COMODO for analysis Suspicious about a file You can send it to Comodo Research Lab for further analysis Secondly users can send a file to us as soon as Comodo Firewall Pro detects straight from an alert that is generated see below Simply click the link to go straight to the files submission process Comodo Firewall Pro 2 4 User Guide 58 COMODO Creating A Security Alert C 0 MI 0 D 0 TANE ll Pro Internet Explorer i trying to connect to the Internet What would wou like to do Details ba Application AE iexplore exe Remote IP 195 131 4 164 Fort holl TCF Parent P toolea i i CS Send to COMODO for analysis gt Security Consideration e i x C Leaktesters PCFlank exe has tried to use X evplore eve through OLE Automation which can be used to hijack other applications PCFlank exe might be using explore exe to connect to the Internet Remember mu answer for this application Figure Instant submission via the alert File Submission Process Comodo Firewall Pro allows users to send files for analysis which are not in the safe list through Files Submission dialog box as below 1 Click on Send files to COMODO for analysis 2 The Files Submission dialog
72. og please take a moment to review your settings and click Finish If you wish to alter settings at any time press Back Scan for Known Applications The Scan for Known Applications Wizard Comodo Firewall Pro 2 4 User Guide 62 C 0 M 0 D 0 Creating The Scan for Known Applications wizard is used to create automatic rules for a wide range of popular applications including Internet Explorer Skype FireFox MSN Messenger It also creates automatic rules for critical system processes such as svchost exe Using the Scan for known applications wizard instructs Comodo Firewall Pro to audit the applications currently installed on your computer The wizard will search your system for applications it recognizes and will then ask you if you want to grant the permissions it needs to operate Firewall Configuration Wizard Application Analysis Comodo Firewall Pro is now scanning your computer for known applications This may take a few minutes depending on currently installed applications on Your Computer ou can press Skip button anytime to cancel the operation C Program Files dobe Photoshop CS Help Back Wiest gt Firewall Configuration Wizard Application Analysis Comodo Firewall Pro is now scanning your computer for known ei applications This may take afew minutes depending on curently installed applications on POU computer Tou can press Skip b
73. on their severity levels High Medium and Low High Medium and Low Severity Alerts High Severity Alerts are represented by a Red icon High Severity alerts are generated by DOS Denial of Service attacks Port Scan Trojan Probe attacks and when application monitor detects a leak When a high severity alert is detected the firewall goes into emergency mode The firewall will stay in emergency mode for the duration set by the user This duration set by default to 120 seconds can be configured in the Intrusion Detection tab in Advanced Configuration Whilst in emergency mode all inbound traffic is blocked except those previously established and active connections However all outbound traffic is still allowed Medium severity alerts are represented by an Orange icon W Comodo Firewall Pro 2 4 User Guide 49 C 0 M 0 D 0 Creating Low severity alerts are represented by a Green icon T Medium and Low severity alerts are caused by violation of network control rules Alert Description You can view details about a generated alert by selecting it and clicking on the Description tab You will get information about the nature of attack Source IP Destination IP and cause which triggered the alert Alert When Comodo Firewall Pro intercepts any unknown program or a program not matching the set rules you will be prompted by the generation of a Alert window SE E St Sien COMODO Firewall Pro SACU IY Alert a
74. onfiguration Application Behaviour Analysis Comodo Firewall Pro analyses each application s behavior and detects any suspicious activity before granting it internet access This powerful new feature enables it to detect more trojan activity than any other firewall the ultimate protection against the leaks that the most personal firewalls fail to detect including e Process memory injections e Invisible processes e Parent application change e DLL Code injections Comodo Firewall Pro 2 4 User Guide 76 C 0 M 0 D O Creating Application Behavior Analysis M Monitor inter process memory modifications Detects if an application modifies the memory of another application Monitor DLL iInjectons Detects if an application loads a dynamic link library into process space of another application Monitor Windows messages Detects if an application modifies another application s window by sending special Windows messages such as Wh PASTE Monitor COM OLE automation attempts Detects if an application tries to communicate with another application in a way so that it can be manipulated by an underlying COM interface Monitor DNS queries Detects if an application uses Windows DNS service to make recursive DNS requests Monitor parent application leaks Detects if the parent application has any of the monitored leaks above OMS monitoring is not dependent on this option Enable Application Behaviour
75. or network Comodo Firewall Pro 2 4 User Guide 29 C 0 M 0 D O Creating z 7 i Security Alert COMODO Firewall Pro Internet Explorer i trying to connect to the Internet What would you like to do Details ke Application g iexplore exe Remote IP B4 233 161 147 Fort httofS0 TCP Security Considerations E evplore eke i a safe application hd Remember mu answer for this application In case you are unsure about the application you can view more information about the application by clicking More Info tab so that you can decide on the action to be taken When you click the More Details icon a dialog box will appear containing detailed information about the application Outgoing Connection Alert This Dr type of alert is generated when an application is trying to access your the internet or remote host You can choose to allow deny the application by selecting IP address Port and Zone in the same way as for Incoming alert You can also choose whether or not you want the firewall to remember this setting by checking the box at the lower right hand corner E Spe mge Task oe COMODO Firewall Pro security Alert HSH Messenger i trying to connect to the Internet What would you like to do Details Da Application Ki minm g Ese Remote ID 207 68 175 61 Fort http 80 TCF 3 Send to COMODO for analysis Security Considerations x C P
76. ort 1104 UDP Breu Conagbtdgeer e wf lexpiote exe it a sale appicahon Mex ff Remember my answer Io this application 1 of 2 Allow Dem eee em ew ee ee e e mm e rm rm He He e Appiicadon Lee calls X Appication C Parent Application Path gt C Program Files nternet Exsploner vexplore exe Security Considerations clearly Version 600 290 2180 explains The security risks associated ech el dla St Miomo Copaations rr D EC FG Free egene with the popup if amp Security E a Description ewpkug ev it the main executable for Microsoft Interest a Explorer This Microsolt Windows application allows you to surf e the web and local intranets vi With the application database users can see everyting about the apelication e its security classification te OAR SPE IK ete Comodo Firewall Pro 2 4 User Guide 26 C 0 M 0 D 0 Creating The Alert includes information like name of Application which triggered the alert the Parent Application the Protocol used by the Application its IP address and its Port Number Some alerts contain the Send files to COMODO for analysis link This happens in cases where Comodo Firewall Pro contains no advice about the application or parent applications and it is notare not in our safe list yt a iw COMODO Firewall Pro CAITE alert Internet Explorer i trying to connect to the Internet hat would you like to do Details Fe Applicat
77. ove ine Move Up we Move Down Application Ste Monitor T Permission Protocol Source Destination Criteria lo alow TCP UDP WHERE SOURCE PORTIS E ow ICMPOut WHERE ICMP MESSAGE IS ICMP In Any Any WHERE ICMP MESSAGE IS een ary a UMERE ToMP MESSAGE 5 Component Monitor Details Please select an item to view it s details Figure Network Control Rules Turn On Turn Off The radio buttons specify whether the violation of the listed rules generates an alert notification The default and recommended setting is Turn On Column Descriptions 1 The First Column ID represents the serial number of the applied network rule 2 The Second Column Permission represents the action taken by the firewall of either allowing or disallowing a network connection to be established 3 The Third Column Protocol represents the direction of communication like incoming or outgoing and the protocol being used 4 The Fifth Column Destination represents the IP Address of the computer accessing the network 5 The Sixth Column Criteria represents the Port Numbers of individual applications Comodo Firewall Pro 2 4 User Guide 74 C 0 M 0 D 0 Creating Context Sensitive Menu Rules can be modified by Right Clicking on any rule in the list Comodo Firewall Pro then displays a context sensitive menu L Permission Protocol Souce Destinat
78. owing levels Comodo Firewall Pro 2 4 User Guide 75 C 0 M 0 D O Creating E Comodo Firewall Pro Seles p 7 gt 3 SZ 2 D A c 0 M d D d Fi rewall Pro LANGUAGE UPDATER HELP ABOUT ken mei et a E ie n SUMMARY SECURITY ACTIVITY Custom Advanced Security Configuration e Tasks Application Behavior Analysis f S In this section you can modify various application analysis parameters for Comodo Application Firewall To access the configuration screen which will help you to enable or disable Monitor ad various monitoring options such as memory modification monitoring and or GOM OLE monitoring click on Configure button Component i l Monitor Configure Network Advanced Attack Detection and Prevention Monitor Comodo Firewall has many options which affect its defense mechanisms You can easily modify these options to make the firewall operate according to the specific defense requirements of your network To modify such parameters as DOSSDDOS detection thresholds ete click on Configure button Configure Miscellaneous firewall application should run To modify such parameters as program startup popup In this section you can access various options which will help you to define haw the an Ee frequency ete click on Configure button Configure To restore all of the options in this section ta default settings click on Restore Restore Figure Advanced C
79. plorer exe commanded Internet Explorer exe to access the internet Explorer exe is therefore the parent application to Internet Explorer exe Comodo Firewall Pro 2 4 User Guide 28 C 0 M 0 D 0 Creating COMODO Firewall Pro Application Detalls er Application Path CAWINDOMW S explorer ene Version lt 6 00 2900 2190 Company Microsoft Corporation Security n SRE Description explorer ese is the Windows Program Manager or Windows Explorer It manages the Windows Graphical Shell including the Start menu taskbar desktop and File Manager By Types of Alerts The Security Considerations section of each pop up alert contains an icon that provides an at a glance information about the type of connection being attempted SAFE you can safely approve this connection request The Remember my answer for this application option is automatically pre selected for safe requests SUSPICIOUS CONNECTION Only allow this connection after careful consideration It might be a leak attack trojan or spyware risk UNKNOWN COMPONENTS DETECTED Users should click on Show Libraries button and choose what to do with all detected components UKNOWN REQUEST Comodo Firewall Pro does not know for sure whether the connection is safe Proceed with caution Common Examples Incoming Connection Alert This type of alert is generated when an application is trying to access your computer
80. puter Level Security Slider You can adjust the slider to the Computer Security Level you want gt Block All The firewall blocks everything irrespective of the restrictions set by the user gt Custom Custom security configuration created by the user is applied gt Allow All Disables the firewall and makes it inactive All incoming and outgoing connections are allowed irrespective of the restrictions set by the user The security level chosen by you will also appear in the form of a coloured ball icon on the top right hand corner of the Comodo Firewall Pro GUI A Red icon represents Block Al Security an e ow icon represents Custom Level Security and a Green Icon represents a Allow All security Clicking Test your current security configuration contacts the Comodo HackerGuardian website www hackerguardian com HackerGuardian vulnerability scans conduct in depth testing of your computer and network to identify potential security holes Sign up for a Free Scan to find out how well defended your system is against hackers Test Security Configuration You can check your current security configuration and see how vulnerable your system is for outside attack by clicking the current security configuration icon ua The user will be directed to http www hackerguardian com a Comodo site which let s you check your server vulnerabilities Security Monitoring The Security Monitoring Section section provides shortcuts to
81. r installation Comodo Firewall Pro automatically protects any computer on which it is installed You do not have to start the program to be protected See Starting Comodo Firewall Pro if you are unsure of how to access the main interface The interface contains three main area indicated by the tabs at the top left hand of the interface Summary Security and Activity SUMMARY SECURITY ACTIVITY By default the management interface displays the Summary area information You can also access this area at any time by selecting the Summary tab as shown above The Summary area contains at a glance details of firewall settings and details pe Ge COMODO Firewall Pro a E SUMMARY SECURITY ACTIVITY Kl COMODO Firewall Pro The firewall has logged O high severity events Subscription Validity Lifetime License Type Full ei Security Monitoring Protection Strength wt A Se Excellent Di Test your current security configuration 3 Custom f gt Block All Your computer s security level is set to Custom This RER Jeans your configuraton settings are applied cl Allow All fU Update License LANGUAGE UPDATER HELP ABOUT Join the Comodo Forums and meet up with thousands o other Comodo users to ask uestions find answers make suggestions about our products Network TEP UDP ICMP Others Adapter Intel R PRO Wireless 39454686 Network
82. reating Monitor COM OLE requests when enabled forces CPF to detect any program hijacking attempt which may occur by misuse of COM OLE interfaces by other programs NEW Automatically Approve Safe Applications Automatically approve safe applications option when enabled forces CPF to allow all activities of an application which is recognized as safe by its internal database of over 10000 applications Unless explicitly blocked by a rule Comodo Firewall Pro will allow any activity of the safe applications while still watching for suspicious activities In case for an application action to be taken is set as Aek and if it appears in safe database list of applications it will be allowed without asking user The firewall will still raise an alert if it detects anything suspicious This option is useful for avoiding unnecessary number of questions IMPROVED Zone Modification A Machine or network can be represented as a zone to which a access can be granted or denied by specifying it in Application Network rules The newly designed easy to use GUI in Comodo Firewall Pro 2 allows the user to Add Edit Remove Zones New in Version 2 0 0 NEW Application Component Authentication Comodo Firewall Pro now validates all the components of an application before allowing it Internet access These components can be dynamic link libraries activex components that an application is using NEW Application Behavior Analysis Firewall Pro analyses each
83. recommended for most users Manual configuration runs the Add Trusted Zone wizard the Scan For Known Applications wizard and some basic options outlined in Advanced Configuration Firewall Configuration Wizard Welcome to COMODO Firewall Pro Configuration Wizard This wizard will help you to configure COMODO Firewall Pro according to your system settings Manual configuration for power users lt Back Finish STEP 8 Finalising Installation 8 To complete the installation process your system will be configured and you will a dialogue box like the one below Please wait while Comodo Firewall Pro configures itself Figure Configuring your system STEP 9 Restart your system 9 A Setup Complete confirmation dialogue box will be displayed indicating successful completion and telling you that you should restart your system now Please save any unsaved data and click Finish Comodo Firewall Pro 2 4 User Guide 14 C 0 M 0 D O Creating ol COMODO Firewall Pro Installation Wizard hal dl i E D D a COMODO Firewall Pro has been installed successtully BP Please restart the system for installation to complete M Restart the computer Finish Figure Restart your System Comodo Firewall Pro Management Interface After installation the Comodo Firewall Pro icon will be displayed on the Windows desktop To start the Comodo Firewall Pro program double click on the
84. rogram Files HaxthoniM avtbon exe has tried to use manmegrexe through OLE Automation which can be used to hijack other applications Masthon exe might be uzing msnmsqr ese to connect to the Internet Remember my answer for this application Comodo Firewall Pro 2 4 User Guide 30 C 0 M 0 D O Creating New Parent Application Detected Parent applications are those that instruct another program to make a connection to the intenet Often this is the result of user action and is innocuous For example you might click in on link in a email in Microsoft Outlook Outlook would then tell Internet Explorer to connect to the net and would thus become its parent application Se es _ COMODO Firewall Pro Zem Internet Explorer i trying to connect to the Internet Wat would wou like to do Details Fe Application 4 iexplore exe Remote IP 87 106 11 120 Fort http 80 TCP Parent T Ghost exe amp Send to COMODO for analysis Security Considerations gt iexplore exe is a safe application A new parent d application has been detected for explore exe Ghost exe may be using lexplore exe to connect to the Internet Remember my answer for this application Other times the connection is not so harmless In the example below the malicious program Ghost exe has instructed Internet Explorer to connect to the internet Please monitor every alert you receive to ensure your PC is not subjec
85. s of data are sent either via TCP UDP or ICMP with a spoofed IP source address which will never send back a response to the destination server This results in a backlog of responses When this is done multiple times from multiple sources it floods the destination server which has a limit of unacknowledged responses it can handle This will ultimately bring down the server By default Comodo Firewall is configured to accept limited traffic for a set duration for example 50 packets per second for 20 seconds If the packets threshold is exceeded a DOS attack is detected and the Firewall goes into emergency mode The firewall will stay in emergency mode for the duration set by user By default this is set at 120 seconds Users can alter this to their own preference by configuring How long should the host stay in emergency mode while the host is under dos attack see below by default the duration is set to 120 seconds In the emergency mode all inbound traffic is blocked except those previously established and active connections However all outbound traffic is still allowed Ports Probe Rate Port scanning a favorite approach of computer cracker gives the assailant an idea where to probe for weaknesses Essentially a port scan consists of sending a message to each port one at a time The kind of response received indicates whether the port is used and can therefore be probed for weakness Comodo Firewall Pro detects the most common forms of port
86. s since the program started Application Metwark ee 6 0 Skypeexe 1 2 0 SSES 10 System EL iew More Figure Active Applications Click View More to get more information about current active applications the protocol being used and the addresses or names of the connected computers This performs the same function as clicking Activity at the top left hand of the main interface and takes you to the Connections screen Network Comodo Firewall Pro maintains real time network counters that track users Internet usage The detailed statistics include the information about the overall network protocol distribution Network TCP UDP and ICMP bytes sent and received Click on the Network link under Traffic section to get the information Comodo Firewall Pro 2 4 User Guide 35 C 0 M 0 D 0 Creating pplication Network TCP UDP ICMP Others Figure Network Traffic The network traffic provides instant data in percentage about your incoming and outgoing network traffic System Info The System Info area of the summary screen contains details about the network adapters installed on your computer Adapters O p IntelfR PRO Wireless 3945466 Network IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Type Adapter MAC Address Ss 00 12 02 57 23 95 Next gt gt Figure Network Adapter Comodo Firewall Pro detects all of the network adapters i
87. t Corporation Computer Browser Service OLL Allow Ze Block BROW SEUL DLL 6 00 2600 1622 Microsoft Corporation Shell Browser UI Library G Allow C Block Cas db dll Een Dat CObRODO Comodo Antispam Database Utility BLL Alloy Block Daci mn dl E E E TOMA A Comnreccinn lFiliks Fil fa lo Block Select the component which you want to remove from the rules list and Click Remove Apply Saves your settings after adding removing components Comodo Firewall Pro 2 4 User Guide 73 C 0 M 0 D O Creating Refresh When in learning mode CPF continuously updates the component database which may not be reflected to component monitor list until Refresh button is pressed Network Monitor Click on the Network Monitor tab in the Security main screen Network filtering rules can be added modified deleted through Network Control Rule Attributes Any rules created using Add New Network Control Rule will be displayed in this list Comodo Firewall Pro applies rules on a per packet basis and applies the first rule that matches that packet type to be filtered If there are a number of rules in the list relating to a packet type the one nearer the top of the list will be applied E Ze Comodo Firewall Pro fc fel W COMODO Firewall Pro nr i LANGUAGE UPDATER HELP AAROUT SL Fe rm ES i SE ER ga SUMMARY SECURITY ACTIVITY Custom e Network Control Rules e Tasks Ze Turn On Turn Off G Add JA Edit mg Rem
88. t to outgoing or incoming attacks from hackers spyware or trojan horse programs Unknown Components Detected e ITT ES Gy COMODO Firewall Pro security Alert Internet Explorer i trying to connect to the Internet what would you like to do Details ei Application 7 iexplore exe Remote IF 66 102 39 59 Port himm TCF Security Considerations l weg There are unknown components in explore eue that require approval before proceeding with this request Click on Show Libraries to view the details SH Show Libraries Remember my answer for this application 1 of 3 SLS Users should click the Show Libraries button before deciding whether to let the connection proceed Comodo Firewall Pro 2 4 User Guide 31 COMODO Creating T Ta KS a Internet Access CH C Program Files adobe Adobe Acrobat IE Helper Version 7 0 for Ca Allow Block Ask CMWINDOWS system32 Advanced Windows 32 Base API Ce Allow C Block Ask COMODO Firewall Pro Y Components Cancel Invisible Application This alert occurs when an application tries to invisibly connect to the internet Invisible connection attempts may represent a risk of Trojan or spyware application In the example above the executable tooleaky exe is attempting to use Internet Explorer to access the internet Security Alert Ye COMODO Firewall Pro d Internet Explorer i trying to
89. tails Eg Application 5 IESPLORE EXE Remote IF 192 168 0 1 Port drs S3 UDP Security Considerations Lei IESPDLORE Eat ts a safe application Iw Remember mu answer for this application 1 of 7 QoQ Figure Alert Pop Up The Alert includes information like name of Application which triggered the alert the Parent Application the Protocol used by the Application its IP address and its Port Number The top right corner of the pop up also shows the Security Alert Severity Level The colour assignations correspond to those outlined above in High Medium and Low Severity Alerts OK Security Alert For example pop window shown above indicates a green severity security level This is because Internet Explorer is considered a safe application Quickly glancing at the alert level indicator provides a quick way to determine whether an application or activity should concern the user Details Contains e The application name e The IP address of the site it is attempting to connect to e The port it is using to make the connection e The protocol it is using to facilitate the connect Security Considerations This area provides a consise at a glance summary of the security risk involved with allowing this application to access the internet Choose options Once you understand the risk you can respond in the following ways Remember my answer for this application check this box to instruct the Firewall not to generat
90. tasks in the Security section of the firewall These sections allow you to configure Firewall operations and settings administrating Application Monitior Shortcut to the Application Monitoring Section of Security 2 modes of operation ON or OFF Component Monitor Shortcut to the Component Monitor Section of Security 3 modes of operation ON OFF or LEARN MODE Comodo Firewall Pro 2 4 User Guide 41 C 0 M 0 D O Creating Network Monitor Shortcut to the Network Monitoring Section of Security 2 modes of operation ON and OFF Application Behavior Analysis Shortcut to the Advanced Section of Security 2 modes of operation ON and OFF Protection Strength There are five levels of protection strength Comodo Firewall Pro determines the protection strength based on the ON or OFF attributes for each of the sections in the Security Monitoring section above The five levels are Excellent Good Fair Poor Bad The default settings of Application Monitor ON Component Monitor Learn Mode Network Monitor ON and Application Behaviour Analysis ON produce a default Protection Strength of Excellent Updater The Comodo Firewall Pro Updater will download Manual or Automatic updates only if your computer is connected to the Internet If Internet connection is unavailable the updating process will not start There are two types of Updater These are Automatic Updater Manual Updater Automatic Updater The Automatic upda
91. ter module checks for update availability once a day As it is checking it shows a flashing icon in system tray as shown below If updates are available the message box is displayed otherwise not and it checks again next day To download the updates click Yes else No If you click No the updates would not take place After updates are installed a pop up Comodo Firewall installing updates 3 e Comodo Fer 4 Sc OU Ko p W Loa DM e we COMODO Firewall Pro COMODO Firewall has been updated successfully BV ioe After the installation process is completed you will need to re start your computer for the changes to take effect Comodo Firewall Pro 2 4 User Guide 42 C 0 M 0 D O Creating Click Yes to re start immediately or No to re start at a later time Comodo Firewall Pro Automatic Updater a Comodo Firewall Pro requires system to be re started for update to take effect Do you want to re start the Yes No system now Manual Updater Manual updates can be downloaded and installed at any time by clicking the Updater button in the top right hand corner of the firewall interface Updater uses Internet Explorer s Internet connection settings to deliver your updates To intiate the update process click on the Start button If you want to initiate the updates later click on the Abort button to leave the Updater wizard Comodo Firewall Pro
92. the checksum stated in the signature If the two do not match then the packet has been altered since transmission and Comodo Firewall will block it Monitor other NDIS protocols than TCP IP This will force Comodo Firewall to capture the packets belonging to any other protocol diver than TCP IP Trojans can use their own protocol driver to send receive packets This option is useful to catch such attempts This option is disabled by default because it can reduce system performance and may be incompatible with some protocol drivers Miscellaneous The Miscellaneous section allows you to 1 Manage the generation of alerts in Comodo Firewall Pro 2 Configure various program settings Miscellaneous Firewall Alerts Jh Enable alerts if disabled the firewall will not display any alerts Do not show any alerts for the applications certified by COMODO If Skip loopback 127 x x UDP connections Skip loopback 127 x x TCP connections Alert Frequency Level Low At this frequency the firewall will show alerts for outgoing and incoming Cor act as a server connection requests for an applicatian many alerts at a time should be displayed E How long should an alert remain on the screen if 120 seconds left unanswered Program Settings M Automatically check for program files updates M Automatically check COMODO certified applications updates Show the application window on system startup Jh Protect own registry keys and fil
93. the components 5 The Fifth Column Permission represents the action to be taken by the firewall whether to Allow or Block access Allow or Block are the two types of permissions 1 Allow means allow the internet access request of the application which has the component loaded into its memory 2 Block means block the application s internet access request while it has the component loaded into its memory Permissions of a component affect the whole application i e according to selected components existence the whole application will be blocked or allowed access Selecting any of the component in the first column also displays additional information in the Details panel at the foot of the screen where complete path of the component can be seen Turn On Turn Off Learn Mode on Component Control Rule Turn On C Turn Off C Learn Mode You can activate deactivate Component Monitor by clicking Turn On Turn off buttons at the top of the list Component monitor On When Turn On is selected the Component Monitor section of the Summary screen will dispay m Component Monitor Figure Green This mode forces the firewall to check for the applications components in memory before granting them internet access If any application tries to make a connection to the outside the firewall audits all the loaded components and checks each against the list of components already allowed or blocked If a component is fo
94. the nature of attack for example attack types could be policy violation caused by a Control Rule DOS Denial Of Service attack or TCP UDP Port Scan 4 The Fourth Column Date amp Time represents the date and time when the alerts were triggered Context Sensitive Menu Right clicking on the alert list reveals a context sensitive menu containing further log options Application Behavior Analysis Suspicic Show Logs For i Lag Events From kt Suspicion Suspicicy Suspicion Export HTML SUSpicio Show Logs For The user can choose to view logs of all alerts from Today Last 7 days or Last 30 days The default is to show today s alerts only Log Events From There are four separate components of Comodo Firewall Pro that have the potential to populate the Log area with the alerts they generate This entry lets the user change which events are recorded in the logs according to the component that generated them By default alerts generated by all four components are recorded Comodo advise users to leave this setting at the default Export HTML Users can export a more detailed HTML copy of the logs to local or network drives This is very useful for records and troubleshooting purposes Click the Export HTML entry choose a filename and destination and click Save Clear All Logs Empties the current view Types of Alerts There are three types of alerts based
95. tion Path CAWINOOMW S Vexplorer exe Version gt 6 00 2900 2190 Company Microsoft Corporation Security SAFE Description esplorer ese is the Windows Program Manager or Windows Explorer It manages the Windows Graphical Shell including the Start menu taskbar desktop and File Manager By Comodo Firewall Pro 2 4 User Guide 51 C 0 M 0 D O Creating Firewall Security Firewall security is accessed by selecting the Security tab of the main interface SUMMARY ACTIVITY You can configure the security settings of Comodo Firewall Pro at different levels The Tasks feature allows you to create rules for applications and network connections through a series of shortcuts The Application Monitor feature allows you to either add modify or filter Application filtering rules The Network Monitor feature allows you to view configure your network control rules The Advanced Configuration allows the user to configure the security settings at an advanced level COMODO Firewall Pro ey Application Monitor Component Monitor Network Monitor Advanced COMODO Firewall Pro KC ACTIVITY Wizards v7 ER LANGUAGE UPDATER HELP ABOUT Custom Define a new Trusted Application Select an application for which you would like to grant full Internet access rights Add Remove Modify a Zone A network can be represented as a zone to which an access can be granted or
96. tions per minute Component Monitor A component when loaded into application s memory acts as a part of that application hence having the same network access rights as the application itself Comodo Firewall Pro now validates all the components of an application before granting the Internet access These components may be dynamic link libraries or ActiveX components that an application is using Component Control Rules can be added removed and applied via the Component Monitor Component Control Rules Click on the Security tab then the Component Monitor button The interface will then display a list of Components alongside various user configurable attributes r mmmg G A Comodo Firewall Pro E IB v LANGUAGE UPDATER HELP ABOUT w COMODO Firewall Pro Si SUMMARY SECURITY ACTIVITY Custom Component Control Rules T C Turn On Turn Off Learn Mode cis Add m Remove T Apply lt gt Refresh Sh Monitor Leet ees coreey es eer beem dl 8 0 0812 Microsoft Corporat MSN Messenger Contacts Allow C Allow Te Block Te HUNNER ata 5 BE Accessibilit 7 0 0 200 Adobe Systems In Adobe Acrobat Accessibilit Wett Allow Block ACE dll D Adobe Systems In Adobe Color Engine Le Allow Block m Network AcGenral dll DEEN Microsoft Corporat Windows Compatibility DLL Allow as Block P Monitor FX Acrobat dl 7 0 0 200 Adobe Systems In Adobe Acrobat 7 0 2 Al
97. to Custom ustom This means all restrictions set by you are applied Click Yes to reboot the system now or No to reboot at a later time Comodo Firewall Pro 2 4 User Guide 45 C 0 M 0 D O Creating Firewall Activity Comodo Firewall Pro records information about all application and network connections actions that the firewall has taken and any alerts that have been triggered The Activity section includes details about active Connections and the Logs section includes customized information about triggered Security alerts Q COMODO Firewall Pro 1 COMODO Firewall Pro S kel EEN d LANGUAGE UPDATER ER WC SUMMARY SECURITY ACTIVITY Custom z 3 IEXPLORE EXE TCP In 192 168 201 103 1 64 233 167 99 Ep 4598 op i EXPLORE EXE 426 B 62B a JEXPLORE EXE 469B 626 S TEXPLORE EXE TCP In Out 471 62 B ei IEXPLORE EXE 64 233 189 104 80 4716 epp G IEvPLORE EXE 64 233 189 104 80 3926 5548 L5A55 EXE TCP Out 62 B na 192 168 200 1 389 TCP In Out 3 419 MB 4766 MB TD Ee ok JO JO Zni JO Del E sd BW mi eet ien Ce GE Bac en OS Ke te fe a1 as a Ihe eI L555 EXE TCP Que i92 166 201 105 DP 1 225 KB Details Security Risk SAFE Version 3 00 2195 7011 Path CH wWiINhTysystems2 LSa55 EXE Company Microsoft Corporation Description sass exe is a system process of the Microsoft Windows security mechanisms It specifically deals with
98. to popup alert Each time Comodo Firewall Pro discovers unknown components within an application the user is notified via an alert In version 2 3 these particular alerts now contain a built in link to instantly submit the suspicious files to Comodo for analysis IMPROVED Default network control rules IMPROVED New icons for rules section IMPROVED Tasks and Advanced section layouts are redesigned IMPROVED Effect on OS system performance has significantly been decreased FIXED Bug causing Windows to freeze a rare but serious bug of BETA Releases FIXED Bug causing Log Size selection to be forgotten after a reboot FIXED Bug causing legitimate packets to be dropped by protocol analysis FIXED The firewall will use the default browser instead of IE REMOVED Hardware details section from the summary section New in Version 2 2 0 NEW Skip advanced security checks Skip advanced security checks options in the Application control rules is for the applications which user allows but still for some reasons they fail to connect NEW CPF passes another leak test Comodo Firewall Pro passes one more leak test called BITS http www firewallleaktester com news htm IMPROVED Display Settings Display issues seen in system s DPI setting higher than 96 DPI or while using large fonts settings for system has been fixed New in Version 2 1 0 NEW Monitor COM OLE Requests Comodo Firewall Pro 2 4 User Guide 6 C 0 M 0 D 0 C
99. ts to be generated at one time By default the maximum number of alerts is kept at 20 appearing as Alert 1 Of 20 2 of 20 and so on The pop up window will include a navigation bar if the number of alerts is greater than one and the alerts are stored in the memory so that the user can navigate between them until they are responded to Comodo Firewall Pro 2 4 User Guide 82 C 0 M 0 D 0 Creating How long should an alert remain on the screen if left unanswered Determines how long the Firewall will show an alert for without any user intervention By default the timeout is set at 120 seconds For an in depth explanation of the types of alerts and how to understand them please refer to Alerts Program Settings Automatically check for program file updates Determines whether or not Comodo Firewall Pro should automatically contact Comodo servers for updates We advise users enable this option to maintain the highest level of protection Users that choose to disable automatic updates can manually download updates by clicking the Updater button at the top right of the firewall interface Automatically check Comodo certified application updates This option allows the user to update Comodo Firewall Pro s internal database of known applications from our servers on a daily basis It is highly recommended users keep this setting to it s default Checked status Show Application window on system start up The start or splash screen of
100. ty Alerts High Severity Alerts are represented by a Red icon wy High Severity alerts are generated by DOS Denial of Service attacks Port Scan Trojan Probe attacks and when application monitor detects a leak When a high severity alert is detected the Firewall goes into emergency mode The firewall will stay in emergency mode for the duration set by user i e time to stay in emergency mode by default the duration is set to 120 seconds In the emergency mode all inbound traffic is blocked except those previously established and active connections However all outbound traffic is still allowed Medium severity alerts are represented by an Orange icon Vu Low severity alerts are represented by a Green icon TI Medium and Low severity alerts are caused by violation of network control rules Alert Description You can view details about a generated alert by selecting it and clicking on the Description tab You will get information about the nature of attack Source IP Destination IP and cause which triggered the alert Comodo Firewall Pro 2 4 User Guide 38 C 0 M 0 D 0 Creating Alert When Comodo Firewall intercepts any unknown program or a program not matching the set rules you will be prompted by the generation of a Alert Pop Up window ES igs ae je COMODO Firewall Pro security Alert Internet Explorer i trying to connect to the Internet What would you like to do De
101. und to be blocked the entire application is denied internet access and an alert is generated If the firewall detects unknown components those not listed in the firewall database then the alert will contain a Show Libraries button Click to review the components and decide whether or not to grant them access An alert similar to the following will appear when one or more components are found which are not listed Comodo Firewall Pro 2 4 User Guide 70 COMODO Creating A mm COMODO Firewall Pro Security Alert Internet Explorer i trying to connect to the Internet What would you like to do Details e Application E iexplore exe Remote IF 66 102 93 99 Port httpiS0 TCP Security Considerations i we There are unknown components in euplore exe that require approval before proceeding with this request Click on Show Libraries to wiew the details Show Libraries Remember mu answer for this application 1of3 OQ To check the components click Show Libraries which will show list of components C 0 M O D oO Firewa il Pro k Internet Explorer i tying to connect to the Internet what would you like to do Details pe e COMODO Firewall Pro in Components Internet Access FA cAProgram Files Adobe Adobe Acrobat IE Helper Version 7 0 For Le Allo C Block C Deck lc AwMmMDcCH iS suste 3 advanced windows 32 Base API Le Allow
102. utton anytime to cancel the operation The wizard has finished scanning your computer Click Finish to exit the ske a Rack evt Finish Comodo Firewall Pro 2 4 User Guide 63 C 0 M 0 D O Creating Application Monitor Using Comodo Firewall Pro you can protect your system beginning with the individual applications that you have running on your system Using Application Control rules you can set the permission status of an application Application filtering rules can be added modified deleted through Application Control Rule attributes Application Control Rules Click on the Security tab then the Application Monitor tab in the main firewall interface The interface will then display a list of applications alongside various user configurable attributes pE SS 3 LANGUAGE UPDATER HELP ABOUT CF ES ae e ER i 7 SUMMARY SECURITY ACTIVITY Custom Application Control Rules COMODO Firewall Pro Vi Age Turn On C Turn Off cis Add FA Edit bd Remove Application Destination Port Protocol Permission SH cofupdat exe Any Any TCP UDP Out iv Allow Ok SE SIS firefox exe j y TCP UDP In w Allow RI frefox exe Any Any TCP UDP Out fei Allow a Network Wess ei bei eso Onon ala Monitor fe nvuexe Ind e O OE TCP UDP In wt Allow d ee Dn Led ru Out Gei Allow SH Advanced ket C tay Tiia Tep _ Application W Pocket CHM exe An
103. wall Pro Summary page to view the About information dialog From here you can view information about the Version Number of the Firewall that is installed on your computer the Web site from where you can download the latest version of the Comodo Firewall Pro and the status of your license like Subscription validity and the type of License ww COMODO Firewall Pro Version 2 4 8 123 COMODO Certified Applications Database Version 1 7 Subscription Validity Lifetime License Type Full http personalfirewall comodo caom http comoda com Figure About Comodo Firewall Pro For more information you can visit the site http www personalfirewall comodo com and _ http www comodo com Comodo Firewall Pro 2 4 User Guide 84 C 0 M 0 D 0 Creating About Comodo is a leading global provider of Identity and Trust Assurance services on the Internet with Co mM Od O over 200 000 customers worldwide Headquartered in Jersey City NJ with global offices in the UK Ukraine and India the company offers businesses and consumers the intelligent security authentication and assurance services necessary to ensure trust in online transactions As a leading Certification Authority and in combination with the Digital Trust Lab DTL Comodo helps enterprises address digital ecommerce and infrastructure needs with reliable third generation solutions that improve customer relationship enhance customer trust and create effici
104. will then be presented with two download Options You should choose Option 2 because you are adding Turkish language support to an existing installation of the firewall Comodo Firewall Pro 2 4 User Guide 18 C 0 M 0 D 0 Creating Please select your preference below sw Comodo Firewall Pro Turkish Version Option 1 Download Turkish Version of Comodo Firewall Pro 2 4 Size 3 43 MB Download if you do not have Comodo Firewall Pro 2 4 installed This will install the full application with English and Turkish language Support Option 2 Download Turkish language pack add on Size 1 60 MB Download this if you just want to add Turkish language support to an existing installation of Comodo Firewall Pro 2 4 for above Note You must install version 2 4 for above before installing this language pack Click Yes at the confirmation box to start the installation of your additional language COMODO Firewall Pro Installer After installing the additional language you will see the following confirmation screen Click Finish to complete the installation Comodo Firewall Pro 2 4 User Guide 19 C 0 M 0 D O Creating metalation Wizard sl a KW COMODO Firewall Pro Turkish language support has been a p installed successtully Please click on Language icon 4 present on COMODO Firewall Pro toolbar to switch to this language Finish STEP 2 Switching between la
105. y TCP UDP In wy Allow TCP UDP Out E Pocket_CHM exe S skype exe TCP UDP Out B YahooMesseng Any TCP UDP In E YshooMesseng Any any TCP UDP Out Si Allow Allow ke yupdater exe Any Ier TCP UDP Out amp Allow Details Security Risk SAFE Invisible Allow Connections Unlimited Version 1 5 0 6 Path C Program Files Mozilla Firefox firefox exe Parent Path C Program Files Yahoo Messenger YahooMessenger exe Description Mozilla Firefox is a Web broweer with Tabbed Browsing option Firefox keeps Figure Application Control Rules Column Description 1 The First Column Application represents each application s icon and name description if the application has no icon the default system icon for executable files will be used if no description name is available the name of the file without the extension will be displayed 2 The Second Column Destination represents the remote IP Address of the application 3 The Third Column Port represents the Port Numbers of individual applications 4 The Fourth Column Protocol represents the Protocol usually TCP UDP or Both as well as direction of communication as Incoming or Outgoing Comodo Firewall Pro 2 4 User Guide 64 C 0 M 0 D 0 Creating 5 The Fifth Column Permission represents the action taken by the firewall like Allowed Trusted Disallowed etc Selecting any of the applications
Download Pdf Manuals
Related Search