Comodo Firewall

06/03/2009 01:21

Comodo Firewall
Comodo Firewall Pro is a well-known and trusted software firewall. It is free for personal use. The firewall will help protect your computer from unauthorised connections to and from the Internet. Installing Comodo

Homepage www.personalfirewall.comodo.com Computer Requirements Windows 2000/XP /2003/Vista Administrator rights required for installation Version used in this guide 2.4.18 (English v3.5 also available)

Follow any program-specific directions in the Guide If there are none, simply click the link below and choose a location to save the installer Find the installer on your computer and double-click it
Comodo:

License Freeware Required Reading: How-to Booklet chapter 1. Protecting your Computer from Viruses, Malware and Hackers Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced Time required to start using this tool: 60 minutes What you will get in return: The ability to effectively and efficiently protect your computer and network security from hostile parties, Internet hackers, malware, viruses and other software or system threats The ability to control all requests made by programs residing on your computer when accessing the Internet, through an easily configurable software interface 1.1 Things you should know about this tool before you start What is a firewall? A firewall is like a doorman or guard for your computer. It has a set of rules about what information should be let in and what information should be let out of your computer. Your firewall is the first program that receives and analyses incoming information from the Internet and the last program that scans outgoing information to the Internet. Why do I need it? To prevent hackers or other intruders from accessing personal information stored on your computer. To prevent malware programs from sending information to the Internet without your authorisation. Comodo Firewall Pro is a well-known and respected firewall software. It is free software, which means you can use it without purchasing a license. In recent tests, it was actually found to perform better than other, subscription-based firewall software. Will it work for me? It will take some getting used to. Running a custom firewall program may require devoting considerable time and effort at the beginning to making sure all the settings are correct and suited to the way you use your computer. After an initial learning period, the firewall will work seamlessly, requiring minimal intervention on your part. Warning!: Never access the Internet without a firewall installed and running on your computer! Even if your Internet modem or router has its own firewall, it is strongly recommended that you have one installed on your computer as well.

How to Start Comodo Firewall Pro
Important: While you are installing Comodo Firewall Pro, you will be asked on the screen if you have "any other third party personal firewall installed". You should only use one firewall program on your computer at a time. If you are using

http://en.security.ngoinabox.org/book/export/html/162

1 of 16

Comodo Firewall
another firewall on your computer, it must be uninstalled before you can install Comodo Firewall Pro.

06/03/2009 01:21

Note: Windows XP Professional Edition (Service Pack 2 & higher) automatically enables the Windows Firewall. Comodo Firewall Pro will usually prompt you to disable the firewall automatically. If it does not, you can manually disable the Windows Firewall by performing the following steps: Step 1. Select: Start > Control Panel > Windows Firewall to activate the following screen:

Figure 1: The Windows Firewall screen
Step 2. Check the Off (not recommended) option. Step 3. Click: to disable the Windows Firewall.

2.1 How to Grant or Deny Access After you have installed Comodo Firewall Pro, it will prompt you to set access permissions or rights that control how different programs residing on your computer access the Internet. Generally, valid requests should be allowed and malicious ones denied; however, it may require a little experience to tell the difference between a valid and a malicious request. Each time a request is made, a Security Alert screen resembling the following appears:

http://en.security.ngoinabox.org/book/export/html/162

2 of 16

Comodo Firewall

06/03/2009 01:21

Figure 2: An example of a Comodo Firewall Pro Security Alert screen
Note: A firewall is a program designed to protect your computer from hackers and malicious software. Both of these can access your computer directly or try to send information from your computer to a third party. Therefore, a new firewall must 'learn' which programs are 'good' and permit access to them, while remaining closed to all rogue software and processes on your computer. You will need to investigate all new access requests and decide whether to allow or deny access to them. Important: You must read the information displayed in the Application and Parent items in the Details section of the Security Alert screen. Note that: The Application seeks access to the Internet The Parent is the program executing the request to launch the application Typically, only a few programs will be displayed in the Application field. These may include your Internet browser, email client and instant messaging software, among others. You may recognise many of these applications just by their names. The Parent request, though not always present, could come from a number of different sources, some legitimate but others malicious.

Figure 3: A Security Alert screen featuring a Generic Host Process for Win32 Services request
Example: In Figure 3, the Application program is svchost.exe and the Parent is services.exe. The Security Considerations pane details which program is requesting access through the Parent and the Application. In this case, a

http://en.security.ngoinabox.org/book/export/html/162

3 of 16

Comodo Firewall

06/03/2009 01:21

valid program, called Windows Explorer, is requesting access to the Internet. This is probably one of the first Security

Alert screens you will receive after you have installed Comodo Firewall Pro and rebooted your computer.
Important: Some tricky viruses can skilfully imitate a valid Windows application. There is no easy way to distinguish them from real access requests. You must be extremely careful when downloading anything from the Internet, and regularly scan your computer for viruses and malware. Note: Usually, all valid access requests will reflect some action on your part. For instance, when you launch a new program for the first time, the firewall will prompt you to specify access permissions or rights. This may also happen when you install or uninstall software. It might take a little bit of getting used to, but soon the firewall will 'learn' and accept your choices, and these messages will stop appearing.

Figure 4: A typical Security Alert screen featuring a KeePass access request
At other times, Comodo Firewall Pro could present you with a slightly different message. In example above, the Keepass Password Safe program is trying to use the Firefox browser to gain access to the Internet. Since KeePass is a valid program that was previously installed on the computer, we can allow its access request. Tip: Click: in the Details section of this Security Alert screen to reveal information about this process.

http://en.security.ngoinabox.org/book/export/html/162

4 of 16

Comodo Firewall

06/03/2009 01:21

Figure 5: The Application Details screen Figure 6: The Application Details screen in Parent Mode
Alternatively, researching these process names on the Internet may reveal information about their behaviour and purpose. If your research indicates that it may be a virus, or you cannot trace the origin of the message, click:

Important: It is best to be on the safe side and deny requests you cannot identify. If this causes a normal program to stop functioning correctly, you can allow the process next time the firewall queries you. Being strict about restricting processes is the best approach to computer security. If you are satisfied that it is a legitimate access request, click: Note: Sometimes, the same program may attempt to access the Internet in many different ways, some previously invisible to you. Do not be alarmed if you are repeatedly prompted to grant access to the same program. After Comodo Firewall Pro has been in operation for a week or so, most of the Security Alert messages will stop appearing. Here is an example of a malicious tool requesting access to the Internet through Internet Explorer:

Figure 7: A Security Alert screen featuring a malicious request from Wallbreaker.exe
Step 1. Click: computer. if the Parent name looks dubious, and seems unrelated to any software you have installed on the

This will reveal its true origin and information about it as follows:

http://en.security.ngoinabox.org/book/export/html/162

5 of 16

Comodo Firewall

06/03/2009 01:21

Figure 8: The Application Details screen in Parent Mode for Wallbreaker.exe
Although little is known about this application, a Google search for wallbreaker.exe may reveal its real purpose. Step 2. Click the Deny button, then scan your computer with an anti-virus and anti-spyware program like Spybot. Tip: Check the Remember my answer for this application option so that Comodo Firewall Pro will 'remember' this decision, and this particular message should not reappear in the future. Sometimes you may not recognise the name of a program. Often, there may be software on the computer which you've forgotten was there, or which you did not install yourself. Maybe somebody else using the computer put the program on and it could be valid, or maybe it's malware (malicious software). These are the ones we need to investigate. Don't worry, once you've done this process of checking which programs to allow once, you don't have to do it again. After a few days, you'll rarely see any of these messages.

Tip: Denying an Internet access request implies that you consider that program or process to be a virus or malware. You must keep your anti-virus and anti-malware software up-to-date, and frequently scan your system for them, especially after you have received suspicious firewall requests.

Advanced Settings and Troubleshooting Tips
Comodo Firewall Pro offers an extensive control panel with numerous customisable features and options. This section covers options directly related to getting the firewall up and running, as well as some quick tips for troubleshooting.

Tip: Click:

to access extensive documentation about Comodo Firewall Pro.

3.1 How to View the Summary screen Step 1. Select: Start > Programs > Comodo > Firewall > Comodo Firewall Pro to activate its main screen as follows:

http://en.security.ngoinabox.org/book/export/html/162

6 of 16

Comodo Firewall

06/03/2009 01:21

Figure 9: The Comodo Firewall Pro main screen in Summary view
The Summary view displays the general information about Comodo Firewall Pro. It shows which program features are running, the network settings, traffic information and the Computer Security Level, and other kinds of information. Important: The Computer Security Level is set at Custom by default. This mode lets you apply your configuration settings and different access permissions for all new programs. Troubleshooting Tip: If you have installed Comodo Firewall Pro, and find that you have suddenly lost Internet access or any network connection, drag the Computer Security Level lever to the Allow All setting. This will make the firewall inactive, and all previous connections should be restored. However, the Allow All setting is only used to test access to services. Do not leave this setting on after you have regained all your network connections and Internet access! 3.2 How to Set Access Rules This section will help you to learn more about setting access rules and permissions in Comodo Firewall Pro.

Step 1. Click:

to activate the Comodo Firewall Pro main screen in Security mode as follows:

http://en.security.ngoinabox.org/book/export/html/162

7 of 16

Comodo Firewall

06/03/2009 01:21

Figure 10: The Comodo Firewall Pro in Security mode. To stop receiving any firewall access messages for a particular
program by granting it full access rights: Step 2. Click the Define a new Trusted Application option to activate the following screen:

Figure 11: The Trusted Application confirmation screen
Step 3. Click: to choose the application (and its path) that you want to set as a trusted application.

In the example above, the Firefox.exe file is selected. This means the firewall will now allow all requests for Firefox to access your computer and the Internet. Note: However, this does not mean that Comodo Firewall Pro will allow just any program to access the Internet through Firefox. You will have to configure them on an individual, per program basis.

http://en.security.ngoinabox.org/book/export/html/162

8 of 16

Comodo Firewall
Step 4. Click: To view all programs with existing permission rules:

06/03/2009 01:21

Step 5. Click:

to activate the following screen:

Figure 12: The Comodo Firewall Pro in Application Monitor mode screen
The Application Monitor screen displays access permissions you have previously defined for different programs. Each instance relates to a process within a particular program that requires access to your incoming or outgoing Internet connection. To manage your program access perform the following steps: Step 1. Double-click on any of the listed processes to activate a screen displaying its permissions. Step 2. Click the Add, Edit or Remove buttons in the top right-hand corner of the Application Control Rules pane to respectively add, edit or remove program access permissions. Step 3. Click: to locate the file path of the executable program and then add it to this list.

http://en.security.ngoinabox.org/book/export/html/162

9 of 16

Comodo Firewall

06/03/2009 01:21

Figure 13: The Application Control Rule screen
3.3 How to Set Access Rules (Advanced Users Only) This section is intended for advanced users. It lets you refine your firewall permission settings, by letting you specify IP address, direction of connection and other options. In the previous example, all activities for Firefox are allowed. However, to set more specific control rules, perform the following step: Step 1. Check the Apply the following criteria option beneath the Application / Parent Application section as follows:

http://en.security.ngoinabox.org/book/export/html/162

10 of 16

Comodo Firewall

06/03/2009 01:21

Figure 14: The Application Control Rule screen
Step 2. Select an access permission from the Action drop-down list. Step 3. Select a protocol type from the Protocol drop-down list. Step 4. Select a connection direction from the Direction drop-down list. 3.4 How to Add Permissions for Your Office Network By default, Comodo Firewall Pro automatically blocks access to your computer from the office network. It may also block any requests your computer sends out to the network. This could result in loss of network services, such as Internet access, printing, document sharing, and other services. You must configure Comodo Firewall so that it will detect that you are working in a network environment, and to permit you to access that network. Important: Before setting up special requirements for the office network, make sure you are connected to it!

Step 1. Click:

in the Comodo Firewall Pro screen.

Step 2. Click: particular settings for your network.

to activate the Trusted Network Zone Wizard to configure

The Trusted Network Zone Wizard is comprised of four screens, and they resemble Figure 15 and Figure 16.

http://en.security.ngoinabox.org/book/export/html/162

11 of 16

Comodo Firewall

06/03/2009 01:21

Figure 15: The Trusted Network Zone Wizard Welcome screen
Step 3. Click:

Figure 16: The Trusted Network Zone Wizard screen for selecting a Zone
Step 4. Select the network connection for your office. Usually, this is your LAN/Ethernet card. Step 5. Click:

Comodo Firewall Pro will automatically detect the network settings and create special permissions for it.
Step 6. Click:

Step 7. Click:

to verify these and other special permission settings.

http://en.security.ngoinabox.org/book/export/html/162

12 of 16

Comodo Firewall

06/03/2009 01:21

Figure 17: The Comodo Firewall Pro main screen in Network Monitor mode
To specify that you want the firewall to permit access to another particular network resource (another printer or router) or to a computer outside your network, then on the above screen: Step 8. Click: to activate the Network Control Rule screen as follows:

http://en.security.ngoinabox.org/book/export/html/162

13 of 16

Comodo Firewall

06/03/2009 01:21

Figure 18: The Network Control Rule screen
In this screen, you can set exceptions for Comodo Firewall Pro so that you can access different network resources (a printer or router, for instance), or a computer outside your network. The example above gives the computer or device operating under the address of 192.168.234.234 access to your computer. Step 9. Click: Important: Consult your network administrator to find out about other necessary permissions for your firewall. 3.5 How to View the Activity Log Comodo Firewall Pro maintains a log of all inbound and outbound activity for the last 30 days. This can help you detect both malware that is trying to connect to the network from your computer and intruders who are attempting to gain access to your computer.

Step 1. Click:

and

to view the logs as follows:

http://en.security.ngoinabox.org/book/export/html/162

14 of 16

Comodo Firewall

06/03/2009 01:21

Figure 19: The Comodo Firewall Pro main screen in the Logs view
Here you can view all inbound and outbound access reports collected by Comodo Firewall Pro, including the time of occurrence as well as the destination and source IP of the event. You can also set the maximum size for the collected log (as it can quickly get quite large). Programs on your computer are consistently trying to contact an Internet site; this does not mean they are malicious: many such programs were simply written that way. Comodo Firewall Pro will eventually stop these unnecessary attempts. Do not be too alarmed by the number of events that appear in the logs! Warning! Many computers are constantly trying to gain access to your computer through the Internet; this does not always mean that a dedicated hacker is trying to access your computer. However, it could be the result of malicious software designed to detect the few computers that are still vulnerable. If that software detects that a computer does not have a functioning firewall, it may plant a virus, trojan or some other malware on it. Such software is regularly used by Internet hackers.

FAQ and Review
Once Salima and Muhindo had figured out what Comodo Firewall Pro does, it was easy enough to use, since most of the time it just sits in the background working away on its own. However, they still want to know:

Q: If I don't have a firewall, can you tell me a bit more about the threats I'd face? What are the different kinds of programs that can get onto my computer and what do they do? A: There are literally thousands of different programs that could enter your computer from the Internet, if it operates without a firewall. There are even Internet 'spiders' that roam all possible addresses looking for computers without a functioning firewall, then reporting this address to the people interested in computer hacking.

http://en.security.ngoinabox.org/book/export/html/162

15 of 16

Comodo Firewall

06/03/2009 01:21

Q: If Comodo keeps out all these programs, why do I also need an anti-virus program and an anti-spyware program? A: A firewall works to specifically restrict access to and from the Internet. It prevents a program or hacker from getting into our computer but cannot protect you from malware that you might download through email, Web pages, or external disks. Anti-virus and anti-spyware programs exist to prevent infection where the firewall cannot. And, of course, these tools can often remove malware that is already installed on your computer. Q: Are there any kinds of malware I need to watch out for which look like Windows programs (or other friendly programs), but which are actually malware? A: Unfortunately, there are many such programs. You need to be extra careful about the origins of any software that you download or install. You should not install any software that is not absolutely relevant and necessary to your work, especially on computers that hold a lot of your sensitive data. Q: How good is Comodo at keeping out hackers? A: Comodo Firewall Pro is just as good as many other software firewalls out there. The Comodo company is well known in security and Internet authority circles. It is offered free of charge to the individual user and its staff are responsive to user queries.
4.1 Questions with which to test yourself after completing the guide Why do I need to install a firewall? How does it work? Can I use more than one firewall at once? How do I check to see whether a program I'm unfamiliar with is safe to allow onto my computer?

http://en.security.ngoinabox.org/book/export/html/162

16 of 16

Sign up to vote on this title
UsefulNot useful