Comodo Help
Find the desired product help
Advanced Endpoint Protection

Advanced Endpoint Protection

Comodo Client Security - Quick Start Guide

English

Print Help
Comodo Client Security - Quick Start Guide > Set Up The Firewall For Maximum Security And Usability
  • Comodo Client Security - Quick Start Guide
    • Installation
    • Start CCS
    • The Main Interface
    • Scan And Clean Your Computer
      • Run A Quick Scan
      • Run A Full Scan
      • Run A Rating Scan
      • Run A Custom Scan
    • Run An Instant Antivirus Scan On Selected Items
    • Set Up The Firewall For Maximum Security And Usability
    • Set Up HIPS For Maximum Security And Usability
    • Run Programs In The Container
    • More Help

Set up the Firewall for Maximum Security and Usability


Note: The firewall is already configured to provide total security. This section is only for advanced users who wish to tweak the settings even further.


Stealth Ports Settings


Port stealthing is a security feature whereby ports on an internet connected PC are hidden from sight, sending no response to opportunistic port scans.

  • Click the 'Tasks' button on the CCS home screen
  • Click 'Firewall Tasks' > 'Stealth Ports'
  • Select 'Block Incoming Connections' to make computer's ports are invisible to all networks

Network Zones Settings


'Network Zones' settings let you configure connections for a router/home network. Note - this is usually done automatically for you.

  • Click 'Settings' on the top left to open the 'Advanced Settings' pane
  • Click 'Firewall' > 'Network Zones'
  • Click the 'Network Zones' tab from the 'Network Zones' interface
  • Inspect the Loopback zone and Local Area Network #1 by clicking the '+' button beside the zone name.
  • In most cases, the loopback zone IP address should be 127.0.01/255.0.0.0
  • In most cases, the IP address of the auto detected Network zone should be 10.nnn.nnn.nnn/255.255.255.0
  • Click 'OK'.

Firewall Settings


Firewall settings let you configure the protection level for your internet connection and the frequency of alerts.

  • Click 'Settings' at the top of the CCS home screen
  • Click 'Firewall' > 'Firewall Settings'




  • Enable Firewall - Leave this option enabled to activate firewall and choose 'Safe mode' from the drop-down beside it.

Safe Mode: The firewall will automatically create rules that allow all traffic for applications certified as 'Safe' by Comodo. For non-certified new applications, you will receive an alert whenever that application attempts to access the network. Should you choose, you can grant that application internet access by choosing 'Treat this application as a Trusted Application' at the alert. This will deploy the predefined firewall policy 'Trusted Application' onto the application.


Alert Settings

  • Do not show popup alerts - Deselect the option to get notified when the firewall encounters a request for network access.
  • Set alert frequency level - Enable and choose 'Low' from the drop-down. At the 'Low' setting, the firewall shows alerts for outgoing and incoming connection requests for an application. This is the setting recommended by Comodo and is suitable for the majority of users.

Advanced Settings


When launching a denial of service or 'flood' attack, an attacker bombards a target machine with so many connection requests that your computer is unable to accept legitimate connections, effectively shutting down your web, email, FTP or VPN server. To protect from such attacks, make the following settings under 'Advanced' in the 'Firewall Settings' interface:

  • Filter loopback traffic:

Loopback connections refer to the internal communications within your PC. Any data transmitted by your computer through a loopback connection is immediately received by it. This involves no connection outside your computer to the internet or a local network. The IP address of the loopback network is 127.0.0.1, which you might have heard referred to by its domain name of 'http://localhost'. This is the address of your computer. Loopback channel attacks can be used to flood your computer with TCP and/or UDP requests which can smash your IP stack or crash your computer.

  • Leave this option enabled for the firewall to filter traffic sent through this channel.

  • Block fragmented traffic:

When a connection is opened between two computers, they must agree on a Maximum Transmission Unit (MTU). IP datagram fragmentation occurs when data passes through a router with an MTU less than the MTU you are using. When a datagram is larger than the MTU of the network over which it must be sent, it is divided into smaller 'fragments' which are each sent separately. Fragmented IP packets can create threats similar to a DOS attack. Moreover, fragmentation can double the amount of time it takes to send a single packet and slow down your download time.

  • Enable this option for the firewall to bar fragmented IP traffic

  • Do Protocol Analysis:

Protocol Analysis is key to the detection of fake packets used in denial of service attacks.
  • Enable this option for the firewall to check that every packet conforms to that protocols standards. If not, then the packets are blocked.
  • Click 'OK' for your settings to take effect.

Set-up Application Rules, Global Rules and Predefined Firewall Rulesets


You can configure and deploy traffic filtering rules on an application-specific and a global basis. You can also create and deploy predefined firewall rule-sets.


Application Rules

  • Click 'Settings' on the top left to open the 'Advanced Settings' pane
  • Click 'Firewall' > 'Application Rules'
  • Use this interface to add, edit, enable/disable or remove internet connection rules for specific applications.
  • See https://help.comodo.com/topic-399-1-904-11870-Application-Rules.html for more help on this.

Global Rules

  • Click 'Settings' at the top of the CCS home screen
  • Click 'Firewall' > 'Global Rules'
  • Use this interface to add, edit, enable/disable or remove global rules which apply to all traffic
  • See https://help.comodo.com/topic-399-1-904-11871-Global-Rules.html for more help on this.

Predefined Firewall rulesets

  • Click 'Settings' at the top of the CCS home screen
  • Click 'Firewall' > 'Rulesets'
  • Use this interface to add, edit, enable/disable or remove firewall rulesets
  • See https://help.comodo.com/topic-399-1-904-11872-Firewall-Rule-Sets.html for more help on this.

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.