Comodo Internet Security

• Introduction To Comodo Internet Security
  • Special Features
  • System Requirements
  • Installation
    • CIS Premium – Installation
    • CIS Pro - Installation And Activation
    • CIS Complete - Installation And Activation
    • Activating CIS Pro/Complete Services After Installation
      • Activating Your License
      • Activating Your Guarantee Coverage
      • Renewal Of Your License
  • Starting Comodo Internet Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understanding Security Alerts
• General Tasks – Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
      • Create, Schedule And Run A Custom Scan
  • Instantly Scan Files And Folders
  • Processing Infected Files
  • Manage Virus Database And Program Updates
  • Manage Quarantined Items
  • View CIS Logs
    • Antivirus Logs
      • Filtering Antivirus Logs
    • Viruscope Logs
      • Filtering Viruscope Logs
    • Firewall Logs
      • Filtering Firewall Logs
    • Defense+ Logs
      • Filtering Defense+ Logs
    • Website Filtering Logs
      • Filtering Website Filtering Logs
    • Alerts Logs
      • Filtering Alerts Displayed Logs
    • Tasks Logs
      • Filtering Tasks Logs
    • Configuration Changes Logs
      • Filtering Configuration Changes Logs
  • Get Live Support
  • View Active Internet Connections
  • View Sandboxed Processes List
• Firewall Tasks – Introduction
  • Allow Or Block Internet Access To Applications Selectively
  • Stealth Your Computer Ports
  • Manage Network Connections
  • Stop All Network Activities
  • Advanced Firewall Settings
• Sandbox Tasks – Introduction
  • The Virtual Desktop
    • Starting The Virtual Desktop
    • The Main Interface
    • Running Browsers Inside The Virtual Desktop
    • Opening Files And Running Applications Inside The Virtual Desktop
    • Configuring The Virtual Desktop
    • Closing The Virtual Desktop
  • Run An Application In The Sandbox
  • Reset The Sandbox
  • View Active Process List
• Advanced Tasks – Introduction
  • Create A Rescue Disk
    • Downloading And Burning Comodo Rescue Disk
  • Remove Deeply Hidden Malware
  • Submit Files
  • Identify And Kill Unsafe Running Processes
  • Manage CIS Tasks
• Advanced Settings
  • General Settings
    • Customize User Interface
    • Configure Program And Virus Database Updates
    • Log Settings
    • Manage CIS Configurations
      • Comodo Preset Configurations
      • Importing/Exporting And Managing Personal Configurations
  • Security Settings
    • Antivirus Settings
      • Real-time Scanner Settings
      • Scan Profiles
      • Exclusions
    • Defense+ Settings
      • HIPS Settings
      • Active HIPS Rules
      • HIPS Rule Sets
      • Protected Objects
        • Protected Files
        • Blocked Files
        • Protected Registry Keys
        • Protected COM Interfaces
        • Protected Data Folders
      • HIPS Groups
        • Registry Groups
        • COM Groups
      • Sandbox
        • The Sandbox - An Overview
          • Unknown Files - The Scanning Processes
      • Configuring The Sandbox
      • Configuring Rules For Auto-Sandbox
      • Viruscope
    • Firewall Settings
      • Firewall Settings
      • Application Rules
      • Global Rules
      • Firewall Rule Sets
      • Network Zones
        • Network Zones
        • Blocked Zones
      • Port Sets
      • Website Filtering
        • Creating And Modifying Website Filtering Rules
        • Defining And Modifying Website Categories
    • Manage File Rating
      • File Rating Settings
      • File Groups
      • File List
      • Submitted Files
      • Trusted Vendors List
• Comodo GeekBuddy
  • Overview Of Services
  • Activation Of Service
  • Launching The Client And Using The Service
  • Accepting Remote Desktop Requests
  • Chat History
  • Using Free Diagnostic Reports
  • Scanning My PC
  • Uninstalling Comodo GeekBuddy
• TrustConnect Overview
• Chromodo Browser
• Appendix 1 CIS How To... Tutorials
  • Enable / Disable AV, Firewall Auto-Sandbox And Viruscope Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Block/ Allow Websites Selectively To Users Of Your Computer
  • Set Up The HIPS For Maximum Security And Usability
  • Create Rules For Auto-Sandboxing Applications
  • Password Protect Your CIS Settings
  • Reset Forgotten Password (Advanced)
  • Run An Instant Antivirus Scan On Selected Items
  • Create An Antivirus Scanning Schedule
  • Run Untrusted Programs In The Sandbox
  • Run Browsers Inside Sandbox
  • Run Untrusted Programs Inside Virtual Desktop
  • Run Browsers Inside The Virtual Desktop
  • Restore Incorrectly Quarantined Item(s)
  • Submit Quarantined Items To Comodo For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Disable Auto-Sandboxing On A Per-application Basis
  • Switch Between Complete CIS Suite And Individual Components (just AV Or FW)
  • Switch Off Automatic Antivirus And Software Updates
  • Suppress CIS Alerts Temporarily While Playing Games
  • Renew Or Upgrading Your License
  • How To Use CIS Protocol Handlers
• Appendix 2 - Glossary Of Terms
• Appendix 3 - CIS Versions
• About Comodo Security Solutions

Filtering Firewall Logs

Comodo Internet Security allows you to create custom views of all logged events according to user defined criteria. You can use the following types of filters:

• Preset Time Filters

• Advanced Filters

Preset Time Filters:

Clicking on the handle at the bottom enables you to filter the logs for a selected  time period:

 

• Today - Displays all logged events for today.

• Current Week - Displays all logged events during the current week. (The current week is calculated from the Sunday to Saturday that holds the current date.)

• Current Month - Displays all logged events during the month that holds the current date.

• Entire Period - Displays every event logged since Comodo Internet Security was installed. (If you have cleared the log history since installation, this option shows all logs created since that clearance).

• Custom Filter – Enables you to select a custom period by choosing the 'From' and 'To' dates under 'Please Select Period'

Alternatively, you can right click inside the log viewer module and choose the time period.

 

Advanced Filters

Having chosen a preset time filter you can further refine the displayed events according to specific filters. Following are available filters for Firewall logs and their meanings:

• Action - Displays events according to the response (or action taken) by the firewall

• Application - Displays only the events propagated by a specific application

• Destination IP - Displays only the events with a specific target IP address

• Destination Port - Displays only the events with a specific target port number

• Direction - Displays only the events of Inbound or Outbound nature

• Protocol - Displays only the events that involved a specific protocol

• Source IP address - Displays only the events that originated from a specific IP address

• Source Port - Displays only the events that originated from a specific port number

To configure Advanced Filters for Firewall events

1. Click the funnel button  from the title bar or right click inside the log viewer module and choose 'Show Advanced Filter' from the context sensitive menu.
   

2. Select the filter from the 'Advanced Filter' drop-down and click 'Add' to apply the filter.

You have 8 categories of filters that you can add. Each of these categories can be further refined by either selecting or deselecting specific filter parameters or by the user typing a filter string in the field provided. You can add and configure any number of filters in the 'Advanced Filter' dialog.

Following are the options available in the 'Advanced Filter' drop-down:

1. Action: Selecting the 'Action' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.

1. Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice.

2. Now select the checkboxes of the specific filter parameters to refine your search. The parameter available are:

• Blocked: Displays list of events that were blocked

• Allowed: Displays list of events that were allowed

• Asked: Displays list of events that were asked to the user

• Suppressed: Displays list of events that were suppressed by the user

2. Application: Selecting the 'Application' option displays a drop-down box and text entry field.

1. Select 'Contains' or 'Does Not Contain' option from the drop-down box.

2. Enter the text or word that needs to be filtered.

For example, if you choose 'Contains' option from the drop-down and enter the phrase 'Bluto-Force' in the text field, then all events containing the entry 'siinst' in the 'Application' column will be displayed. If you select 'Does Not Contain' option from the drop-down field and enter the phrase 'Bluto-Force' in the text field, then all events that do not have the entry 'siinst' in the 'Application' column will be displayed.

3. Destination IP: Selecting the 'Destination IP' option displays two drop-down boxes and a text entry field.

1. Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice.

2. Select 'IPv4' or 'IPv6' from the drop-down box.

3. Enter the destination system's IP address that needs to be filtered.

For example, if you choose 'Contains' option from the drop-down, select IPv4 and enter 192.168.111.111 in the text field, then all events containing the entry '192.168.111.111' in the 'Destination IP' column will be displayed.

4. Destination Port: Selecting the 'Destination Port' option displays a drop-down box and text entry field.

1. Select any one of the following option the drop-down box.

• Equal

• Greater than

• Greater than or Equal

• Less than

• Less than or Equal

• Not Equal

2. Now enter the destination port number in the text entry field.

For example, if you choose 'Equal' option from the drop-down and enter 8080 in the text field, then all events containing the entry '8080' in the 'Destination Port' column will be displayed.

5. Direction: Selecting the 'Direction' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.

1. Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice.

2. Now select the check box of the specific filter parameters to refine your search. The parameter available are:

• In: Displays a list of events that were directed into the system

• Out: Displays a list of events that were directed out of the system

6. Protocol: Selecting the 'Protocol option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.

1. Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice.

2. Now select the checkboxes of the specific filter parameters to refine your search. The parameter available are:

• TCP

• UDP

• ICMP

• IPV4

• IGMP

• GGP

• PUP

• IDP

• IPV6

• ICMPV6

• ND

7. Source IP: Selecting the 'Source IP' option displays two drop-down boxes and a set specific filter parameters that can be selected or deselected.

1. Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice.

2. Select 'IPv4' or 'IPv6' from the drop-down box.

3. Enter the source system's IP address that needs to be filtered.

8. Source Port: Selecting the 'Status' option displays a drop-down box and a set specific filter parameters that can be selected or deselected.

1. Select any one of the following option the drop-down box.

• Equal

• Greater than

• Greater than or Equal

• Less than

• Less than or Equal

• Not Equal

2. Now enter the source port number in the text entry field.

Note: More than one filter can be added in the 'Advanced Filter' pane. After adding one filter type, select the next filter type and click 'Add'. You can also remove a filter type by clicking the 'X' button at the top right of the filter pane.

• Click 'Apply' for the filters to be applied to the Firewall log viewer. Only those entries selected based on your set filter criteria will be displayed in the log viewer.

• For clearing all the filters, open 'Advanced Filter' pane and remove all the filters one-by-one by clicking the 'X' button at the top right of each filter pane and click 'Apply'.