Comodo Help
Find the desired product help
Comodo Dome Firewall

Comodo Dome Firewall

Dome Firewall Virtual Appliance Admin Guide

English

Print Help Download Help
Configure DFW Virtual Appliance Services And Protection Settings > Advanced Threat Protection
  • Introduction To Comodo Dome Firewall - Virtual Appliance
    • Install Dome Firewall And Login To The Administrative Console
  • The Main Interface
  • The Dashboard
  • View And Modify System Status And General Configuration
    • Manage Admin Accounts
      • Add And Manage Administrators
      • Manage Administrative Roles
    • License Activation
    • SNMP Settings
    • Central Management
    • Configure SSH Access
    • High Availability
    • View And Update Firmware Version
    • Create And Schedule Backup Of DFW State
      • Manually Create A Backup
      • Schedule Backup Operations
      • Encrypt Backup Archives
      • Export A Backup
      • Import A Backup Archive From A Local Computer
      • Roll Back The Virtual Appliance To A Previous Time Point
      • Reset The Virtual Appliance To Factory Defaults
    • Shutdown Or Restart The Dome Firewall Virtual Appliance
  • View DFW Virtual Appliance Status
    • System Status
    • Network Status
    • System Usage Summaries
    • Network Traffic
    • Network Connections
    • SSLVPN Connections
  • Network Configuration
    • Configure Interface Devices, Uplinks And VLANs
      • Configure Interface Devices
      • Add And Manage Gateway Uplink Devices
      • Create VLANs
    • Routes
      • Add And Manage Static Routes
      • Add And Manage Policy Routing Rules
  • Configure DFW Virtual Appliance Services And Protection Settings
    • DHCP Server
    • Advanced Threat Protection
      • Manage The ATP Profiles
      • Comodo Antivirus
    • Time Server
    • Intrusion Prevention
      • Configure Intrusion Prevention System
      • Manage IPS Rulesets
      • Manage Application Identification Rulesets
    • Configure Wireless Hotspot
      • Configure Captive Portal Service
      • Customize The Login Page
      • Add And Manage Permanent Users
    • Internet Content Adaptation Protocol
    • Quality Of Service
  • Manage Firewall Configuration
    • Firewall Objects
      • Manage Firewall Address Objects
      • Manage Firewall Object Groups
      • Manage Firewall Schedules
      • Active Directory Integration
    • Destination Network Address Translation
    • Source Network Address Translation
    • Configure System Access
    • Configure Firewall Policy Rules
      • Manage Firewall Policy Rules
      • Manage VPN Firewall Rules
  • Configure Proxy Services
    • HTTP/HTTPS Proxy Server
      • Configure URL And Content Filtering
      • HTTPS Proxy
  • Configure Virtual Private Network Settings
    • SSL VPN Server
      • Configure General SSL VPN Server Settings
      • Manage SSL VPN Client Accounts
      • Configure Advanced SSL VPN Server Settings
      • Configure Clients To Connect To Dome Firewall
    • IPsec Configuration
    • Configure L2TP Server
    • Configure IPSec/L2TP Users
  • View Logs
    • Realtime Logs
    • Configure Log Settings
    • Generate Reports
  • Appendix - Minimum Requirements For Software Installations

Advanced Threat Protection

 

  • Click 'Services' > 'Advanced Threat Protection' in the left-menu to access this interface
  • Advanced Threat Protection (ATP) safeguards your network against malware, hack attempts, data breaches and more.
  • ATP intercepts files downloaded from websites or email attachments and uses a combination of antivirus scans, behavior analysis and blacklist checks to quickly and accurately threats.
  • Application containment protects your endpoints from unknown threats. Unknown threats are those that have not yet been identified as malware by the antivirus industry. If enabled, all files with an 'Unknown' trust rating will be run in an isolated sandbox on your endpoints. This prevents them from modifying other processes, stealing user data or otherwise infecting the local machine.
  • The settings you save in the profile section will be applied to all rules in your firewall policy that have 'Advanced Threat Protection' enabled.

ATP uses the following techniques to analyze the files:

  • Comodo Antivirus – Continuously updated antivirus scanner which provides dependable protection against known malicious files.
  • Comodo Automated Malware Analysis (CAMAS) – A cloud based behavior analysis service which improves detection of zero-day threats by rigorously testing the run-time actions of unknown files.

Based on the analysis files are identified as:

  • Safe – Files identified as known good files from the whitelist/clean/safe are allowed to be downloaded at the endpoint
  • Threats – Files identified as known bad from the blacklist/malicious/threats are blocked and a warning is displayed at the endpoint
  • Unknown – Files that could not be identified are classified as 'Unknown'. These files are subjected to containment technology - meaning the files are wrapped and forwarded to the endpoint. Upon execution, the file is made to run in a isolated sandbox environment at the endpoint, whereby it is not allowed to modify other processes running on the endpoint nor access user data. This ensures the download is secure because it is not possible for the file to infect the endpoint, even if it transpires to be malicious. Please note that containment for unknown applications are only applied to Windows endpoints.

    Note: Containment for Unknown Applications are only applied to Windows endpoints.


    ATP automatically creates whitelist and blacklist of domains based on malware analysis of the files accessed by them and also allows the administrators to manually add domains to these lists.

     

    The Advanced Threat Protection interface allows the administrator to create and manage the profile for ATP which can be applied for web protection Firewall Policy rules. Application containment can only be used with Full License of Dome Firewall Virtual Appliance.


    To access the Advanced Threat Protection interface, click 'Services' > 'Advanced Threat Protection' from the left hand side navigation.




    The interface contains two tabs:

    • Profiles – Define the file scan type, application containment settings and domains which should not be monitored by the ATP technologies. The settings you choose here will be applied to all rules in your firewall policy which have 'Advanced Threat Protection' enabled. See Manage ATP profiles for more details.
    • Scan Type - Allows the administrator to view the engine setting for anti-malware analysis. Currently only 'Valkyrie' is available.

    • Comodo AV Settings – Allows the administrator to configure the AV engine and schedule AV scans. See Comodo Antivirus for more details.

    Our Products
    • Free Antivirus
    • Free Internet Security
    • Website Malware Removal
    • Free Anti-Malware
    • Anti-Spam (Free Trial)
    • Windows Antivirus
    • Antivirus for Windows 7
    • Antivirus for Windows 8
    • Antivirus for Windows 10
    • Antivirus for MAC
    • Antivirus for Linux
    • Free Endpoint Security
    • Free ModSecurity
    • Free RMM
    • Free Website Malware Scanner
    • Free Device Manager for Android
    • Free Demo
    • Network Security
    • Endpoint Protection
    • Antivirus for Android
    • Comodo Antivirus
    • Wordpress Security
    Cheap CDN
    • Bootstrap CDN
    • Semantic UI CDN
    • Jquery CDN
    • CDN Plans
    • CDN
    • Free CDN
    Enterprise
    • Patch Management Software
    • Patch Manager
    • Service Desk
    • Website Down
    • Endpoint Protection Solutions
    • Website Security Check
    • Remote Monitoring and Management
    • Website Security
    • Device Manager
    • ITSM
    • CRM
    • MSP
    • Android Device Manager
    • MDR Services
    • EDR Services
    • Ransomware Prevention
    • Managed IT Support Services
    • EDR
    Free SSL Certificate
    Support Partners Terms and Conditions Privacy Policy

    © Comodo Group, Inc. 2023. All rights reserved.