Comodo Internet Security

• Introduction To Comodo Internet Security
  • Special Features
  • Download, Installation And Activation
  • Start Comodo Internet Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understand Security Alerts
• General Tasks – Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Scan A Folder
      • Scan A File
      • Create, Schedule And Run A Custom Scan
  • Secure Shopping Settings
  • Manage Virus Database And Program Updates
  • Get Live Support
  • Manage Blocked Items
  • Instantly Scan Files And Folders
  • Process Infected Files
• Firewall Tasks - Introduction
  • Configure Internet Access Rights For Applications
  • Manage Network Connections
  • Stop All Network Activities
  • Stealth Your Computer Ports
  • View Active Internet Connections
• Containment Tasks - Introduction
  • Run An Application In The Container
  • Reset The Container
  • Identify And Kill Unsafe Running Processes
  • View Active Process List
  • The Virtual Desktop
    • Start The Virtual Desktop
    • The Main Interface
    • Run Browsers Inside The Virtual Desktop
    • Open Files And Run Applications Inside The Virtual Desktop
    • Configure The Virtual Desktop
    • Close The Virtual Desktop
• Advanced Tasks – Introduction
  • Create A Rescue Disk
    • Download And Burn Comodo Rescue Disk
  • Remove Deeply Hidden Malware
  • Manage CIS Tasks
  • Manage Quarantined Items
  • View CIS Logs
    • Antivirus Logs
    • VirusScope Logs
    • Firewall Logs
    • HIPS Logs
    • Containment Logs
    • Website Filtering Logs
    • Device Control Logs
    • Autorun Event Logs
    • Alerts Logs
    • CIS Tasks Logs
    • File List Changes Logs
    • Vendor List Changes Logs
    • Trusted Certificate Authority Change Logs
    • Configuration Change Logs
    • Secure Shopping Activity Logs
    • Search And Filter Logs
  • Submit Files For Analysis To Comodo
• CIS Settings
  • General Settings
    • Customize User Interface
    • Configure Program And Virus Database Updates
    • Log Settings
    • Manage CIS Configurations
      • Comodo Preset Configurations
      • Personal Configurations
  • Antivirus Configurations
    • Real-time Scan Settings
    • Scan Profiles
  • Firewall Configuration
    • General Firewall Settings
    • Application Rules
    • Global Rules
    • Firewall Rule Sets
    • Network Zones
      • Network Zones
      • Blocked Zones
    • Port Sets
  • HIPS Configuration
    • HIPS Settings
    • Active HIPS Rules
    • HIPS Rule Sets
    • Protected Objects
      • Protected Files
      • Blocked Files
      • Protected Registry Keys
      • Protected COM Interfaces
      • Protected Data Files And Folders
    • HIPS Groups
      • Registry Groups
      • COM Groups
  • Containment Configuration
    • Containment Settings
    • Auto-Containment Rules
    • Containment - An Overview
    • Unknown Files - The Scanning Processes
  • File Rating Configuration
    • File Rating Settings
    • File Groups
    • Submitted Files
  • Advanced Protection Configuration
    • VirusScope Settings
    • Scan Exclusions
    • Device Control Settings
    • Script Analysis Settings
    • Miscellaneous Settings
    • Comodo Secure Shopping
  • Website Filtering Configuration
    • Website Filtering Rules
    • Website Categories
• Comodo GeekBuddy
  • Download And Install GeekBuddy
  • Overview Of Services
  • Activation Of Service
  • Launch The Client And Use The Service
  • Accept Remote Desktop Requests
  • Uninstall Comodo GeekBuddy
• TrustConnect Overview
• Dragon Browser
• Comodo Backup
• Comodo Internet Security Essentials
  • What Is Comodo Internet Security Essentials
  • What Is A Man-in-the-middle Attack
  • How Does Comodo Internet Security Essentials Protect Me From A Man-in-the-middle Attack
  • What Is The Install Location Of Comodo Internet Security Essentials
  • How Do I Update CISE
  • Understand Alerts And Configure Exceptions
  • How Do I View CISE Help
  • How Do I View The Version Number And Release Notes
  • How Do I Remove Comodo Internet Security Essentials
• Appendix 1 CIS How To... Tutorials
  • Enable / Disable AV, Firewall, Auto-Containment, VirusScope And Website Filter Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Block/Allow Specific Websites To Specific Users
  • Set Up HIPS For Maximum Security And Usability
  • Create Rules To Auto-Contain Applications
  • Password Protect Your CIS Settings
  • Reset Forgotten Password (Advanced)
  • Run An Instant Antivirus Scan On Selected Items
  • Create An Antivirus Scan Schedule
  • Run Untrusted Programs In The Container
  • Run Browsers In The Container
  • Run Untrusted Programs In The Virtual Desktop
  • Run Browsers In The Virtual Desktop
  • Restore Incorrectly Blocked Items
  • Restore Incorrectly Quarantined Items
  • Submit Quarantined Items To Comodo For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Switch Between Complete CIS Suite And Individual Components (just AV Or FW)
  • Switch Off Automatic Antivirus And Software Updates
  • Suppress CIS Alerts Temporarily While Playing Games
  • Renew Or Upgrade Your License
  • Use CIS Protocol Handlers
  • Configure Secure Shopping
  • Comodo Cloud Backup
  • Give Contained Applications Write Access To Local Folders
  • Use The Comodo Uninstaller Tool
• Appendix 2 - Comodo Secure DNS Service
  • Router - Enable Comodo Secure DNS Service
  • Windows - Enable Comodo Secure DNS
• Appendix 3 - Glossary Of Terms
• Appendix 4 - CIS Versions
• About Comodo Security Solutions

Application Rules

Click 'Settings' > 'Firewall' > 'Application Rules'

• Application rules let you manage network access rights for specific applications.

• Whenever an application makes a request for network access, CIS allows or denies the request based on the ruleset applied to the application.

• Firewall rulesets are made up of one or more application rules. Each rule outlines an application's permissions regarding a specific type of traffic.

Rules and Rulesets Whenever an application makes a request for network access, CIS allows or denies the request based on the ruleset applied to the application. Firewall rulesets are made up of one or more application rules. Each rule outlines the application's permissions regarding a specific type of traffic.

Manage Application Rules

• Click 'Settings' on the CIS home screen

• Click 'Firewall' > 'Application Rules'
  

 

• Application - Programs or file groups for which a firewall ruleset has been created. In the case of file groups, all member applications will use the ruleset of the group.

• Click '+' next to the name to view the rules which apply to the application/group.

• Treat as – Name of the ruleset assigned to the application or group.
  

The controls above the table let you manage the rule sets:

• Add - Add a new application/application group then create a ruleset for it.

• Edit - Modify an application rule/ruleset.

• Remove - Delete the selected rule.

• Purge - Check that all applications mentioned in a ruleset are still installed at the paths specified. If not, the rule is removed from the list.

• Move Up and Move Down - Rules are prioritized top-to-bottom, with those at the top having the higher priority. The 'Move Up' and 'Move Down' buttons let you change the priority of a selected rule.

Predefined rulesets

• Although you could create a ruleset from the ground-up by configuring its individual rules, this practice would be time consuming if performed for every program on your system.

• For this reason, Comodo provide a selection of rulesets according to broad application category. For example, the 'Web Browser' ruleset is designed for applications like 'Internet Explorer', 'Firefox' and 'Chrome'.

• Each predefined ruleset optimizes security for a certain type of application. Users can, of course, modify these predefined rulesets to suit their environment and requirements. For more details, see Predefined Rule Sets.

Create a firewall ruleset

• Step 1 - Select the target application or group

• Step 2 - Configure the rules

Step 1 - Select the target application or group

• Click 'Settings' on the CIS home screen

• Click 'Firewall' > 'Application Rules'

• Click the 'Add' button

The 'Application Rule' interface appears:

• Click the 'Browse' button beside the 'Name' field:

 

There are three types of target you can add:

• File Groups - Apply the ruleset to a predefined file group. All members of the group are covered by the rule. See File Groups if you need help with file groups.

• Files - Apply the ruleset to a specific application.

• Running Processes - Apply the ruleset to an application by selecting its running process

Add a File Group

A file group is category of files or folders. For example, 'Executables', 'Media Players', or 'Important Files/Folders'. See File Groups more help with them.

• Choose 'File Groups' from the 'Browse' drop-down.

 

• Select a file group from the drop-down. The ruleset will apply to all executable files in the group.

• The next stage is Step 2 - Configure the rules for the selected file group.

Add an individual File

• Choose 'Files' from the 'Browse' drop-down:

 

• Navigate to the file you want to add as target and click 'Open'. The rule will apply only to the specific application.

• The next stage is Step 2 - Configure the rules for the selected application.

Add a currently running application by choosing its process

• Choose 'Running Processes' from the 'Browse' drop-down.

• Select the target process and click 'OK'. The parent application of the process will be added as the target.

The next stage is Step 2 - Configure the rules for the selected application.

Step 2 - Configure the rules in ruleset

There are two broad options available for creating a ruleset - Use a Predefined Ruleset or Use a Custom Ruleset.

Use Ruleset

• A ruleset is a collection of rules designed to implement optimum security on a specific type of application. You can manage and create rulesets in 'Settings' > 'Firewall Configuration' > 'Firewall Rule Sets'.

• Comodo provides a range of curated rulesets for popular types of application. These include 'Web browser', 'FTP client' and 'Email client'.

• The example below shows us applying the 'Web Browser' ruleset to the Opera browser:

Note: Predefined Rulesets, once chosen, cannot be modified directly  from this interface - they can only be modified and defined using the Rulesets interface. If you require the ability to add or modify rules for an application then you are effectively creating a new, custom ruleset and should choose the more flexible Use Custom Ruleset option instead.

• Use a Custom Ruleset - designed for more experienced users, the Custom Ruleset option enables full control over the configuration of firewall ruleset and the parameters of each rule within that ruleset (Default = Enabled).

• Select the 'Use custom ruleset' radio button

• Add - Create individual rules for the set. See 'Add and Edit a Firewall Rule' for an overview of the process.

• Copy From - Populate the list with the rules of a Predefined Firewall Rule. Edit/add/remove rules to create your custom ruleset.

Understand Firewall Rules

At their core, each firewall rule can be thought of as a simple IF THEN trigger - a set of conditions that a packet of data must meet, and an action that is taken if those conditions are met.

 

As a packet filtering firewall, Comodo firewall analyzes the attributes of everypacket of data that attempts to enter or leave your computer. Attributes of a packet include the application that is sending or receiving the packet, the protocol it is using, the direction in which it is traveling, the source and destination IP addresses and the ports it is attempting to traverse. The firewall then tries to find a firewall rule that matches all the conditional attributes of this packet in order to determine whether or not it should be allowed to proceed. If there is no corresponding firewall rule, then the connection is automatically blocked until a rule is created.

The actual conditions (attributes) you see* on a particular rule are determined by the protocol chosen in Add and Edit a Firewall Rule.

If you chose 'TCP' , 'UDP' or 'TCP and 'UDP', then the rule has the form: Action | Protocol | Direction | Source Address | Destination Address| Source Port|Destination Port

If you chose 'ICMP', then the rule has the form: Action | Protocol | Direction | Source Address | Destination Address| ICMP Details

If you chose 'IP', then the rule has the form: Action | Protocol | Direction | Source Address | Destination Address | IP Details

• Action: The action the firewall takes when the conditions of the rule are met. The rule shows 'Allow', 'Block' or 'Ask'.**

• Protocol: States the protocol that the target application must be attempting to use when sending or receiving packets of data. The rule shows 'TCP', 'UDP', 'TCP or UDP', 'ICMP' or 'IP'

• Direction: States the direction of traffic that the data packet must be attempting to negotiate. The rule shows 'In', 'Out' or 'In/Out'

• Source Address: The origin of the connection attempt. The rule shows 'From' followed by one of the following: IP , IP range, IP Mask , Network Zone, Host Name or Mac Address

• Destination Address: The target of the connection attempt. The rule shows 'To' followed by one of the following: IP, IP range, IP Mask, Network Zone, Host Name or Mac Address

• Source Port: The port number that the application is attempting to send through. Shows 'Where Source Port Is' followed by one of the following: 'Any', 'Port #', 'Port Range' or 'Port Set'

• Destination Port: Destination Port: The ports on the remote host that the application is trying to connect to. Shows 'Where Source Port Is' followed by one of the following: 'Any', 'Port #', 'Port Range' or 'Port Set'

• ICMP Details: The Internet Control Message Protocol (ICMP) message that must be detected to trigger the action. Only applies if the protocol is ICMP. See Add and Edit a Firewall Rule for details of available messages that can be displayed.

• IP Details: The type of internet protocol (IP) that must be detected to trigger the action. See Add and Edit a Firewall Rule to see the list of available IP protocols that can be displayed here.
  

Once a rule is applied, Comodo Firewall monitors all network traffic relating to the chosen application and takes the specified action if the conditions are met. See 'Global Rules' to understand the interaction between Application Rules and Global Rules.

*If you chose to add a descriptive name when creating the rule then this name is displayed here rather than it's full parameters. See the next section, 'Add and Edit a Firewall Rule', for more details.

**If you selected 'Log as a firewall event if this rule is fired' then the action is postfixed with 'Log'. (e.g. Block & Log)

Add and Edit a Firewall Rule

The firewall rule interface is used to configure the actions and conditions of an individual rules. If you are not an experienced firewall user or are unsure about the settings in this area, we advise you first gain some background knowledge by reading the sections 'Understand Firewall Rules', 'Overview of Rules and Policies' and 'Create and Modify Firewall Rulesets'.

General Settings

• Action: How the firewall should respond when the conditions of the rule are met. Options available via the drop down menu are 'Allow' (Default), 'Block' or 'Ask'.

• Protocol: Specify which connection method the data packet should be using. Options available via the drop down menu are 'TCP', 'UDP', 'TCPor UDP' (Default), 'ICMP' or 'IP'.

Note: Your choice here alters the choices available to you in the tab structure on the lower half of the interface.

• Direction: Specify whether the traffic should be inbound or outbound. Options available via the drop down menu are 'In', 'Out' or 'In/Out' (Default).

• Log as a firewall event if this rule is fired: Checking this option creates an entry in the firewall event log viewer whenever this rule is called into operation. (i.e. when ALL conditions have been met) (Default = Disabled).
  

• Description: Enter a friendly name for the rule. For example, 'Allow Outgoing HTTP requests'. The friendly name is shown in the 'Application Rules' interface.

Protocol

i. TCP', 'UPD' or 'TCP or UDP'

If you select 'TCP', 'UPD' or 'TCP or UDP' as the protocol, then you also have to set the source and destinations:

Source Address and Destination Address:

1. Any - Defaults to an IP range of 0.0.0.0- 255.255.255.255 to allow connection from all IP addresses.

2. Host Name - Choose a named host which denotes your IP address. Enter the name in the 'Host Name' text field

3. IPv4 Address Range – Choose all IP addresses covered by a range - for example a range in your private network.

• Enter the first and last IP addresses in the 'Start IP' and 'End IP' text boxes.

4. IPv4 Single Address - Choose a single IPv4 address

• Enter the IP address in the 'IP' text box, e.g., 192.168.200.113.

5. IPv4 Subnet mask - Choose an IPv4 network. IP networks can be divided into smaller networks called sub-networks (or subnets). An IP address/ Mask is a subnet defined by IP address and mask of the network.

• Enter the IP address and Mask of the network.

6. IPv6 Address Range - Choose all IPv6 addresses covered by a range - for example a segment in your private network

• Enter the first and last IPv6 addresses in the 'Start IP' and 'End IP' text boxes.

7. Single IPv6 Address - Choose an IPv6 address

• Enter the IP address in the 'IP' text box, e.g., 3ffe:1900:4545:3:200:f8ff:fe21:67cf.

8. IPv6 Subnet Mask – Choose a IPv6 network. IP networks can be divided into smaller networks called sub-networks (or subnets). An IP address/ Mask is a subnet defined by IP address and mask of the network.

• Enter the IP address and 'Mask' of the network in the respective fields

9. MAC Address - Choose a single source/destination by specifying its physical address

• Enter the physical address in the 'MAC Address' text box.

10. Network Zone - Choose an entire network. This menu defaults to Local Area Network. But you can also define your own zone by first creating a 'Network Zone' through the 'Network Zones' area.

• Exclude (i.e. NOT the choice below) – Applies the action to all items except the one you specify. For example, you create a block rule, specify an IP address, then select 'Exclude'. The rule will block traffic for every address except the one you specified.

Source Port and Destination Port:

 

1. Any - Apply the rule to any port number - set by default, 0-65535.

2. A Single Port - Specify a one port number

• Enter the single port number in the 'Port' drop-down combo-box .

3. A Port Range - Specify a set of ports covered by a range.

• Enter the first port number and last port number in the respective fields

4. A Set of Ports - Choose a predefined Port Sets. If you wish to create a custom port set then please see the section 'Port Sets'.

2. ICMP

When you select ICMP as the protocol in General Settings, you are shown a list of ICMP message types in the 'ICMP Details' tab alongside the Destination Address tabs. The last two tabs are configured identically to the explanation above. You cannot see the source and destination port tabs.

• ICMP Details

ICMP (Internet Control Message Protocol) packets contain error and control information which is used to announce network errors, network congestion, timeouts, and to assist in troubleshooting. It is used mainly for performing traces and pings. Pinging is frequently used to perform a quick test before attempting to initiate communications. If you are using or have used a peer-to-peer file-sharing program, you might find yourself being pinged a lot. So you can create rules to allow / block specific types of ping requests. With Comodo Firewall you can create rules to allow/ deny inbound ICMP packets that provide you with information and minimize security risk.

1. 'Source' and 'Destination' addresses - Enter the source/ destination IP address. Source IP is the IP address from which the traffic originated and destination IP is the IP address of the computer that is receiving packets of information.

2. Type - Choose the ICMP version.

3. Message - Specify the type of the ICMP Message. When you select a particular ICMP message, the menu defaults to set its code and type as well. If you select the ICMP message type 'Custom' then you are asked to specify the code and type.

3. IP

When you select IP as the protocol in General Settings, you are shown a list of IP message type in the 'IP Details' tab alongside the Source Address and Destination Address tabs. The last two tabs are configured identically to the explanation above. You cannot see the source and destination port tabs.

• IP Details

Select the types of IP protocol that you wish to allow, from the ones that are listed.

 

• Click 'OK' to add the firewall rule

• Repeat the process to add more firewall rules

• Click 'OK' in the 'Advanced Settings' interface for your firewall rules to take effect.