comodo personal firewall

Comodo Firewall

Comodo Firewall Pro is a well-known and trusted software firewall. It is free for personal use. The firewall will help

protect your computer from unauthorised connections to and from the Internet.

Homepage

www.personalfirewall.comodo.com

Computer Requirements

Windows 2000/XP

/2003/Vista

Administrator rights required

for installation

Version used in this guide

2.4.18 (English v3.5 also

available)

Installing Comodo

Follow any program-specific directions in theGuideIf there are none, simply click the link belowand choose a location to save the installerFind the installer on your computer anddouble-click it

Comodo:

License

Freeware

Required Reading:

How-to Booklet chapter 1. Protecting your Computer from Viruses, Malware and Hackers

Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced

Time required to start using this tool: 60 minutes

What you will get in return:

The ability to effectively and efficiently protect your computer and network security from hostile parties, Internet

hackers, malware, viruses and other software or system threats

The ability to control all requests made by programs residing on your computer when accessing the Internet,

through an easily configurable software interface

1.1 Things you should know about this tool before you start

What is a firewall?

A firewall is like a doorman or guard for your computer. It has a set of rules about what information should be let in and

what information should be let out of your computer. Your firewall is the first program that receives and analyses

incoming information from the Internet and the last program that scans outgoing information to the Internet.

Why do I need it?

To prevent hackers or other intruders from accessing personal information stored on your computer. To prevent

malware programs from sending information to the Internet without your authorisation. Comodo Firewall Pro is a

well-known and respected firewall software. It is free software, which means you can use it without purchasing a

license. In recent tests, it was actually found to perform better than other, subscription-based firewall software.

Will it work for me?

It will take some getting used to. Running a custom firewall program may require devoting considerable time and effort at

the beginning to making sure all the settings are correct and suited to the way you use your computer. After an initial

learning period, the firewall will work seamlessly, requiring minimal intervention on your part.

Warning!: Never access the Internet without a firewall installed and running on your computer! Even if your Internet

modem or router has its own firewall, it is strongly recommended that you have one installed on your computer as well.

How to Start Comodo Firewall Pro

Important: While you are installing Comodo Firewall Pro, you will be asked on the screen if you have "any other third

party personal firewall installed". You should only use one firewall program on your computer at a time. If you are using

Comodo Firewall 06/03/2009 01:21

http://en.security.ngoinabox.org/book/export/html/162 1 of 16

another firewall on your computer, it must be uninstalled before you can install Comodo Firewall Pro.

Note: Windows XP Professional Edition (Service Pack 2 & higher) automatically enables the Windows Firewall.

Comodo Firewall Pro will usually prompt you to disable the firewall automatically. If it does not, you can manually disable

the Windows Firewall by performing the following steps:

Step 1. Select: Start > Control Panel > Windows Firewall to activate the following screen:

Figure 1: The Windows Firewall screen

Step 2. Check the Off (not recommended) option.

Step 3. Click: to disable the Windows Firewall.

2.1 How to Grant or Deny Access

After you have installed Comodo Firewall Pro, it will prompt you to set access permissions or rights that control how

different programs residing on your computer access the Internet. Generally, valid requests should be allowed and

malicious ones denied; however, it may require a little experience to tell the difference between a valid and a malicious

request.

Each time a request is made, a Security Alert screen resembling the following appears:



Figure 2: An example of a Comodo Firewall Pro Security Alert screen

Note: A firewall is a program designed to protect your computer from hackers and malicious software. Both of these can

access your computer directly or try to send information from your computer to a third party. Therefore, a new firewall

must 'learn' which programs are 'good' and permit access to them, while remaining closed to all rogue software and

processes on your computer. You will need to investigate all new access requests and decide whether to allow or deny

access to them.

Important: You must read the information displayed in the Application and Parent items in the Details section of theSecurity Alert screen. Note that:

The Application seeks access to the InternetThe Parent is the program executing the request to launch the application

Typically, only a few programs will be displayed in the Application field. These may include your Internet browser, emailclient and instant messaging software, among others. You may recognise many of these applications just by their

names. The Parent request, though not always present, could come from a number of different sources, some legitimate

but others malicious.

Figure 3: A Security Alert screen featuring a Generic Host Process for Win32 Services request

Example: In Figure 3, the Application program is svchost.exe and the Parent is services.exe. The SecurityConsiderations pane details which program is requesting access through the Parent and the Application. In this case, a



valid program, called Windows Explorer, is requesting access to the Internet. This is probably one of the first SecurityAlert screens you will receive after you have installed Comodo Firewall Pro and rebooted your computer.

Important: Some tricky viruses can skilfully imitate a valid Windows application. There is no easy way to distinguish

them from real access requests. You must be extremely careful when downloading anything from the Internet, andregularly scan your computer for viruses and malware.

Note: Usually, all valid access requests will reflect some action on your part. For instance, when you launch a new

program for the first time, the firewall will prompt you to specify access permissions or rights. This may also happen

when you install or uninstall software. It might take a little bit of getting used to, but soon the firewall will 'learn' and

accept your choices, and these messages will stop appearing.

Figure 4: A typical Security Alert screen featuring a KeePass access request

At other times, Comodo Firewall Pro could present you with a slightly different message. In example above, the

Keepass Password Safe program is trying to use the Firefox browser to gain access to the Internet. Since KeePass is

a valid program that was previously installed on the computer, we can allow its access request.

Tip: Click: in the Details section of this Security Alert screen to reveal information about this process.



Figure 5: The Application Details screen

Figure 6: The Application Details screen in Parent Mode

Alternatively, researching these process names on the Internet may reveal information about their behaviour and

purpose.

If your research indicates that it may be a virus, or you cannot trace the origin of the message, click:

Important: It is best to be on the safe side and deny requests you cannot identify. If this causes a normal program to

stop functioning correctly, you can allow the process next time the firewall queries you. Being strict about restricting

processes is the best approach to computer security.

If you are satisfied that it is a legitimate access request, click:

Note: Sometimes, the same program may attempt to access the Internet in many different ways, some previously

invisible to you. Do not be alarmed if you are repeatedly prompted to grant access to the same program. After Comodo

Firewall Pro has been in operation for a week or so, most of the Security Alert messages will stop appearing.

Here is an example of a malicious tool requesting access to the Internet through Internet Explorer:

Figure 7: A Security Alert screen featuring a malicious request from Wallbreaker.exe

Step 1. Click: if the Parent name looks dubious, and seems unrelated to any software you have installed on thecomputer.

This will reveal its true origin and information about it as follows:



Figure 8: The Application Details screen in Parent Mode for Wallbreaker.exe

Although little is known about this application, a Google search for wallbreaker.exe may reveal its real purpose.

Step 2. Click the Deny button, then scan your computer with an anti-virus and anti-spyware program like Spybot.

Tip: Check the Remember my answer for this application option so that Comodo Firewall Pro will 'remember' thisdecision, and this particular message should not reappear in the future.

Sometimes you may not recognise the name of a program. Often, there may be software on the computer which you've

forgotten was there, or which you did not install yourself. Maybe somebody else using the computer put the program on

and it could be valid, or maybe it's malware (malicious software). These are the ones we need to investigate. Don't

worry, once you've done this process of checking which programs to allow once, you don't have to do it again. After a

few days, you'll rarely see any of these messages.

Tip: Denying an Internet access request implies that you consider that program or process to be a virus or malware.

You must keep your anti-virus and anti-malware software up-to-date, and frequently scan your system for them,

especially after you have received suspicious firewall requests.

Advanced Settings and Troubleshooting Tips

Comodo Firewall Pro offers an extensive control panel with numerous customisable features and options. This section

covers options directly related to getting the firewall up and running, as well as some quick tips for troubleshooting.

Tip: Click: to access extensive documentation about Comodo Firewall Pro.

3.1 How to View the Summary screen

Step 1. Select: Start > Programs > Comodo > Firewall > Comodo Firewall Pro to activate its main screen as

follows:



Figure 9: The Comodo Firewall Pro main screen in Summary view

The Summary view displays the general information about Comodo Firewall Pro. It shows which program features arerunning, the network settings, traffic information and the Computer Security Level, and other kinds of information.

Important: The Computer Security Level is set at Custom by default. This mode lets you apply your configurationsettings and different access permissions for all new programs.

Troubleshooting Tip: If you have installed Comodo Firewall Pro, and find that you have suddenly lost Internet access

or any network connection, drag the Computer Security Level lever to the Allow All setting. This will make the firewallinactive, and all previous connections should be restored. However, the Allow All setting is only used to test access toservices. Do not leave this setting on after you have regained all your network connections and Internet access!

3.2 How to Set Access Rules

This section will help you to learn more about setting access rules and permissions in Comodo Firewall Pro.

Step 1. Click: to activate the Comodo Firewall Pro main screen in Security mode as follows:



Figure 10: The Comodo Firewall Pro in Security mode. To stop receiving any firewall access messages for a particularprogram by granting it full access rights:

Step 2. Click the Define a new Trusted Application option to activate the following screen:

Figure 11: The Trusted Application confirmation screen

Step 3. Click: to choose the application (and its path) that you want to set as a trusted application.

In the example above, the Firefox.exe file is selected. This means the firewall will now allow all requests for Firefox toaccess your computer and the Internet.

Note: However, this does not mean that Comodo Firewall Pro will allow just any program to access the Internet throughFirefox. You will have to configure them on an individual, per program basis.



Step 4. Click:

To view all programs with existing permission rules:

Step 5. Click: to activate the following screen:

Figure 12: The Comodo Firewall Pro in Application Monitor mode screen

The Application Monitor screen displays access permissions you have previously defined for different programs. Eachinstance relates to a process within a particular program that requires access to your incoming or outgoing Internet

connection.

To manage your program access perform the following steps:

Step 1. Double-click on any of the listed processes to activate a screen displaying its permissions.

Step 2. Click the Add, Edit or Remove buttons in the top right-hand corner of the Application Control Rules pane torespectively add, edit or remove program access permissions.

Step 3. Click: to locate the file path of the executable program and then add it to this list.



Figure 13: The Application Control Rule screen

3.3 How to Set Access Rules (Advanced Users Only)

This section is intended for advanced users. It lets you refine your firewall permission settings, by letting you specify IP

address, direction of connection and other options.

In the previous example, all activities for Firefox are allowed. However, to set more specific control rules, perform thefollowing step:

Step 1. Check the Apply the following criteria option beneath the Application / Parent Application section as follows:



Figure 14: The Application Control Rule screen

Step 2. Select an access permission from the Action drop-down list.

Step 3. Select a protocol type from the Protocol drop-down list.

Step 4. Select a connection direction from the Direction drop-down list.

3.4 How to Add Permissions for Your Office Network

By default, Comodo Firewall Pro automatically blocks access to your computer from the office network. It may also

block any requests your computer sends out to the network. This could result in loss of network services, such as

Internet access, printing, document sharing, and other services. You must configure Comodo Firewall so that it will

detect that you are working in a network environment, and to permit you to access that network.

Important: Before setting up special requirements for the office network, make sure you are connected to it!

Step 1. Click: in the Comodo Firewall Pro screen.

Step 2. Click: to activate the Trusted Network Zone Wizard to configureparticular settings for your network.

The Trusted Network Zone Wizard is comprised of four screens, and they resemble Figure 15 and Figure 16.



Figure 15: The Trusted Network Zone Wizard Welcome screen

Step 3. Click:

Figure 16: The Trusted Network Zone Wizard screen for selecting a Zone

Step 4. Select the network connection for your office. Usually, this is your LAN/Ethernet card.

Step 5. Click:

Comodo Firewall Pro will automatically detect the network settings and create special permissions for it.

Step 6. Click:

Step 7. Click: to verify these and other special permission settings.



Figure 17: The Comodo Firewall Pro main screen in Network Monitor mode

To specify that you want the firewall to permit access to another particular network resource (another printer or router)

or to a computer outside your network, then on the above screen:

Step 8. Click: to activate the Network Control Rule screen as follows:



Figure 18: The Network Control Rule screen

In this screen, you can set exceptions for Comodo Firewall Pro so that you can access different network resources (a

printer or router, for instance), or a computer outside your network.

The example above gives the computer or device operating under the address of 192.168.234.234 access to your

computer.

Step 9. Click:

Important: Consult your network administrator to find out about other necessary permissions for your firewall.

3.5 How to View the Activity Log

Comodo Firewall Pro maintains a log of all inbound and outbound activity for the last 30 days. This can help you detect

both malware that is trying to connect to the network from your computer and intruders who are attempting to gain

access to your computer.

Step 1. Click: and to view the logs as follows:



Figure 19: The Comodo Firewall Pro main screen in the Logs view

Here you can view all inbound and outbound access reports collected by Comodo Firewall Pro, including the time of

occurrence as well as the destination and source IP of the event. You can also set the maximum size for the collected

log (as it can quickly get quite large).

Programs on your computer are consistently trying to contact an Internet site; this does not mean they are malicious:

many such programs were simply written that way. Comodo Firewall Pro will eventually stop these unnecessary

attempts. Do not be too alarmed by the number of events that appear in the logs!

Warning! Many computers are constantly trying to gain access to your computer through the Internet; this does not

always mean that a dedicated hacker is trying to access your computer. However, it could be the result of malicious

software designed to detect the few computers that are still vulnerable. If that software detects that a computer does

not have a functioning firewall, it may plant a virus, trojan or some other malware on it. Such software is regularly

used by Internet hackers.

FAQ and Review

Once Salima and Muhindo had figured out what Comodo Firewall Pro does, it was easy enough to use, since most of

the time it just sits in the background working away on its own.

However, they still want to know:

Q: If I don't have a firewall, can you tell me a bit more about the threats I'd face? What are the different kinds ofprograms that can get onto my computer and what do they do?

A: There are literally thousands of different programs that could enter your computer from the Internet, if it operateswithout a firewall. There are even Internet 'spiders' that roam all possible addresses looking for computers without afunctioning firewall, then reporting this address to the people interested in computer hacking.



Q: If Comodo keeps out all these programs, why do I also need an anti-virus program and an anti-spyware program?

A: A firewall works to specifically restrict access to and from the Internet. It prevents a program or hacker from gettinginto our computer but cannot protect you from malware that you might download through email, Web pages, or externaldisks. Anti-virus and anti-spyware programs exist to prevent infection where the firewall cannot. And, of course, thesetools can often remove malware that is already installed on your computer.

Q: Are there any kinds of malware I need to watch out for which look like Windows programs (or other friendlyprograms), but which are actually malware?

A: Unfortunately, there are many such programs. You need to be extra careful about the origins of any software thatyou download or install. You should not install any software that is not absolutely relevant and necessary to your work,especially on computers that hold a lot of your sensitive data.

Q: How good is Comodo at keeping out hackers?

A: Comodo Firewall Pro is just as good as many other software firewalls out there. The Comodo company is wellknown in security and Internet authority circles. It is offered free of charge to the individual user and its staff areresponsive to user queries.

4.1 Questions with which to test yourself after completing the guide

Why do I need to install a firewall?

How does it work?

Can I use more than one firewall at once?

How do I check to see whether a program I'm unfamiliar with is safe to allow onto my computer?



comodo personal firewall

Documents