Configuring CIS (Defense+ ON) without smashing your head on the wall

Discussion in 'Security and Viruses' started by safeguy, Sep 20, 2010.

  1. safeguy
    Offline

    safeguy Distinguished Member

    Joined:
    Jul 3, 2009
    Messages:
    5,634
    Trophy Points:
    268
    Ratings:
    +1 / 0 / -0
    It'd be good beforehand to read (or skim) through this in order not to get 'lost' especially if you're new to CIS:

    Introduction to Comodo Internet Security

    Principles behind this setup/approach:

    This configuration assumes that you have made sure that your PC is clean and malware-free. And that you'll be trading in a portion of "maximum possible security" for "convenience" and "less pop-ups".

    Basic motivation behind this decision is that more pop-ups doesn't necessarily mean more security in day-to-day usage as it tends to lead users to a habit of allowing each prompts - thereby defeating the purpose of using a HIPS and leads to a false sense of security.

    It's also recommended to use this approach with other security layers such as LUA, SRP, anti-executable, behavior blocker, sandboxie, etc....especially if you are going to disable certain components and replace it with something else that's favorable to you.

    Installation:

    1. During installation, you can select either to install the entire Comodo Internet Security suite (includes antivirus, firewall, Defense+, sandbox, etc) or without the antivirus component. You've got to decide for yourself on this matter.

    2. After installation, make sure that you disable Windows built-in Firewall as it's NOT automatically turned off by default. Or you can do so prior to installation of CIS itself but make sure that you disconnect from the internet.

    3. Check that Comodo individual components are set as such:

    [​IMG]

    Antivirus Security Level - "Stateful"
    Firewall Security Level - "Safe Mode"
    Defense+ Security Level - "Safe Mode"
    Sandbox - "Enabled"

    Or in other words, change the default configuration to "Proactive Security". (Right-click on the icon in the taskbar, go to "Configuration", then select "Proactive Security")

    General Configuration:

    I'd be skipping the AV component for now since I find the default setting fine. Anyone who needs further information can refer to this:

    Comodo Help: Antivirus Tasks - Introduction

    1. Configuring Firewall

    Open the main GUI and go to the Firewall tab.

    a) Select "Stealth Ports Wizard".

    [​IMG]

    Choose the middle option, which reads "Alert me to incoming connections and make my ports stealth on a per-case basis" and click finish. You can choose among the other 2 options too but this option makes it easier for you allow an incoming connection request when needed without having to set up rules beforehand.

    b) Select "Firewall Behavior Settings".

    [​IMG]

    i) Under General Settings, change the 'Keep an alert on the screen for (seconds)' from 120 to something longer. e.g 180. This gives you more time to evaluate, do a search online, etc before you approve/deny an access.

    ii) Under Alert Settings, depending on whether you are using your PC for Internet Connection Sharing (ICS) - you've got to check/uncheck the box that states "This computer is an internet connection gateway (i.e. an ICS Server)".

    2. Configuring Defense+

    Open the main GUI and go to the Defense+ tab.

    a) Select "Defense+ Settings"

    [​IMG]

    i) Under General Settings, change the 'Keep an alert on the screen for (seconds)' from 120 to something longer. e.g 180. This gives you more time to evaluate, do a search online, etc before you approve/deny an access.

    ii) Under Monitoring Settings, you can either max out on the available options by checking all of them (and thereby increasing the number of pop-ups) or un-checking a few which you may not need (and thereby trading 'security' for convenience and less pop-ups)...

    See this to help you make the right choices:

    Comodo Help - Monitoring Settings

    If you're still unsure, then let the default settings be the way it is and see how you'd be coping with the alerts/prompts you get from Defense+. If you see *too many alerts* from a particular type of activity/object and if's something that you don't consider as a matter which you'd want to be alerted upon, then you can choose to disable that particular option.

    Or you can also make your own custom pre-defined policies which would ask/block/allow for each access rights. (Defense+ tab in the main GUI>Computer Security Policy>Predefined Policies)

    [​IMG]

    3. Configuring Sandbox

    Open the main GUI and go to the Defense+ tab.

    a) Select "Defense+ Settings"

    i) Under Sandbox settings

    Customize Sandbox settings as you deem fit.

    See this:
    Comodo Help - Sandbox Settings

    White-list trusted programs to minimize pop-ups/alerts/prompts

    There are various ways to approach this:

    1) Set your Defense+ Security Level - "Training Mode" and run all your applications. This is the *least secure* way to do it as you would not receive any popups because every action is learned and assumed 'safe'/'trusted'. Only recommended when are 100% sure you have a clean computer and you're not doing anything risky on your PC during the training period. And remember to set it back to another *more secure* level when you're done with your training.

    2) Set your Defense+ Security Level - "Clean PC Mode" and run all your applications that you know are safe but take note that "All executable files in the fixed drives are assumed safe". You won't receive any annoying popups but all files that are not assumed safe would go to "Unrecognized Files" (under the Defense+ tab in the main GUI) Select all the safe and trusted files, and click "Move to: My Own Safe Files". Click on "Purge" to remove useless entries.

    3) Set your Defense+ Security Level - "Safe Mode" and run all your applications that you know are safe. You would receive pop-ups which would then require you to "Treat this application as: Trusted Application".

    4) Manually adding known safe/trusted files to "My Trusted Files" (under the Defense+ tab in the main GUI)

    5) Manually adding known safe/trusted software vendors to "My Trusted Software Vendors" (Defense+ tab in the main GUI>Computer Security Policy>Trusted Software Vendor)

    Reduce alerts during future installation of setup files

    When running a trusted setup file/installer, check the option to "Treat this application as: Installer or Updater" or "Treat this application as: Trusted Application" on the pop-up/alert. Take note though that by doing so, you would be allowing the installer unrestricted access to your system.

    As stated earlier on, you can also make your own custom pre-defined policies for running executable/installers which would ask/block/allow for each access rights. (Defense+ tab in the main GUI>Computer Security Policy>Predefined Policies)

    I'll be editing this post as I find out more on CIS settings and if I can make it 'quieter' without sacrificing much 'maximum security possible' out of Defense+. And credits to other tutorials/guides that's available on the web - I took some ideas/words from there. Pictures are courtesy of Comodo's servers.:p
    Last edited: Sep 20, 2010
  2. Guest Ads
    Online

    Google King of the Internet

  3. akhil
    Offline

    akhil Member

    Joined:
    Jun 8, 2010
    Messages:
    41
    Trophy Points:
    9
    Ratings:
    +0 / 0 / -0
    hello safeguy,
    i find default setting of firewall more user friendly as incoming connections are not alerted and blocked which is in what an average user needs. antivirus real time shield also can be made to have high heuristics this will make av more proactive
    thanks
  4. Ande
    Offline

    Ande Experienced Member

    Joined:
    Feb 16, 2010
    Messages:
    1,230
    Trophy Points:
    106
    Ratings:
    +0 / 0 / -0
    Very good, safeguy. Why don't you make it a sticky, so it doesn't disappear over time?
  5. sujay
    Offline

    sujay Prominent Member

    Joined:
    Feb 23, 2010
    Messages:
    3,504
    Trophy Points:
    168
    Ratings:
    +14 / 0 / -0
    Nice one Loverboy...;)
  6. noaccount
    Offline

    noaccount Prominent Member

    Joined:
    Sep 19, 2009
    Messages:
    2,030
    Trophy Points:
    166
    Ratings:
    +0 / 0 / -0
    Meh... this is old CIS with new GUI - i wonder if anyone is adventurous enough to install AV ?
  7. Boyfriend
    Offline

    Boyfriend Prominent Member

    Joined:
    May 15, 2010
    Messages:
    3,249
    Trophy Points:
    166
    Ratings:
    +0 / 0 / -0
    Thanks safeguy for this wonderful guide + links :) I am always curious to try Comodo (in VM :p) to check their working procedures for maximum protection with least annoyance. You guide will be very useful for me.
    Regards
  8. leofelix
    Offline

    leofelix Distinguished Member

    Joined:
    Dec 27, 2008
    Messages:
    5,812
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    Thank you Safeguy

    Very, very bad
    Last edited: Sep 20, 2010
  9. Neo
    Offline

    Neo Experienced Member

    Joined:
    Jun 19, 2010
    Messages:
    1,557
    Trophy Points:
    106
    Ratings:
    +2 / 0 / -0
    thx safeguy for tutorial
    very helpful for me as i was thinking of checking CIS

    but after this it even made me bit sceptic and nervous... this looks like CIS is not silent and pop up are very common
    so u have to compromise either pop up or security ??
    this is not case with other suites i guess
  10. JayCub
    Offline

    JayCub Prominent Member

    Joined:
    May 6, 2010
    Messages:
    4,908
    Trophy Points:
    166
    Ratings:
    +0 / 0 / -0
    Thank you safe guy i think i will install the Comodo Internet security suite and test it out, a full install as i spent quite some time on the forums before, as i had bullguard for a year, i haven't bothered with it, Thank you for the updates, i was thinking of trying this out last time it was mentioned on the forum.

    CAV was put on the backburner for quite sometime as they pushed towards perfecting the firewall, as i was searching for an alternative when Vista was first introduced, and to see that windows firewall is not turned off when installing is a dissapointment as it was mentioned on the forums, security center didn't recognise the Comodo firewall and you had to tell the security center that you had a firewall that you would monitor yourself..should have been sorted by now..
    CAV's i will try for awhile, but do i have complete faith in it ...err no
    Last edited: Sep 20, 2010
  11. LunarWolf
    Offline

    LunarWolf Prominent Member

    Joined:
    Jan 15, 2009
    Messages:
    2,144
    Trophy Points:
    166
    Ratings:
    +0 / 0 / -0
    The popups are lesser already compare to version 3 and 4. Try Online Armor free. I think you will love it.

    [/COLOR]
    Learnt that the hard way when it appeared. Quickly disable it.


    Didn't install but somehow, the firewall alerted me a heristics program is trying to be download (sinvise's shutdown timer). It was cloud scanning. And it block. I disnale the firewall, then only allowed to download.