How to set up comodo firewall settings? Some friends may be stranger to comodo firewall Internet Security than know how to set up.
Comodo firewall setting basic methods:
Installation of Comodo firewall is easy, just pay attention to the installation path. Restart after loading.
Well, after the computer has restarted after comodo firewall installed, you will notice that it will be started automatically. A blue shield icon is displayed in the lower right corner of screen. Double click to go to the main interface. This is the case after installation, but you must go to Everyone. (Allow All) Change to Custom and then enter your registration code.
Summary window (summary) in Comodo Firewall:
- First there are 3 icons in the upper right corner:
- UPDATE is the meaning of the update, you can update
- Help is to open the help file
- About is a summary of Comodo firewall
- There are 3 clear signs on the left:
- Summary is the summary of the view, Security is the entry line, Activity is the network activity monitor
- In the blue Comodo source there is a risky activity registered by your FW Below is your registration information, usually Lifetime + Full.
The bottom is: the security level, set to Custom, it doesn’t matter.
The first row on the right in comodo firewall is news, the second row is traffic, which represents the percentage of traffic for each application. If you click on the network, the percentage of TCP, UDP, ICMP and other protocols is also displayed. Generally, TCP is the highest, then UDP, and the other actually has no traffic.
The lower right corner shows your network information, including your network name, IP, subnet, form (ADSL or LAN, etc.) and MAC address.
Security window (Security rule settings) in Comodo Firewall :
This is the most important part of Comodo firewall, the equivalent of setting the rules, the first window is Tasks.
Define a new reliable application in Comodo Firewall: here you can add fully reliable programs for networks.
Define a new prohibited application in Comodo Firewall: you can add a completely unreliable program to block networks here.
Add / remove / change a zone (add, delete and repair a network zone): here you can add, delete and repair network zones.
Check for updates: the name is the meaning of the update.
Send files to Comodo for analysis: send files to Comodo for analysis use with caution.
Define a new trust network in Comodo Firewall: you can add a complete trust network here.
Search for known applications in Comodo Firewall internet security: I think this is the highlight of Comodo firewall. Scan for a program called Comodo (for example IE) and add rules yourself, without the user having to worry about it. This is very good. Settings But you know very few applications and it is not recommended.
Application Monitor in Comodo Firewall:
Here you can set the rules for each application, Add is added, Edit is edited and Delete is deleted.
The application shows the name of the application the destination shows the external IP. The port shows the external port. The protocol shows the protocol and the permission indicates whether it is allowed or disabled. The details of the program are described in detail below.
Go to the rule configuration interface in Comodo Firewall:
The first line is the program you want to add, the second line is the main program, you can also choose to skip father, learn the father, and specify a father. You can then choose to allow everything (allow all activities) or apply the flow criteria (run the following criteria).
Define the rules in Comodo Firewall internet Security:
The promotion is an activity that you can allow, allow or block; Protocol is a protocol, you can choose TCP, UDP or TCP / UDP; Address is the address, you can choose Input, Output, Input / Output.
Destination IP is a remote IP with all options, simple IP, IP range, IP mask, zone and hostname.
The destination port is an external port with all options, a single port, a series of ports, and a set of ports that can only be separated by a small comma.
Miscellaneous is more options, makes invisible connection attempts possible, skips advanced security checks and limits the number of connections.
Disadvantages in Comodo Firewall: when entering “random port” you can enter a maximum of 16 ports; and you can only select a port configuration (ie, if you select “random port”, you cannot select “port range”, KAH will not do this) This is a major inconvenience and I hope the next version will change.
Component monitors in Comodo Firewall:
This is to check all the files in the link library comodo firewall, not just the DLL files, but the DLL files are the vast majority, so it’s called that. The default is the learning mode, which allows all DLLs. If you feel like you are learning, switch to enabling, you can fully manage the new dll file.
Be careful if you are not familiar with the DLLs.
Network monitor in Comodo Firewall:
Same as package filter rules, you can set any port rule.
Rule settings in Comodo Firewall:
The port configuration and the IP rule are similar to those of the application monitor, but bear in mind that source IP means local IP and source port means local port.
Advanced (advanced settings) in Comodo Firewall:
Contains analysis of application behavior, detection and prevention of advanced attacks, and various (more options).
Analysis of the behavior of the application in Comodo Firewall internet security : it must be the outbreak of the next official version of the hips, which contains options to prevent the injection of dll, the default value may be, there is no need to reconfigure.
Detection and prevention of advanced attacks in Comodo Firewall: there is no need to change the configuration in this area, the default setting is correct.
Different (more options) in Comodo Firewall: this can be adapted to the medium (alarm), it can show more tips for you to finally choose artificially safe (no need for beginner).
There is also a Restore button below, this to prevent the problem caused by the configuration error from being resolved. After you press all settings will change to the default settings be careful!
activity in Comodo Firewall:
Here you can see the network connection activity. The first option is the application activity. It is useful and concise to see the external IP, port, address and traffic. And you can close this connection at any time with the Close button on the back.
The second are the rule records, which record information, such as creating rules for each type, and also show the threat level. A high risk is found in the analysis of the program’s behavior. Mainly because of the reasons for the DLL injection, it is still relatively sensitive.
Example of blocking IP packets from fragmentation in firewall internet security :
One of the IP Ping fragmentation attacks This is a fragmentation attack that uses the ICMP protocol. If the attacker sends an echo request packet that is longer than 65535. Then the destination host causes a 65535 byte buffer overflow that was previously assigned. When it is re-fragmented and the system usually crashes or crashes.
Example: one of the tear IP fragment attacks
This is an attack method based on poorly segmented UDP-based packages, which uses a fake fragmented fake package to initiate a denial of service attack on the system host.
Finally the host crashes: for Windows it will cause BSOD and display the STOP error 0x0000000A
example: Jolt2.c One of the IP fragmentation attacks
Jolt2.c sends an ICMP / UDP IP fragment in an infinite loop, it increases CPU usage by 100%, the mouse cannot move or even the system crashes. Example of
execution protocol analysis
: SYN flood is one of the protocol analysis attacks.
It is an attack method that uses TCP protocol defects to send a large number of fake TCP connection requests, thereby depleting the resources of the attacked party (full CPU load or insufficient memory).
How To enable anti-ARP phishing:
ARP imitation is an attack technique for ARP. With this type of attack, an attacker can obtain packets on the LAN or even change the packet, and prevent a specific computer or all computers on the network from connecting properly.
The ARP virus is a general term for a type of virus that uses the ARP protocol vulnerability to spread.
ARP protocol: an address resolution protocol, a TCP / IP protocol that obtains a physical address based on an IP address. And can translate a network address into a physical address (also known as a MAC address).
Example: Themachine dog virus that appeared in 2007 can penetrate various restoration software (such as the shadow system) and the hardware restoration card.
And you can use ARP imitation to spread across the LAN. If there is a machine, almost all machines in the cyber café and campus hall are contaminated.
New version of big bean comodo firewall internet security 2020:
Bean has the function of automatically scanning to submit unknown files. If it is not consciously submitted manually. Then It may be possible that you have selected similar functions in BIG Bean D+ settings. Automatically submit at execution. See which IP belongs to the BIG Bean CAMAS simulation environment online analysis server, which should be related to the operation of submitting the analysis.