The firewall Options panel allows you quickly to configure Firewall settings. It is divided into three areas:
- Enable Firewall allows you to disable or enable Firewall protection. ( Recommended and default = Enabled
You can choose the level of security you want from the drop-down menu.
There are many options available:
- Block all: The firewall blocks all traffic to and from your computer, regardless of user-defined rules and configurations. The firewall doesn’t attempt to understand the behavior of any app and doesn’t automatically create traffic rules. This option will effectively block your computer’s access to any network, including the Internet.
- Custom Ruleset mode: The firewall only applies the Firewall rules and custom security configurations that the user has specified. This setting is often referred to as “Do Not Learn” by new users. The firewall doesn’t attempt to learn any application’s behavior. It does not automatically create network traffic rules for these applications. If an application attempts to connect, you will be notified. This applies even to applications that are on the Comodo Safe List.
The firewall checks all loaded components for compatibility with the list of allowed and blocked components before any application attempts to connect to the outside. An alert is issued if a component is blocked. This setting is recommended for firewall professionals who want to increase visibility and control traffic through their computer.
- Safe Mode Default: The firewall filters network traffic and creates rules to allow traffic for applications that have been certified by Comodo as safe. If the checkbox Create rules to protect applications has been selected, the firewall will automatically create rules. You will be notified if a non-certified application attempts to connect to the network. You can choose to grant Internet access to the application by selecting ‘Treat it as a Trusted Application’ from the alert. This will install the predefined firewall ruleset “Trusted Application” onto the application.
“Safe Mode” is the preferred setting for most users. It combines the highest level of security with an easy to manage number of connection alerts.
- Training Mode – The firewall monitors network traffic to create allow rules for new applications. This is until the security level has been adjusted. In ‘Training Mode’ mode, you will not be notified. We recommend that you do not choose the ‘Training Mode” setting.
- Do not show popup alerts. You can choose whether you would like to be notified whenever the firewall receives a request for network access. While it will reduce disturbances, you may lose some user awareness if you choose to ‘Do not show popup alerts. ( Enabled
You can choose to not show alerts. CIS will then automatically respond with one of two default responses: ‘Block Requests or ‘Allow requests’.
- Enable automatic identification of private networks– This instructs Comodo Firewall not to monitor whether your computer is connected with any new wired network or wireless network. If the firewall detects a new network, it will display an alert like the one below (for example, when you connect with a Wi-Fi network or home network).
To optimize the firewall configuration for your connection type, you can choose the type of network to which you want to be connected. Comodo suggests that users leave this setting at the default enabled (Default = Enabled).
Enable Trustconnect Alerts If you connect to the Internet in public places like airports or coffee shops, you could be at risk. Unsecured public networks could allow others to spy on your communications and even steal your confidential data. Comodo recommends that you use TrustConnect to encrypt your connection in public hotspots.
If selected, Comodo Firewall will display an alert if it detects you are connected to the Internet through an unsecured network (Default=Enabled). The drop-down options allow you to select the conditions under which you want alerts to be displayed:
- Unsecured Wireless Networks (Default) TrustConnect alerts will only be displayed if you connect to an unencrypted wireless connection.
- Unsecured Wireless Networks Only TrustConnect Alerts are displayed when you connect to a public wireless networks, regardless of whether or not the connection is encrypted.
The following notification will alert you and give you the chance to make the connection:
- Use to turn traffic animation effects. By default, the Comodo Internet Security ‘Shield” tray icon displays a small animation when traffic moves towards or away from your computer.
If traffic is outbound, the shield will show green arrows moving up the right side. Inbound traffic will also see yellow arrows moving to the left. This is a useful indicator of real-time data movement in and out of your computer. This checkbox is removed if you do not wish to see the animation . (Default = Enabled).
- Make rules for safe applications. Comodo Firewall trusts applications if:
- The file/application is listed under File Rating Settings in the Trusted Files List.
- The vendor is listed in the Trusted software Vendors under File Rating Settings.
- The Comodo safelist is constantly updated and includes the application.
CIS doesn’t automatically create ‘allow rules’ for safe applications by default. This reduces resource consumption, simplifies the rules interface, reduces the number ‘Allowed’ rules, and decreases pop-up alerts. It is also beneficial for beginners who have difficulty setting up rules.
This checkbox allows CIS to learn the behavior of safe applications in order to automatically generate the Allow’ rules. These rules can be found in the Application Rules interface. Advanced users have the ability to modify/edit these rules (Default = Disabled).
- There are many options: Adjust the alert frequency level – This option allows you to set the number of alerts Comodo Firewall generates from the drop-down. This does not impact your security. Security is determined by the rules that you have set up (for example in-app Rules’ or global Rules). The default setting of “Low” is ideal for most users. It keeps you informed about suspicious behavior and connection attempts but does not overwhelm you with alert messages. ( Disabled
- Very high: The firewall displays separate alerts for outgoing connection requests and incoming connections for TCP and UDP protocols on particular ports and IP addresses for each application. This setting gives you the most visibility for outbound and inbound connections, but it also leads to a proliferation firewall alerts. One example is that a browser used to connect to your Internet homepage may result in up to five separate alerts for each outgoing TCP connection.
- High: The firewall displays separate alerts for both outgoing and inbound connection requests for TCP and UDP protocols at specific ports.
- Medium The firewall displays alerts for outgoing or incoming connections requests for TCP and UDP protocols.
- Low The firewall displays alerts for outgoing or incoming connections requests for an application. This setting is recommended by Comodo, and it is suitable for most users.
- Very low: Only one alert is displayed by the firewall for an application.
Alert Frequency settings only apply to connections made by applications or IP addresses you haven’t yet decided to trust. You could, for example, set a high alert frequency but not receive any notifications if you trust the application making the connection attempt.
- Set a new on-screen alarm time to. This determines how long the Firewall will display an alert without user intervention. The default timeout is 120 seconds. This setting can be adjusted to suit your needs.
Comodo Firewall has advanced detection settings that help protect your computer from common DoS attacks. An attacker launches a ‘flood attack’ to derail a target computer with too many connections requests, making it impossible for your computer to accept legitimate connections. This effectively shuts down your web, email, and FTP servers.
- Filter IP v6 Traffic – If enabled CIS will filter IPv6 and IPv4 traffic.
- Filter loopback traffic: Loopback connections are internal communications within your computer. Loopback connections allow your computer to transmit data and receive it immediately. This does not require any connection to another computer or the internet. You may have heard the loopback network’s IP address as 127.0.0.1. It is sometimes referred to by its domain name, ‘http://localhost’. Your computer’s address. Loopback channel attacks can flood your computer with TCP/or UDP requests. This can cause your IP stack to be smashed or even crash your computer. This box should be checked to ensure that the firewall filters traffic through this channel. Use the loopback channel to communicate. ( Enabled
- Block Fragmented Internet traffic – Two computers must agree on a maximum transmission unit (MTU) before a connection can be opened. IP Datagram fragmentation is when data is sent through a router that has an MTU lower than yours. For example, if a datagram’s size exceeds the MTU of the network it must travel over, it is broken up into smaller “fragments” which are sent individually. Fragmented IP packets could pose threats similar to a DOS attack. Fragmentations can also double the time required to send one packet and slow down your downloading speed ( default = Disabled).
- Perform protocol Analysis is crucial for detecting fake packets that are used in denial-of-service attacks. This option allows Comodo Firewall to verify that every packet meets the protocols standards. If they do not conform, the packets will be blocked ( default = Disabled).
- Enable anti-ARP spoofing A gratuitous Address Resolution Protocol frame (ARP) is an ARP Reply broadcast to all machines within a network. It is not in response to any ARP Request. All hosts must update their local ARP caches when an ARP Reply has been broadcast. This applies regardless of whether the ARP Reply was issued in response to any ARP Request. It is important to have gratuitous ARP frames. They update your machine’s local ARP cache when there is a change on another machine on your network. For example, if you replace a network card in a machine, an ARP frame will inform your machine and request that your ARP cache is updated so data can be properly routed. While ARP calls may be useful for an office network with many machines that must keep each other up to date, they are not relevant for a home network. This setting allows you to block malicious requests (Default = Disabled).