Get our Latest Finds
Subscribe to our RSS feed or enter your email address below to get the feed delivered to you by email:
Follow Gizmo
Using this Site
Top Rated
Gizmo's Freeware is Recruiting
We are currently looking for people with skills and/or interest in the following areas:
- Rootkit Scanner and Remover
- Web Browser for Android
If this sounds like you then click here for more details
How to Install Comodo Firewall
This guide was written for version 5.9, also known as 2012, of Comodo Internet Security (CIS). This guide will also work equally well for configuring Comodo Firewall, but the screenshots are from CIS.
Index
1. Overview of HIPS Programs
If you're concerned about your PC's security then using a Host Intrusion Prevention System (HIPS) is a great addition to your protection regime. A HIPS prevents unknown programs from altering any part of your system without permission. Therefore malware is automatically prevented from doing any damage.
In this way HIPS is superior to detection-based software, such as traditional antivirus applications, because it will stop any type of malware. It will even protect you against zero-day malware. A HIPS is able to do this because it automatically blocks any files that have not been verified as safe. It then asks you if you want to give them access to your computer. Of course the obvious downside to this approach is that just as there are many millions of malicious programs there are also millions of safe ones. Because HIPS vendors cannot instantly analyze every possible legitimate program it's quite possible that you may receive questions about some safe programs, as well as dangerous ones.
In response to this HIPS vendors have developed extensive whitelists. These are databases of known safe programs. If a program is known to be safe, or is produced by a trusted vendor, you won't have to answer any questions about it and the program will be allowed complete access to your computer. Thus the number of alerts you get for everyday applications is very small.
With the strength of a HIPS you may be wondering if you still need to run a traditional antivirus software alongside it. While you can theoretically do without one, assuming you know which programs to allow or block, my advice is to still use an antivirus. With a traditional AV in the loop most threats will be eliminated before the HIPS can even examine the suspect file. Thus if a signature for the particular malware already exists, which is not always the case, you will be protected from the possibility of making a bad decision. There are pros and cons to both HIPS and antiviruses but I find that they complement each other very nicely.
Comodo Firewall is one of the best known HIPS firewalls, and for good reason. In addition to providing rock solid protection it's also entirely free. If you like you can even download Comodo Internet Security, which comes with Comodo Antivirus. This is also completely free and very reliable.
2. Installing Comodo Internet Security
Before installing security software designed to protect your computer I find it's 
best to first ensure that your computer is clear of malware. I know it sounds like strange advice but this can prevent many problems further down the road. For this please follow the advice that I give in my article about How to Know If Your Computer Is Infected.
If your computer is clean then there is one thing I'd do. As described in that article you can submit the safe programs, that are unrecognized, on your computer to Comodo. Instructions for how to submit programs, or individual files that belong to programs, can be found in this topic of the Comodo forums. Make sure you read through the first post entirely. Only post download links for them if you are sure that the program is safe. Otherwise post links to the scanning results, as explained in the post. These submissions will be quickly analyzed by Comodo staff and, if appropriate, added to the whitelist. However, in order to submit programs you do need to have an account on the Comodo forums. If you don't already have one then it's very easy, and rewarding, to get one. There is an option to register on the top of any page on the Comodo forums. By doing this you will ensure that CIS will be very quiet on your computer. Once all the programs are trusted on your computer than the only time you will see an alert is the first time they try to connect to the internet or when they update. Thus CIS will become very quiet for you. After this is done you can proceed to download the installer. Here are the download locations for either Comodo Internet Security or Comodo Firewall. If, at a later time, you decide that you want to switch from one to the other than you can accomplish this by going to the start menu, finding Comodo, and selecting the option to "Add and Remove components".
During installation you will be given the choice to change your DNS servers to Comodo Secure DNS Servers. If you don't know what a DNS server does then I would recommend you read this article on What DNS Servers Do. Personally, I would recommend switching to the Comodo Secure DNS Servers because it will automatically block any websites that Comodo knows to be dangerous. However, if you would prefer to use another DNS server, or just use the default one from your ISP, then you can deselect that option. Also, I would leave the option to “enable 'Cloud Based Behavior Analysis' of unrecognized programs” checked. This will upload all active unrecognized programs to Comodo for analysis. It will only do this if they have not already been uploaded from someone else's computer. These files will then either be added to the safelist or added to the definitions for the antivirus. This is done entirely on Comodo's end so that you don't have to do any work.
Other than that I advise that you select the small option near the bottom of the window that says "Customize Installer". This will give you the option to change some parts of the program before it is even installed. Assuming you're installing both the antivirus and firewall, and will be following the rest of my advice, then I would consider the option to install Comodo GeekBuddy. This is a free trial program with which Comodo technicians can remotely diagnose, but not fix, problems with your computer. This trial period will only start once you first use it. If you decide to purchase the product then the technicians can also remotely fix any problems with your computer. However, if this does not sound useful then you can choose to not install it. Also, if you do choose to install it you can always choose to uninstall it later. Personally I choose not to install it, but the choice is yours. You are also given the option to install the Comodo Dragon browser. If you do not wish to install this then deselect this option.
After installation is complete, assuming you installed CIS, it will begin scanning your computer. If you followed my advice above, and your computer is not infected, you can cancel this scan. You may also choose to disable User Account Control (UAC). Personally I do disable it. However, there are some reasons to leave it enabled if your computer has more than one user. One problem is that disabling this will turn off protected mode in Internet Explorer. It will also disable file/registry virtualization for Windows Vista and 7. In general, UAC controls who can run specified applications that require elevated Administrator privileges. For more information please read this article.
UAC can be very useful for computers that have more than one account. If this is the case then instead of disabling it you may prefer to use a program like TweakUAC to disable it on one account or switch it to 'quiet mode'. This program is reviewed in this article. My advice would be that if you only have one user account then disable it. However, as always, the choice is yours.
3. Configuration
Configuring Comodo Internet Security, or Comodo Firewall, actually isn't that difficult. The default configuration is quite robust. However, there are some changes that can be made to increase this protection even further.
A) General Configuration
First you should change the default configuration to Proactive Security. To do this right click on the icon for CIS, in the taskbar, and select the option for "Configuration". Select "Proactive Security". It will prompt you to restart. Restart your computer. "Proactive Security" is the most secure configuration of Comodo Internet Security.
B) Configure Antivirus
Assuming you chose to install Comodo Internet Security you also installed the antivirus component. Open the program and go to the Antivirus tab. Click on “Scanner Settings” and select the tab for “Manual Scanning”. Under this tab I would recommend selecting the option to “Enable cloud scanning” and also to “Submit unknown files for analysis. What this will do is always check files against the very latest definitions and send all unknown files to Comodo for analysis. This will not only help increase their databases of malware and safe files, which will help you and everyone else in the community, but your scans would also be more likely to catch the latest malware. The problem with this setting is that your scans will take longer to complete.
Also, for those who are sure that their computer is clean, there is a trick to get rid of the message telling you that you have to scan your computer. For this follow these steps. Go to the tab for “Exclusions” and select the button for “Add” and then “Browse Files”. In the box where it asks to “Add new item” just put a (*). Type this without parenthesis. This will tell it to exclude all files. Select Apply. After this make sure that you select "OK". This will save your settings. If you don't do this then all of your changes will be lost. Now run the full scan. After it has finished, which shouldn't take long, you need to go back to the “Exclusions” tab and remove that exclusion. It's very important that you remove this exclusion. If it is left in then the antivirus component will not warn you about any dangerous files. To remove it simply go back the the antivirus excusions tab, left click on the (*) exclusion, and click remove. Then select "OK".
C) Configure Firewall
There are also some changes that can be made to the Firewall component. Open the program and go to the Firewall tab. Click on "Stealth Ports Wizard" and select the option to "Block all incoming connections and make my ports stealth for everyone". In general this is the best choice but it may interfere with some programs. If you have problems getting a program to connect to the internet instead select the option to "Alert me to incoming connections and make my ports stealth on a per-case basis". This will configure the firewall to ask your permission any time there is an incoming connection that Comodo Internet Security doesn't already know to allow or block.
While still under the Firewall tab go to the "Firewall Behavior Settings". Select the tab for "General Settings" and select the option to "Enable IPv6 filtering". Also, if you are not using TrustConnect you can deselect the options to "Show Trustconnect alerts for unsecured wireless networks" and to "Show Trustconnect alerts for public networks". This way it will not warn you about it. TrustConnect is a very useful tool but not everyone is willing to pay for it. If you're one of those people, but still spend a lot of time connecting through unsecured wireless networks, then perhaps you would be interested in the free version of TrustConnect. It can be found on this page and inserts ads for Comodo products at the top of your pages. Also, it does require creating an account, but it's definitely worth it.
Now open the tab for "Alert Settings". Unless you are using Internet Connection Sharing on your network, and this PC is the "gateway", you can safely uncheck the box that says "This computer is an internet connection gateway". You can read more about Internet Connection Sharing on this site but if you don't already know what it is the chances are very high that you don't have it enabled.
Now open the "Advanced" tab and check the box to "Do protocol analysis". If your computer is part of a network, such as a wireless network, you should also check the boxes to "Protect the ARP Cache" and "Block Gratuitous ARP Frames". If you are not part of a network then you do not gain any security by checking them. You can check the other two boxes if you like, but they may affect performance. As before, you need to select "OK" in order to save your settings. If you don't do this then all of your changes will be lost.
After configuring the firewall portion of Comodo Internet Security this is what your configuration may look like.
D) Configure Defense+ / Sandbox
Now open the tab for "Defense+" and go to "Defense+ Settings". Open the tab for "Execution Control Settings". I would recommend changing the option to "Treat unrecognized files as" from "Partially Limited" to "Untrusted". Each time a program is sandboxed you will get a popup that asks you if you want to never sandbox it again. If you select not to then it will be added to your trusted files list. Only allow a program if you are 100% sure that it is safe. You can check the files by following the methods described in How to Tell if a File is Malicious. Select "OK" to save your changes.
In order to be protected from all malware that I am aware of you need to make one more change to your configuration. Please go to the "Defense+" tab and select "Computer Security Policy". Ignore the warning that pops up and continue. Inside of this select the tab for "Protected Files and Folders" and hit the edit button. Select yes and scroll down the list. Left click where is says "3rd Party Protocol Drivers". Click "Add" and then from the drop-down menu click "Select From". Then choose "Browse". In the box for "Add new item" just copy and paste in the following path "\Device\KsecDD". Be sure that when you do this you do not include the quotes. Click "Apply" and then click "yes". Select "Apply" again and then click "OK" to save these changes. What you have just done is cut off the access that unknown programs have to the Windows encryption tool. This could have been used by some malware to encrypt your files. Thus, since you have cut off their access to it, you are protected.
There are also other options for how to treat unrecognized files. You can read more about these on this page of the online help files. To learn more about how Comodo's Sandbox works you can read this Introduction to the Comodo Sandbox. Also, if you do ever notice malicous behavior on your computer then restart the computer and the malicious processes should be gone upon reboot. That's the way the sandbox was designed.
4. Further Questions
Now Comodo Internet Security should be configured for maximum protection and maximum usability. At this point restart your computer and see if there are any problems. If you do have any questions then please peruse these FAQ's. If you still find your questions unanswered then you can search the Comodo Forums for a solution. If someone hasn't already created a post with the same problem please feel free to join the forum and create a post of your own. The community will do their best to help you with any problems that you may encounter.
If you believe this article deserves anything less than 5 stars please leave a comment below explaining how you think it can be improved or where you find fault. In fact I would appreciate any feedback, positive or negative, so that I can improve the article. Your opinions and advice are much appreciated.
If you found this article useful then perhaps you'd like to check out some my others.
How to Know If Your Computer Is Infected
How to Tell if a File is Malicious
How to Protect Your Online Privacy
This software category is maintained by volunteer editor Chiron. Registered members can contact the editor with any comments or suggestions they might have by clicking here.
- Article type:
Printer-friendly version
Comments
Thanks very much - I appreciated all your effort.
Thank you very much for this up-to-date and well writen guide! Without it I wouldn't be using Comodo, because I was unsure if I set it right.
Also a quick question. Why didn't you check rootkit scan in manual scan?
One reason is that I still find their rootkit scanner to have a few too many false positives.
Also, that said, it doesn't add any depth to the scan if you have already followed the methods I describe here:
http://www.techsupportalert.com/content/how-know-if-your-computer-infect...
in order to know if your computer is infected. If you've assured that your computer isn't infected, and you have CIS installed the way I suggest, then you won't get infected with a rootkit anyway, unless you allow a dangerous alert.
Thus I don't see a reason to devote scanning resources to scanning for rootkits.
Please let me know if you have any other questions.
Thanks.
Thank you for your reply! I indeed installed Comodo using methods described in your guide to ensure my PC isn't infected. Concerning other questions, your guide is so good that I don't have any left. Thank you very much for your help!
Is checking 'Enable adaptive mode under low system resources' in Defense+ necessary? By default it was checked on my system but Comodo help lists it as disabled by default. Comodo help also lists a warning about it reducing performance. Do you suggest I keep it enabled?
This feature was meant to supply additional protection, especially for computers running 64 bit operating systems. It's automatically checked if you select the "Proactive Security" configuration.
My advice is that if you're not seeing any problems with your computer then leave it enabled.
Thanks for your help
You're very welcome.
Please let me know if you have any other questions.
Hi there:
Sorry for being off-topic. But I really appreciate your help, if any is given. I've given try-outs to Comodo Internet Security on several occasions, using different versions, of course. However, I've never adopted this internet security tool as an item of defense arsenal, since I think it's a big frustrating pain in the bollos not being able to restore ALL and every item of a configuration so painstakingly done to the best of my humble security knowledge. Whenever I restore a backuped general settings - be it the Internet Security one or whatever - the program sure doesn't do this FULLY: several items of my personalized configuration are lost or not completely restored at all.
Did anyone of you guys out there also experience this whenever you tried to restore - after reformatting your hard drive, for example - your CIS settings? Also, CIS never seem to remember the whole of its settings thoroughly - it keeps prompting me now and again for a decision action regarding this or that program, when in fact I had already given permission for it to operate/not to operate in this or that respect.
Is there any solution to this "problem"? This is one that seems to persist since long past versions... Being such a complex suite of tools as it is, its devs should give great attention to this.
Thanks in advance for your help.
MCHAL
I'm not entirely sure about this, since I generally just re-install and lose all my settings. This is by choice.
You will get more help if you post it here:
http://forums.comodo.com/install-setup-configuration-help-cis-b137.0/
in the Comodo forums.
Thanks.
Hi,
Thanks for your help.
I've already posted this same support request there.
Regards.
Chiron: An additional setting on the new 5.9 D+ General Settings (at bottom): Enable enhanced protection mode.
Reference:
http://forums.comodo.com/defense-sandbox-faq-cis/enhanced-protection-mode-what-is-it-v5-t77464.0.html
Enhanced protection mode, what is it? [v.5]
« on: October 15, 2011, 04:19:06 AM »
The previous way that CIS hooked into 64bit OS could be defeated by some malware. Enhanced protection mode resolves this. To select use the tick box in D+ ~ D+ settings ~ General settings and reboot.
[...]
64 Bit systems
You should only switch enhanced mode off on 64 bit systems if it is causing problems. Your system will be more vulnerable to malware if you switch it off.
If you follow my advice it should be turned on. Switching to proactive security enables it. Actually, that's why the reboot is required.
Hi Chiron,
FYI: CFP v5.9 final came out today and I went through your great setup guide without any problems. The only change I noticed was the addition of the "\Device\KsecDD" component (that's pretty arcane, nice that CFP can be configured for it.) Thank you.
To Report: Over time and different machines and O/Ss I have used CFP/Defense+ with your tweaks with Avira, AVG, AdAware, MSSE, and Panda Cloud a/vs without any conflicts. Also never any conflicts with MBAM, Super and Hitman Pro on-demand scanners.
Question: Would Threatfire be redundant with Defense+?
It appears that there are no known problems running them together. Thus you'd probably be ok.
However, I don't believe ThreatFire is being developed anymore.
Good Evening Folks.
I am running Comodo FW 5.8 and followed all the steps outlined. I now want to install the same setup on all my pc's.
1. Do i goto more manage my configurations and
2. export the one that is active?
3.Then import then on new machine.
Great article very helpful (I have read all tour articles btw). Very well written and easy to understand.
Herman
Yes. That is how you would transfer the configuration.
By the way, version 5.9 is set to be released soon. I'm not sure if it will be a Beta or a final release but I just wanted to let you know as it's possible that my advice may change. That depends on which settings are changed.
Thank you very much and let me know if you have any more questions.
Error
Hello and thanks for your comment.
Do you mean that you received an error when installing Comodo Firewall?
If so then please post all the specific details of your problem here:
http://forums.comodo.com/install-setup-configuration-help-cis-b137.0/
and someone will be able to help you.
Hello Chiron
A very thorough article with no jargon. Simple to understand English. Great.
I too was a ZoneAlarm fan but now-a-days will go with what ever toptenreviews tells me. They say that Commodo's firewall is the best. It seems really good and your configuration instructions will give me all the knowledge I need to advance from novice. But tell me please ... in your fifth paragraph of '1.Overview of HIPS Programs' ... are you saying that Commodo is compatible with other AV programs or not? I understand that Commodo works as an AV program in it's own right. RE: Sandbox ect. However, you state that we should not have any issues running Commodo with other AV programs. Yet I am not able to get my PC to work with Bit Defender Plus along with Commodo's free firewall. I think there must be a configuration issue as when I install Commodo on top of Bit Defender, it initially works. Until I restart the PC and it doesn't start. I then have to Safe Mode, Restore ect. With these 2 programs I will be impenetrable as you suggest in that paragraph, if I can get them working together that is. And if I do get them working together will it be at the expense of lesser Commodo stealth? What to do?
Look forward to your reply.
Thanks
Sorry, I do need to update that section. There are some programs that do conflict with Comodo Firewall.
There is very likely a workaround for BitDefender, but I'm not sure all the details. Please post your problem here:
http://forums.comodo.com/install-setup-configuration-help-cis-b137.0/
and someone will be able to help you.
Thank you very much for pointing this out, I'll fix it in my next revision.
Excellent article, but one thing bothers me about this product and any product on the market. Everybody automatically trusts windows files. I posted on this subject in the forums. I don't know how to put a link in here, but here's the URL if you copy and paste it:
http://forums.comodo.com/av-false-positivenegative-detection-reporting/false-positive-windows-system-files-t77438.0.html
I've never trusted windows after that day, and from then on, if I see my computer is taking a long time shutting down, I manually shut it off, even unplugging it if the button doesn't work.
Thank you.
Please let me know if you have any questions about how to configure it. I believe you should be able to create custom firewall rules for Microsoft if you select the option to "Create rules for safe applications".
Well Done!
I'm saving this one. I agree it's the best detailed how to for Comodo Firewall which by the way since I discovered it is the absolute best firewall I've used. But I also use comodo time machine with absolutely no problems as described by some. I even uninstall it every 3 months or so to do a thorough defrag and hard drive restructuring for performance then reinstall. The disaster story I read above and others I believe may be due to some incompatible configuration or software running on the PC.
TIP: I ALWAYS turn off ALL antivirus and security systems when adding another and often tell each of them to LEAVE THE OTHERS ALONE.
Ready for this? I have Windows XP SP3 and have been running my two favs... Comodo Internet Security (minus their anti virus) with AVAST ANTIVIRUS Free. NEVER had ANY problems whatsoever with these two. They play together just fine for me and all I've convinced to try them.
Kinda strange though because I have no doubt the poster is being accurate. The question is what is actually causing this conflict on his or her machine.
Thanks for listening and allowing my comment.
Keep up the Excellent Work. I refer to Gizmo's site regularly and refer it to others as well.
Mark.
Thank you.
I really appreciate it.
Exelent article,best CIS TUT I have seen till now, 5-stars!!!
Thank you very much.
Please let me know if there's anything else you would like to see incorporated.
I'm aware that the article currently pertains to v5.4, not v5.5. Henceforth though, anyone visiting this page for the first time will almost certainly be installing v5.5, because it has been available for at least two months already.
This article contains by far the most detailed instructions for configuring CF Free that I've come across. However, with regards to *installing* it, I was hoping the article would've contained at least one tip to get it running without freezing the computer, which can occur when installing it on a WinXP (SP3) system protected by AVAST Free. That misfortune was not only my own experience, but also that of another unhappy user (nrocpop) who posted recently at CNET's review of CF Free at http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html
I was lucky to get a clean uninstall of CF Free v5.5 after it locked up my system so badly that it wouldn't reboot normally; nor via Last Known Good. So I'm reluctant to further experiment with it, even though I have some ideas about how to gradually work it into acceptable use.
The author named t i m mentioned in his article 'Best Free Firewall' http://www.techsupportalert.com/best-free-firewall.htm that finding a suitable product may involve a process of trial and error. I'll add that there's a cause for every effect, and what's now needed is a trial and error approach to getting CF Free v5.5 adapted to AVAST Free v5.0. Perhaps a possible solution is to temporarily stop the latter program's services via a batch file containing a few 'net stop' commands, which is temporarily placed in the directory Start Menu\Programs\Startup until CF Free has adapted to all of the other software that has started.
Doubtless there must be other OSes besides WinXP (SP3) running other AVs besides AVAST Free v5.0, which also undergo lockup after CF Free v5.5 has "successfully" installed.
Thank you. As compared to V 5.4 V 5.5 just fixes a few bugs. I don't believe that the advice for configuring it should change. However, thanks for pointing it out. I just forgot to update the version number. Right now I'm playing with V 5.8 Beta. I am planning on updating the article when it's released.
As for your difficulties installing it I can't say for sure what the problem is, but it's entirely possible it didn't install correctly the first time. Please see my advice here:
http://forums.comodo.com/install-setup-configuration-help-cis/how-to-upg...
Also, if nothing there works then please start a new topic here:
http://forums.comodo.com/install-setup-configuration-help-cis-b137.0/
and give them your specific information. They'll be able to figure out what's going on and help you with any future problems.
Thanks.
Post new comment