Advice Request CFW/cs Containment/Blocking Alerts - What is the best setting?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
I have the latest CFW v11set with cs settings.

I have noticed that sometimes, when I open the GUI, files have been blocked but I did not receive any alerts that this happened.

I want to make sure that I am alerted each time the program intends to block a program. That said, what settings should I make to the program to insure that this happens?
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Yeah- this does happen sometimes with certain Windows System files- these normally are in connection to Windows Telemetry on Win10 (normally a Firewall Block). I was expecting some sort of resolution to this (like CF accepting this stuff with version 11) but as I only so far have done only a few quick dances with V11 on a VM (I'm waiting for the internal updater version before installing it on my main system) I really can't comment intelligently at this time.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Oh God, Searchlight! You are too kind! I just realized that I in no way answered your question and for that I apologize!

The correct answer to your question would be this: Assuming that the items for which you want alerts are being blocked by the Firewall (and you can determine what is blocking it on the main GUI Advanced view).- and I think that this is probable as many of the Win10 and MS Office16 telemetry files are deemed suspicious by Comodo (actually a good thing)-

You can on initial installation place the Firewall in "Custom Ruleset". This will alert you to EVERYTHING trying to get out. A person could then Allow or Block on a case by case basis (I formerly used this for the first 2 days after a new CF build. This gave me the opportunity to prevent stuff that had no business calling Home from succeeding). After those 2 days I would revert to Safe Mode.

I will, though, indeed update you with my impressions for ver11 once totally released.

And once again I apologize for being rude.
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
Oh God, Searchlight! You are too kind! I just realized that I in no way answered your question and for that I apologize!

The correct answer to your question would be this: Assuming that the items for which you want alerts are being blocked by the Firewall (and you can determine what is blocking it on the main GUI Advanced view).- and I think that this is probable as many of the Win10 and MS Office16 telemetry files are deemed suspicious by Comodo (actually a good thing)-

You can on initial installation place the Firewall in "Custom Ruleset". This will alert you to EVERYTHING trying to get out. A person could then Allow or Block on a case by case basis (I formerly used this for the first 2 days after a new CF build. This gave me the opportunity to prevent stuff that had no business calling Home from succeeding). After those 2 days I would revert to Safe Mode.

I will, though, indeed update you with my impressions for ver11 once totally released.

And once again I apologize for being rude.


Thanks for your etiquette, and your clarification.

I mistakenly have been associating BLOCKING with Auto-Containment, and could not understand despite your settings, why I received no alerts.

Blocking relates to the Firewall, not Auto-Containment and/or Containment.

So thinks for pointing me in the right direction so I can handle CFW better. Much appreciated.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Yes, while I understood why no alerts re: blocking (CS Settings), this helps clarify my confusion when using CFW 10 in the past and gave up on it. Not using it now but if I do in the future at least I'll have an idea on how to understand what is going on, i.e. I had no idea what some of these blocked processes referred to. In practice I am a Level 1 member so I appreciate keeping up on this.:)(y)
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
It's really a pity that this was not discussed previously, as it apparently led to confusion. Although not an issue on Win7, Comodo does not arbitrarily approve of many of the Telemetry files (stuff calling home for God Knows what reason) that are included with Win10. This pretty much mirrors what many criticized Windows for doing (when 10 was initially released), and why many did not take the free upgrade path.

Not bringing this up previously was a grave failing on my part, and the highest of compliments to SearchLight for this topic.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top