Comodo Internet Security Setup/configuration thread (Setting Only)

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Will you use one of the setting


  • Total voters
    42
Status
Not open for further replies.

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,473
30,679
Operating System
Windows 10
Installed Antivirus
Default-Deny
#1
Since many of us use Comodo IS, i decided to create this thread to share our skills of CIS, indeed some of us don't have the knowledge to tighten CIS by themselves without hampering their system. I hope this thread will help.

Note: Only People used to CIS and having their configuration running for a long time without issues should post their configuration settings here.

This thread is for HELPING beginners with CIS, not showing off the most secure settings while the system is totally non-responsive.

You will display ONLY your settings/tweaks.



Your config post should inform (in your opinion) which kind of users your config is oriented.

For example "Paranoid Mode" is obviously not made for CIS beginners :D

Feel free to use the template below i made for myself.



UMBRA CIS' SETTINGS (30/11/2015)

Targeted CIS Users:
advanced/expert skilled users, Paranoid users.
Reason: HIPS activated on Paranoid, Auto-Sandbox rule customized, FW on custom, Trusted vendor List customized
Advices: Use Training Mode for some times is recommended if if you are not used to paranoid Mode.

My setting are for the moment what i recalled from those i did from previous versions, they are a good compromise between security and usability, not much popups except for the firewall (i like to know what is going out).

i could tighten this more but i will test various possibility in long term , so this settings will be surely modified.


Configuration:
Proactive

Antivirus

Real time Scan:
Stateful

Scan memory when computer start:
yes
Use Heuristic Scanning: Medium
Exclusions: my security softwares group

Scans

Quick:
Use cloud while scanning, High Heuristic
Full: Use cloud while scanning, Medium Heuristic

Defense +

HIPS settings:
Paranoid Mode
Do NOT show popup alerts: No
Create rules for safe applications: Yes
Enable Adaptive Mode: Yes
Block all unknown request...: No
Enable Enhanced Mode Protection: Yes
Do heuristic command line...: Yes
Detect Shellcode Injections: Yes | Exclusions: my security softs

HIPS Rules
added group:

Ruleset
Added Ruleset

- Umbra Ruleset (Allow All but) | Rights: Allow All except Run an Executable| Active Protection Settings: /
- Umbra Ruleset (Ask all) | Rights: Ask All | Active Protection Settings: /
- Umbra Ruleset (Block All) | Rights: Block All | Active Protection Settings: /


Protected Objects
Protected files:

Protected Registry Keys: all keys belonging to my security softs.
Protected Data Folders: all my folders with sensible datas.

Sandbox

Sandbox settings
Do not virtualize Access to specified files/folders...:
Yes | Exclusions: my security softwares group
Do not virtualize Access to Registry Keys/Value...: No | Exclusions:
Enable automatic Startup:
Yes
Detect Program which...: Yes
Show privilege Elevation: Yes

Auto-Sandbox:
Enable Auto-Sandbox: Yes
Enable File Source Tracking: Yes
Rules:
Edited "Run virtually" rule to "Untrusted".

Viruscope

Enable Viruscope: Y
es
Monitor sandboxed Applications only: No


Firewall

Firewall Settings

Enable Traffic Filtering:
Yes, Custom ruleset
Create rules for safe Applications: Yes

Filter IPv6:
Yes
Filter Loopback: Yes
Block fragmented Yes
Do protocol Analysis: Yes
Enable Anti-ARP Spoofing: Yes

Global Rules: Not Modified yet

Website Filtering
Enable Website filtering:
Yes
Rules: "Blocked Sites" edited to integrate MVPS Host Files list following my Tutorial


File Rating


File Rating Settings
Enable Cloud Lookup:
Yes
Analyze Unknown files in the cloud: Yes
Trust Application Signed by Trusted vendors: Yes, Customized
Trust files installed by Trusted Installers: Yes
Detect Potential Unwanted Applications: Yes

File Groups
Created a group containing all my security/sensitive/browsers application folders, this will make the exclusions in CIS various modules less tedious and way faster.

File List
set some vulnerable processes as unrecognized (regedit.exe, cmd.exe, etc...)

Trusted Vendor
there we are, the (In)famous TVL, the weakest chain of CIS, since any vendor/individual who pay the right price can be added as trusted...:rolleyes:
I deleted all of them except Microsoft, my drivers and all my "sure-to-be-safe" software's vendors.
 
Last edited:
H

hjlbx

Guest
#2
WARNING ! Comodo is no joke. Improperly configuring Comodo Internet Security can result in a "Black Screen"\Unbootable System!

The CIS configuration below should only be attempted by someone who thoroughly understands the basics of how Comodo Internet Security functions. It is NOT intended for the new user\beginner nor uninformed\inexperienced experimentation!


To learn how Comodo Internet Security works, start out with the configuration that is installed by default.

Afterwards, the vast majority of typical users can switch to and be very well protected by Proactive Security configuration with default settings.

I learned by reading the User's Manual, a lot of online research, lots and lots of practice with CIS, and participating at MalwareTIps. It took a lot of time and effort. It is quite worthwhile.

When I started with Comodo I knew absolutely nothing. If I can do it... you can do it...


HJLBX CIS CONFIGURATION
(Work-in-Progress; LAST EDIT 12-18-15 - NOT FINISHED !)

Targeted CIS Users:
Advanced/Expert Level Users that want maximum, multi-layered system control and protection.

Reason: Replicate AppGuard + NoVIrusThanks Exe Radar Pro + Sandboxie + Protected Folders + Windows Firewall Control configuration with CIS; heavily customized anti-executable configuration with all vulnerable processes set to Unrecognized ("Alert Mode") + protect system space and active processes against modification.

Operating System: Windows 8.1 x86-64

Comodo Internet Security Pro 8.2.0.XXXX


GENERAL SETTINGS

User Interface
  • Show Messages from Comodo Message Center: Yes
  • Show Notification Messages: Yes
  • Show Welcome Screen on Startup: No
  • Show Desktop Widget: Yes
  • Show Information Messages When Tasks are Minimized/Sent to Background: No
  • Play Sound When Alert is Shown: Yes
  • Show the 'Upgrade' Button in the Main Window: No
Password Protection
  • Enable Password Protection: No

UPDATES

Updates
  • Check for Program Updates every: 1 Days
  • Automatically Download Program Updates: Yes
  • Check for Database Updates every: 6 Hours
Options
  • Do NOT Check for Updates if I am using these connections: Not Selected/Configured
  • Do NOT Check for Updates if running on battery: Not Selected/Configured
LOGGING

Logging
  • Write to Local Log Database (COMODO Format): Yes
  • Write to Windows Event Logs: No
Log File Management
  • When Log File Reaches 20 MB => Delete It and Create a New One : Enabled
User Statistics
  • Send Anonymous Program Usage to COMODO: Yes

CONFIGURATION

PROACTIVE SECURITY


Make all settings changes AFTER enabling PROACTIVE SECURITY configuration !!

SECURITY SETTINGS

ANTIVIRUS

Realtime Scan

NOTE: Scanning of archives is a waste of system resources; it needlessly places a burden on system CPU and RAM. Unextracted archives (both non-encrypted and encrypted) are 'inert' on system until extracted. Plus, encrypted\password-protected archives cannot be decompressed and scanned. Decompressing and scanning archives on an HDD system will cause scans to take a long time - sometimes hours.

Realtime Scan

  • Enable Realtime Scan: Yes
  • Enable Scanning Optimizations: Yes
Detection
  • Run Cache Builder when Computer is Idle: Yes
  • Scan Computer Memory After the Computer Starts: Yes
  • Do NOT Show Antivirus Alerts => Quarantine : Enabled
  • Decompress and Scan Archive Files of Extension(s): *.jar, *.exe : Yes (experimenting at this time...)
  • Set New On-Screen Alert Timeout to: 999 secs
  • Set New Maximum File Size Limit to: Not Enabled
  • Set New Maximum Script Size Limit to: Not Enabled
  • Use Heuristics Scanning: High
Scans

Full Scan (double-click on Full Scan in list to access settings below)

Items
  • Entire Computer
  • Memory
NOTE: User cannot alter\customize COMODO default Full Scan Items list; can only customize scan items by creating a Custom Scan.

Options
  • Enable Scanning Optimizations: Yes
  • Decompress and Scan Compressed Files: No (With this configuration Realtime Scan will scan archives)
  • Use Cloud while Scanning: Yes
  • Automatically Clean Threats => Disinfect Threats: Enabled
  • Use Heuristics Scanning: High
  • Limit Maximum File Size to 40 MB: Not Enabled
  • Run this Scan with Background: Not Enabled
  • Update Virus Database Before Running: Yes
  • Detect Potentially Unwanted Applications: Yes
Schedule
  • None (On-Demand use only)
Quick (double-click on Quick Scan in list to access settings below)

Items
  • Commonly Infected Areas
NOTE: User cannot alter\customize COMODO default Quick Scan Items list; can only customize scan items by creating a Custom Scan.

Options
  • Enable Scanning Optimizations: Yes
  • Decompress and scan compressed files: Yes
  • Use Cloud while Scanning: Yes
  • Automatically Clean Threats => Disinfect Threats : Enabled
  • Use Heuristics Scanning: High
  • Limit Maximum File Size to 40 MB: Not Enabled
  • Run this Scan with Background: Not Enabled
  • Update Virus Database Before Running: Yes
  • Detect Potentially Unwanted Applications: Yes
Schedule
  • None (On-Demand use only)
Exclusions

Excluded Paths
  • Add *\Quarantine
NOTE: Adding *\Quarantine to Excluded Paths prevents CIS scan engine from scanning and detecting files located in most other security software's quarantine directory - for example, the included Comodo Cleaning Essentials quarantine folder !

Excluded Applications
  • None (when no conflicting software installed; no false positives on system)
NOTE: Excluded Paths and Excluded Applications is where user adds File Groups\Files\Folders and Applications\Running Processes (for example, other security software and utilities) to prevent conflicts with COMODO's Antivirus Module. Generally, what needs to be added is determined by trial-and-error.

DEFENSE+

HIPS

HIPS Settings


HIPS Settings
  • Enable HIPS: Yes => Paranoid Mode (Monitoring Settings: NOT Modified\Default)
  • Do NOT Show Popup Alerts: Not Enabled
  • Set Popup Alerts to Verbose Mode: Yes
  • Create Rules for Safe Applications: No
  • Set New On-Screen Alert Time-Out to: 999 secs
Advanced
  • Enable Adaptive Mode Under Low System Resrouces: Yes
  • Block All Unknown Requests when the Application (Application = Comodo Internet Security) is Not Running: No
  • Enable Enhanced Protection Mode (Requires a System Restart): Yes
  • Do Heuristic Command-Line Analysis for Certain Applications: Yes
  • Detect Shellcode Injections: Yes => (Exclusions: None)
HIPS Rules

Access to specific Application HIPS rules for modification\customization.

Rulesets


Access to pre-defined list of File Group HIPS rules for modification\customization; user can add HIPS File Group with customized Access and Protection rules.
  • NOT Modified\Default
Protected Objects

Protected Files

Add "System Space":
  • C:\$SysReset
  • C:\PerfLogs
  • C:\Program Files
  • C:\Program Files (x86)
  • C:\Recovery
  • C:\ProgramData\Microsoft
  • C:\System Volume Information
  • C:\Windows
NOTE: If adding any of these directories\folder paths to Protected Files causes issues, then it can be easily removed.

User can add File Groups\Files\Folders\Running Processes; only applications rated as Trusted by Comodo can modify (= write to) Protected Files; all applications - Trusted, Unrecognized and Malicious - can read Protected Files.

Using HIPS Safe Mode, any Unrecognized application that attempts to modify a Protected File will generate a HIPS Protected Object alert.

Using HIPS Paranoid Mode, any application - including Trusted applications - that attempt to modify a Protected File will generate a HIPS Protected Object alert.

Blocked Files

Applications\Running Processes added to Blocked Files cannot be executed.

Registry Keys

Access to pre-defined list of Registry Keys that cannot be modified except by files rated as Trusted by Comodo; user can add additional Registry Groups\Registry Keys.
  • NOT Modified\Default
COM Interfaces

Access to pre-defined list of COM Interfaces that cannot be accessed except by files rated as Trusted by Comodo; user can add additional COM Groups\COM Components.
  • NOT Modified\Default
Protected Data Folders

Applications running inside Comodo's virtual container (Sandbox, Virtual Desktop) cannot read nor write to folders added to Protected Data Folders.
Add
  • C:\Users\Current_User\Documents
  • C:\Users\Current_User\Music
  • C:\Users\Current_User\OneDrive
  • C:\Users\Current_User\Pictures
  • C:\Users\Current_User\Videos
  • C:\Users\Public\Documents
  • C:\Users\Public\Music
  • C:\Users\Public\Pictures
  • C:\Users\Public\Videos
  • Any Backup folders
  • Any Backup drive (e.g. X = where X is drive letter of any backup drive)
NOTE: If you add C:\Users\Current_User\* (using the "any" wildcard *) then browsers might not be able to access saved passwords for website login and\or unable to load user profile (e.g. Firefox) when Sandboxed or run inside the Virtual Desktop.

NOTE: If you add C:\Users\Current_User\Downloads to list, then you will be unable to save downloads to that directory when using Sandboxed browser.

NOTE: There is no C:\Users\Public\OneDrive folder.

HIPS Groups

Registry Groups

Access to pre-defined list of HIPS Registry Groups; user can create New Group\add Registry Keys for easier configuration of HIPS rules for the entire group or keys and load them into HIPS Rulesets.
  • NOT Modified\Default
COM Groups

Access to pre-defined list of HIPS COM Groups; user can create New Group\add COM Class for easier configuration of HIPS rules for the entire group or class and load them into HIPS Rulesets.

  • NOT Modified\Default
SANDBOX

Sandbox Settings


Sandbox Settings
  • Do Not Virtualize Access to the Specified Files\Folders: NOT Modified\Default
  • Do Not Virtualize Access to the Specified Registry Keys\Values: NOT Modified\Default
Advanced
  • Enable Automatic Startup for Services Installed in the Sandbox: Yes
  • Show Highlight Frame for Virtualized Programs: Yes
  • Detect Programs which Require Elevated Privileges e.g. Installers or Updaters: Yes
  • Show Privilege Elevation Alerts for Unknown Programs: Yes
Virtual Desktop
  • Protect Virtual Desktop with a Password: No
Auto-Sandbox

Auto-Sandbox
  • Enable Auto-Sandbox: Yes
  • Enable File Source Tracking: Yes
  • Default Sandbox rule for Unrecognized files changed from "Run Virtually" to "Block."
Viruscope

Viruscope
  • Enable Viruscope: Yes
  • Do NOT Show Popup Alerts: Not Enabled
  • Monitor Sandboxed Applications Only: Not Enabled
FIREWALL

Firewall Settings


Firewall Settings
  • Enable Traffic Filtering (Recommended): Custom Ruleset
Alert Settings
  • Do NOT Show Popup Alerts => Block
  • Enable Trustconnect Alerts: Yes
  • Turn Traffic Animations On: Yes
  • Create Rules for Safe Applications: No
  • Set Alert Frequency Level: Very High
  • Set New On-Screen Alert Time-Out: 999 secs
Advanced
  • Filter IPv6 Traffic: Yes
  • Filter Loopback Traffic (e.g. 127.x.x.x ::1): Yes
  • Block Fragmented IP Traffic: Yes
  • Do Protocol Analysis: Yes
  • Enable Anti-ARP Spoofing: No
Application Rules

Access to firewall rules for pre-defined File Groups and specific applications; user can modify\customize.
  • Pre-Defined Application Groups - NOT Modified\Default
  • All other applications - Assign "Outgoing Only" Ruleset
Global Rules

Access to pre-defined Global Firewall rules.
  • NOT Modified\Default
Rulesets

Access to pre-defined application firewall rule templates.
  • NOT Modified\Default
Network Zones

Network Zones (Settings)
  • Enable Automatic Detection of Private Networks: Yes
  • Do NOT Show Popup Alerts and Treat Locations as: Public
Network Zones (tab)
Blocked Zones (tab)


Portsets


List of pre-defined port sets.
  • NOT Modified\Default
Website Filtering

Website Filtering
  • Enable Website Filtering (Recommended): Yes
Rules (tab)
Categories (tab)


FILE RATING

File Rating Settings


File Rating Settings

File Groups



File List


FIle Rating Changes [Important !!]:

It is complicated to explain all the intricacies of this part of the configuration. My advice is not to do it unless you really are familiar with how CIS functions. You can break things - quite badly in some instances, but at the same time and for the most part, you can always delete any rules that cause problems.

Change the rating of the following applications\files from Trusted to Unrecognized; equivalent to adding applications\files to Vulnerable Process Black-List in NVT ERP.

When changing rating from Trusted to Unrecognized, HIPS will block and Sandbox will auto-sandbox the files. For acceptable usability, the user should choose one of the following:

  1. Create auto-sandbox Ignore rule so file is not sandboxed; when an application is sandboxed legitimately safe actions by the application will not be saved to system. By creating an auto-sandbox Ignore rule, HIPS will alert to every step in the run sequence.
  2. Use Training Mode to create HIPS Allow rules and do not create Auto-Sandbox Ignore rule; Sandbox will alert when file is executed. If user knows it is safe, then make sure do not create rule and select Allow.
  • cmd.exe (batch scripts)
  • cscript.exe (VBS, VBE, ...)
  • wscript.exe (VBS, VBE, ...)
  • mshta.exe (HTML applications)
  • regsvr32.dll (DLLs)
  • mmc.exe (Management Console Plugins)
  • regedit.exe (Registry scripts)
  • regedt32.exe (Registry scripts)
  • rundll32.exe (DLLs)
  • rundll.exe (DLLs)
  • powershell.exe (PowerShell scripts, currently incomplete due to the many ways PowerShell can be used for scripting)
  • msiexec.exe (MSI installers)
  • java.exe (JAVA applications)
  • javaw.exe (JAVA applications)
  • vssadmin.exe (Volume Shadow Copy)
  • csc.exe (NET Framework)
  • vbc.exe (NET Framework)
  • jsc.exe (NET Framework)
  • InstallUtil.exe (NET Framework)
  • IEExec.exe (NET Framework)
  • DFsvc.exe (NET Framework)
  • dfshim.dll
  • PresentationHost.exe
Note: Above list is a combination of vulnerable processes obtained from Emsisoft 10 thread on Wilders Security and Excubits Newsblog + added a few additional files.

Submitted Files



Trusted Vendors
 
Last edited by a moderator:
Oct 16, 2015
909
5,661
Operating System
Windows 10
Installed Antivirus
Comodo
#4
DRACUS NARCRYM'S C.I.S./C.F.W. CONFIGURATION FOR BALANCED SECURITY & USABILITY
IMPORTANT NOTE: CLICK THE SPOILER TO VIEW
IMPORTANT NOTE:
BELOW IS THE CUSTOM COMODO INTERNET SECURITY CONFIGURATION WHICH I USE IN MY MAIN, NON-TESTING PC, WHICH I HAVE TWEAKED FOR BALANCED SECURITY AND USABILITY, INSTEAD OF EXTREME/PARANOID SECURITY.
I HAVE RESET THE "MAXIMUM SECURITY" CONFIGURATION IN MY TESTING MACHINE AND AM CURRENTLY REBUILDING IT.
IT MIGHT BE POSTED HERE IN THE FUTURE WHEN I HAVE FINALIZED IT.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
THE SAME CONFIGURATION CAN BE USED FOR COMODO FIREWALL AS WELL.
SIMPLY IGNORE THE "ANTIVIRUS" SETTINGS (WHICH ARE NOT APPLICABLE IN THE CASE OF COMODO FIREWALL) AND USE THE REST OF THE SETTINGS.




- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



General Settings

User Interface
Theme: Modern Theme
Language: English (United States) - By COMODO
☐ Show messages from COMODO Message Center
☐ Show notification messages
☐ Show welcome screen on startup
☐ Show desktop widget
☐ Show information messages when tasks are minimized/sent to background
☐ Play sound when an alert is shown
☐ Show the 'Upgrade' button in the main window
Password Protection
☐ Enable Password Protection Set Password |-> COMMENT(S): I have not defined any password for the "Set Password" option.
Updates
☑ Check for program updates every 1 days
☐ Automatically download program updates
☑ Check for database updates every 2 hours
Options
☐ Do NOT check for updates if I am using these connections |-> COMMENT(S): I have not defined any connections for the "these connections" option.
☐ Do NOT check for updates if running on battery
Logging
☑ Write to Local Log Database (COMODO Format)
☐ Write to Windows Event Logs
Log File Management
When log file reches 20 MB
Delete it and create a new one
◯ Move it to the specified folder |-> COMMENT(S): I have not defined any folder for the "the specified folder" option.
User Statistics
☐ Send anonymous program usage statistics to COMODO
Configuration
Code:
Configurations                                   Status
--------------                                   ------
COMODO - Internet Security
COMODO - Proactive Security                      Active
COMODO - Firewall Security
COMODO - Internet Security - 6.3.301250.2972
COMODO - Proactive Security - 6.3.302093.2976
COMODO - Firewall Security - 6.3.301250.2972



Security Settings

Antivirus
Realtime Scan
☑ Enable Realtime Scan (Recommended)
☑ Enable scanning optimizations (Recommended)
Detection
☑ Run cache builder when computer is idle
☐ Scan computer memory after the computer starts
☐ Do not show antivirus alerts Quarantine Threats
☐ Decompress and scan archive files of extensions: *.jar, *.exe
☐ Set new on-screen alert timeout to 120 secs
☐ Set new maximum file size limit to 40 MB
☐ Set new maximum script size limit to 4 MB
☑ Use heuristics scanning Medium
Scan
Code:
☐ Name                    Action          Last Scan          Status
--------------------------------------------------------------------
☐ Full Scan               Scan            *date*             ✖
☐ Quick Scan              Scan            *date*             ✖
Exclusions
Code:
Excluded Paths
*DEFAULT EXCLUDED PATHS*
Code:
Excluded Applications
*NO EXCLUDED APPLICATIONS*
Defense+
HIPS
HIPS Settings
☑ Enable HIPS
Safe Mode Monitoring Settings |-> COMMENT(S): In " Monitoring Settings ", ALL ITEMS ARE CHECKED ☑.
☐ Do NOT show popup alerts Allow Requests
☑ Set popup alerts to verbose mode
☐ Create rules for safe applications
☐ Set new on-screen alert timeout to 120 secs
Advanced
☑ Enable adaptive mode under low system resources
☐ Block all unknown requests when the application is not running
☑ Enable enhanced protection mode (Requires a system restart)
☑ Do heuristic command-line analysis for certain applications
☑ Detect shellcode injections Exclusions |-> COMMENT(S): I have set NO exclusions in Exclusions.
HIPS Rules
Code:
☐ Application                                    Treat As
*DEFAULT RULES PLUS ANY RULE(S) THE USER CREATES - USER-CREATED RULES MAY VARY FROM SYSTEM TO SYSTEM*
Rulesets
Code:
☐ Ruleset Name
*DEFAULT RULESETS - THERE IS NO NEED FOR THE USER TO CREATE A CUSTOM RULESET*
Protected Objects
Code:
Protected Objects
*DEFAULT PROTECTED OBJECTS ARE SUFFICIENT - THE USER MAY DEFINE HIS/HER IMPORTANT FILES FOR PROTECTION*
HIPS Groups
Code:
HIPS Groups
*DEFAULT GROUPS ARE SUFFICIENT*
Sandbox
Sandbox Settings
☑ Do not virtualize access to the specified files/folders |-> COMMENT(S): The only item which is defined in the " the specified files/folders " setting is %ProgramData%\Shared Space\* which is the default item (it usually has this form: C:\ProgramData\Shared Space\*).
☐ Do not virtualize access to the specified registry keys/values. |-> COMMENT(S): I have not specified any items for the " the specified registry keys/values " setting.
Advanced
☐ Enable automatic startup for services installed in the Sandbox
☑ Show highlight frame for virtualized programs
☑ Detect programs which require elevated privileges e.g. installers or updaters
☑ Show privilege elevation alerts for unknown programs
Virtual Desktop
☐ Protect Virtual Desktop with a password |-> COMMENT(S): I have not specified any password for the " password " setting.
Auto-Sandbox
☐ Enable Auto-Sandbox
☑ Enable file source tracking
Code:
☐ Action                        Target                        Reputation                        Enable Rule
*DEFAULT POLICIES*
Viruscope
☐ Enable Viruscope
☐ Do NOT show popup alerts
☑ Monitor sandboxed applications only
Code:
Name                        Version            Status
*DEFAULT ITEMS, IF ANY*
Firewall
Firewall Settings
☑ Enable Traffic Filtering (Recommended) Custom Ruleset
Alert Settings

☐ Do NOT show popup alerts Allow Requests
☐ Enable Trustconnect alerts Unsecured Wireless Networks only
☑ Turn traffic animation effects on
☐ Create rules for safe applications
☑ Set alert frequency level Medium |-> COMMENT(S): Medium alert frequency level means you get one alert per executable file, unless you create a rule for that file using the Remember my choice option in the related COMODO Firewall alert.
☐ Set new on-screen alert timeout to 120 secs
Advanced
☑ Filter IPv6 traffic
☑ Filter loopback traffic (e.g. 127.x.x.x, ::1)
☐ Block fragmented IP traffic
☐ Do Protocol Analysis
☐ Enable anti-ARP spoofing​
Application Rules
Code:
☐ Application                        Treat As
*DEFAULT RULES PLUS ANY RULE(S) THE USER CREATES - USER-CREATED RULES MAY VARY FROM SYSTEM TO SYSTEM*
Global Rules
Code:
☐ Rules
*DEFAULT GLOBAL RULES*
Rulesets
Code:
☐ Ruleset Name
*DEFAULT RULESETS ARE SUFFICIENT*
Network Zones

☑ Enable automatic detection of private networks
☐ Do NOT show popup alerts and treat location as Home
Code:
Network Zones
-------------
☐ Zone name
*DEFAULT ZONES PLUS ANY ZONE THAT IS DEFINED BY THE USER - NETWORK ZONES ARE USUALLY DEFINED WHEN JOINING A NEW NETWORK FOR THE FIRST TIME (COMODO PRODUCES A RELATED ALERT)*
Code:
Blocked Zones
-------------
☐ Zone name
*ANY ZONE DEFINED BY THE USER - USEFUL FOR BLOCKING SPECIFIC REMOTE ADDRESSES MANUALLY (GOOD ALTERNATIVE TO HOSTS FILE, SINCE THE HOSTS FILE IN WINDOWS 7 AND ABOVE VERSIONS DOES NOT WORK EFFECTIVELY FOR "BLOCKING" ADDRESSES)*
Portsets
Code:
☐ Portset
*DEFAULT PORTSETS ARE SUFFICIENT*
Website Filtering

☑ Enable Website Filtering (Recommended)
Code:
Rules
-----
☐ Rules                        Enable Rule
*DEFAULT RULES AND PROFILES ARE SUFFICIENT*
Code:
Categories
----------
☐ Categories
*DEFAULT RULES AND PROFILES ARE SUFFICIENT, IF ANY*
Fire Rating
File Rating Settings
☑ Enable Cloud Lookup (Recommended)
☑ Analyze unknown files in the cloud by uploading them for instant analysis
☐ Do NOT show popup alerts
☑ Trust applications signed by trusted vendors
☐ Trust files installed by trusted installers
☑ Detect potentially unwanted applications​
File Groups
Code:
☐ File Groups
*DEFAULT FILE GROUPS ARE SUFFICIENT*
File List
Code:
☐ File Path            Company            First Observed            File Rating
*FILE LIST IS POPULATED DIFFERENTLY FOR EVERY SYSTEM AND SO IT VARIES FROM SYSTEM TO SYSTEM*
Submitted Files
Code:
Path                        Submitted            Submitted As
*THE SUBMITTED FILES LIST VARIES FROM SYSTEM TO SYSTEM AND THE ITEMS IT CONTAINS DEPEND ON THE USERS' ACTIONS AND CHOICES, REGARDING THE FILE/FILES WHICH IS/ARE TO BE UPLOADED - SO, THE CONTENTS OF THIS LIST VARY FROM SYSTEM TO SYSTEM*
Trusted Vendors
Code:
☐ Vendors (Signer Name in the Code Signing Certificate)
*THE DEFAULT TRUSTED VENDORS LIST IS SUFFICIENT*



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



That is the COMODO Internet Security configuration I use on my main PC and laptop.

If you have any questions or suggestions, you can send me a private message to discuss them with me.
 
Last edited:
Oct 16, 2015
909
5,661
Operating System
Windows 10
Installed Antivirus
Comodo
#5
RESERVED #1

I would like to reserve this extra post in case I need more space to expand my configuration in the future.

If any staff member deems it unnecessary, I kindly request that they remove this post at their convenience.

Thank you for your understanding!
 
Last edited:
Status
Not open for further replies.