Question Does the free firewall still nag you with popups?

[Templarware]

I was checking Comodo's Free Firewall website and found this:

"... Default Deny Protection (DDP™) fixes this problem to ensure complete security. The firewall software references a list of over two million known PC-friendly applications. If a file that is not on this safe-list knocks on your PC's door, the best free Firewall immediately alerts you to the possibility of attacking malware. All this occurs before the malware infects your computer. It's prevention-based security, the only way to keep PCs totally safe."

Does this mean that it can work like Avast's firewall, which uses a cloud based safe-list and does everything without the need of user intervention?

 

[ForgottenSeer 114717]

I was checking Comodo's Free Firewall website and found this:

"... Default Deny Protection (DDP™) fixes this problem to ensure complete security. The firewall software references a list of over two million known PC-friendly applications. If a file that is not on this safe-list knocks on your PC's door, the best free Firewall immediately alerts you to the possibility of attacking malware. All this occurs before the malware infects your computer. It's prevention-based security, the only way to keep PCs totally safe."

Does this mean that it can work like Avast's firewall, which uses a cloud based safe-list and does everything without the need of user intervention?

Now who keeps a dead tree?

 

[lokamoka820]

Not quite. While both use safe-lists and cloud intelligence, Comodo is more hands-on by default. You can configure it to be less intrusive, but it’s designed to alert and involve the user when something unknown appears. Avast, on the other hand, is built to handle those decisions quietly in the background.

Default Deny Protection means anything not on the safe-list is blocked or sandboxed until proven safe.

 

[Templarware]

Not quite. While both use safe-lists and cloud intelligence, Comodo is more hands-on by default. You can configure it to be less intrusive, but it’s designed to alert and involve the user when something unknown appears. Avast, on the other hand, is built to handle those decisions quietly in the background.

Default Deny Protection means anything not on the safe-list is blocked or sandboxed until proven safe.

But if it contains "two millions PC applications", there shouldn't be any unknown occurrences for most users.

 

[rashmi]

Does this mean that it can work like Avast's firewall, which uses a cloud based safe-list and does everything without the need of user intervention?

Comodo uses a default-deny setup; with default-deny, fully automated setups are impossible, and users must interact for efficiency.

But if it contains "two millions PC applications", there shouldn't be any unknown occurrences for most users.

Comodo uses a local trusted vendor list and a cloud whitelist. Comodo allows programs from trusted vendors. They update the cloud whitelist with newer program versions.

 

[ErzCrz]

I was checking Comodo's Free Firewall website and found this:

"... Default Deny Protection (DDP™) fixes this problem to ensure complete security. The firewall software references a list of over two million known PC-friendly applications. If a file that is not on this safe-list knocks on your PC's door, the best free Firewall immediately alerts you to the possibility of attacking malware. All this occurs before the malware infects your computer. It's prevention-based security, the only way to keep PCs totally safe."

Does this mean that it can work like Avast's firewall, which uses a cloud based safe-list and does everything without the need of user intervention?

Once CFW gets used to what you do, it'll stay quiet unless there's something unknown and then it's just a case of whitelisting that file or creating an allow rule. You can set it to just block unknown/malicious connections in the settings as below but you there are 4 different modes. I have occasionally run Custom Mode to create some block rules to prevent some background updates etc but the same can be done for creating rules for safe files but there isn't much point in that since Safe Mode will just allow them anyway. I've only seen alerts when I've installed something new or unsigned but it was easily fixed. It's not as noisy as it used to be and simplifying the setup by using CruelSister's Setup is a great set and forget.

Spoiler: Firewall Modes

The firewall element hasn't really been updated at all since .8012 apart from a UI change (I always change mine back to Lycia Theme) and some code updating for Win 11 and it still doesn't filter some VPN traffic but it works. I suppose it depends on what your looking for in a firewall.

There's also the likes of WindowsFirewallControl if you just want something to alert you for any new connection and then just turn off alters and it'll block anything there isn't a rule for.

 

[Pico]

I have occasionally run Custom Mode to create some block rules to prevent some background updates etc but the same can be done for creating rules for safe files but there isn't much point in that since Safe Mode will just allow them anyway.

Are you sure CFW doesn't block safe files when block rules are in place when using CFW in Safe Mode?
Do safe files bypass any created rules on the Firewall Application Rules List belonging to those safe files when using Safe Mode?

Futhermore when your system is connected to IPv6 internet / network then CFW doesn't block any IPv6 traffic because CFW IPv6 filtering is disabled by default for some strange unknown reason.

 

[Templarware]

Comodo uses a default-deny setup; with default-deny, fully automated setups are impossible, and users must interact for efficiency.


Comodo uses a local trusted vendor list and a cloud whitelist. Comodo allows programs from trusted vendors. They update the cloud whitelist with newer program versions.

I still don't get it. With a vendor and a cloud whitelist of 2 million applications, there shouldn't be any need for user interact.
With 2 million applications in its database, it will still block legit programs and windows processes?

 

[Pico]

When you set Firewall and HIPS mode to Safe Mode it works like that.
If an application which executable is signed by a vendor which is listed on the Vendor List then that application / executable is rated as Trusted and runs without Firewall / HIPS restrictions on your system by default.

 

[ForgottenSeer 123960]

I still don't get it. With a vendor and a cloud whitelist of 2 million applications, there shouldn't be any need for user interact.
With 2 million applications in its database, it will still block legit programs and windows processes?

A few examples of why users need to interact.

Software Updates

When a program like Google Chrome or Firefox updates (which can happen weekly), its digital fingerprint (cryptographic hash) changes. The new chrome.exe is technically an "unknown" file until the cloud whitelist is updated. A default-deny system will stop it in that small window and ask, "Hey, I know the old Chrome, but I don't know this new one. Is it okay?"

Niche & Custom Software

Think about specialized software for hobbies, custom scripts for work, tools used by developers, or older "legacy" applications. These are often not popular enough to make it onto a global whitelist.

Installers and Temporary Files

Many installers unpack temporary files during the installation process. These files exist for only a few minutes and are unique to that specific installation, making them "unknowns" that the system will question.

 

[stonjean633]

I still don't get it. With a vendor and a cloud whitelist of 2 million applications, there shouldn't be any need for user interact.
With 2 million applications in its database, it will still block legit programs and windows processes?

In 2018 there were 35M unique applications to Windows alone and it's still growing. 2M is kinda small thus the ratio of known : unknown apps have a wide gap.
Same goes in the antivirus industry. Lots of unknown files being analyzed in the millions per day in the labs that's why the heuristics are there to fill the gap( suspicious until proven malicious or safe )

Think of the interaction with the firewall as "call a friend for help".

 

[ErzCrz]

Are you sure CFW doesn't block safe files when block rules are in place when using CFW in Safe Mode?
Do safe files bypass any created rules on the Firewall Application Rules List belonging to those safe files when using Safe Mode?

Futhermore when your system is connected to IPv6 internet / network then CFW doesn't block any IPv6 traffic because CFW IPv6 filtering is disabled by default for some strange unknown reason.

Obviously, if you have a block rule, that'll take precedence. I always enable IPv6 because my ISP uses it but most still just use IPv4 or even turn off IPv6 all together. You might need to create global allow rules for Packet too big, time out and the likes of neighbour solicitation (134-136 type 0) for IPv6 to work properly with stealth ports set to block incoming.

I doubt they'll ever make much change to the firewall module but you can adjust the settings to suit your needs.
The order of those block rules in the list is also important as you'll want block rules at the top of the list and, of course, if you are trying to block a IP globally, great a global rule for it.
Windows Firewall rules still work with CFW installed as they run together so you could use Andy Ful's Firewall Hardening and those LOLBins will still be blocked.

 

[rashmi]

I still don't get it. With a vendor and a cloud whitelist of 2 million applications, there shouldn't be any need for user interact.
With 2 million applications in its database, it will still block legit programs and windows processes?

Comodo never contained/blocked Windows/OS files and browsers for me.

Trusted Vendor List: Comodo allows programs from vendors on this list—you shouldn't see alerts for programs with the default and related settings enabled.
Cloud Whitelist: Comodo allows programs included in its cloud whitelist—you'll see alerts for a program if the specific version is not in the cloud whitelist.

Comodo is one of the easiest default-deny programs with excellent usability. On my system, it auto-contains 6 programs with the internet disconnected and 1 program with the internet connected.

Perhaps try Comodo and see if it fits your needs now. You can add signed programs to the trusted vendor list. You can ignore/exclude signed/unsigned programs in the auto-containment to allow them permanently. For user-ignored/excluded programs, you'll see firewall alerts, so allow them in the firewall (if I remember well).

 

[Templarware]

Comodo never contained/blocked Windows/OS files and browsers for me.

Trusted Vendor List: Comodo allows programs from vendors on this list—you shouldn't see alerts for programs with the default and related settings enabled.
Cloud Whitelist: Comodo allows programs included in its cloud whitelist—you'll see alerts for a program if the specific version is not in the cloud whitelist.

Comodo is one of the easiest default-deny programs with excellent usability. On my system, it auto-contains 6 programs with the internet disconnected and 1 program with the internet connected.

Perhaps try Comodo and see if it fits your needs now. You can add signed programs to the trusted vendor list. You can ignore/exclude signed/unsigned programs in the auto-containment to allow them permanently. For user-ignored/excluded programs, you'll see firewall alerts, so allow them in the firewall (if I remember well).

I've tried Comodo Firewall many years ago, there was always many popups. Kind of like Malwarebytes Firewall Control nowadays.
So you're saying that Comodo now needs less user interaction that WFC?

 

[lokamoka820]

I've tried Comodo Firewall many years ago, there was always many popups. Kind of like Malwarebytes Firewall Control nowadays.
So you're saying that Comodo now needs less user interaction that WFC?

Yes, Comodo generally requires less user interaction than WFC.

 

[Pico]

I've tried Comodo Firewall many years ago, there was always many popups.

If a Comodo Firewall popup appears you have the opportunity to tick the "Remember my answer" option so that Comodo Firewall creates a rule for the program that caused the popup so that Comodo Firewall will not nag you again when the same program runs again.

 

[rashmi]

I've tried Comodo Firewall many years ago, there was always many popups. Kind of like Malwarebytes Firewall Control nowadays.
So you're saying that Comodo now needs less user interaction that WFC?

I don't remember how the default Comodo Firewall rules work. I've always used Comodo Firewall with the stealth ports setting, i.e., block incoming connections. Comodo displays far fewer prompts than WFC/MFC, I believe (I couldn't recall my experience with WFC).

 

[ErzCrz]

I don't remember how the default Comodo Firewall rules work. I've always used Comodo Firewall with the stealth ports setting, i.e., block incoming connections. Comodo displays far fewer prompts than WFC/MFC, I believe (I couldn't recall my experience with WFC).

WFC can be particularly noisy until it learns all the connections but you can thankfully backup and import rules.

With CFW In default Firewall Security the ports are stealth with Block Incoming. When you change the configuration to Proactive, it's Stealth - Alert Incoming. Your still fully in stealth but it notifies you of the incoming connection where you can block or allow. Presumably this is for some usability with the more enhanced protection.

The Global rules for Block Incoming vs Alert Incoming are as below. You'll need to re-run the stealth ports wizard in Firewall Tasks if you enable IPv6 filtering so it adds the IPv6 rule for the Alert Incoming. The Block Incoming global rule doesn't change as it's already set to block IP in as the last rule. I always re-set mine to Block Incoming anyway.

Spoiler: CFW Global Rules

 

[Parkinsond]

it notifies you of the incoming connection

I do not get any prompts for incoming connections when setting WFC to medium level; if I select allow connection, it allows only outbound direction.

 

[ErzCrz]

I do not get any prompts for incoming connections when setting WFC to medium level; if I select allow connection, it allows only outbound direction.

I was referencing CFW not WFC. WFC by default only creates outbound rules but you can change it to set incoming rules as well.