CFP3/Help Guide/Firewall Task Center/Firewall Behaviour Settings

From ComodoWiki

Jump to: navigation, search

Firewall Tasks > Advanced - Firewall Behavior Settings

Firewall Behavior Settings allows you to quickly configure the security of your computer and the frequency of alerts that are generated. This dialog box can be accessed in the 'Advanced' section of 'Firewall Tasks' and, more immediately, by clicking on the blue text next to 'Firewall Security Level' on the Summary Screen (shown below).

Image:cf_sum_fbs_gs_sel.gif

'GeneralSettings' tab

Comodo Firewall Pro allows you to customize firewall security by using the Firewall Security Level slider to change preset security levels.
The choices available are: Block All, Custom Policy Mode, Train with Safe Mode (default), Training Mode and Disabled. The setting you choose here will also be displayed on the summary screen.

Image:cf_fw_adv_rbs_gs.gif

  • Block All Mode: The firewall blocks all traffic in and out of your computer regardless of any user-defined configuration and rules. The firewall will not attempt to learn the behavior of any applications and will not automatically create traffic rules for any applications. Choosing this option will effectively prevent your computer from accessing any networks, including the internet.
  • Custom Policy Mode: The firewall applies ONLY the custom security configurations and network traffic policies specified by the user. New users may want to think of this as the 'Do Not Learn' setting because the firewall will not attempt to learn the behavior of any applications. Nor will it automatically create network traffic rules for those applications. You will receive alerts every time there is a connection attempt by an application - even for applications on the Comodo Safe list (unless, of course, you have specified rules and policies that instruct the firewall to trust the application's connection attempt).
    If any application tries to make a connection to the outside, the firewall audits all the loaded components and checks each against the list of components already allowed or blocked. If a component is found to be blocked, the entire application is denied internet access and an alert is generated.    This setting is advised for experienced firewall users that wish to maximize the visibility and control over traffic in and out of their computer.
  • Train with Safe Mode: While filtering network traffic, the firewall will automatically create rules that allow all traffic for the components of applications certified as 'Safe' by Comodo. For non-certified new applications, you will receive an alert whenever that application attempts to access the network. Should you choose, you can grant that application internet access by choosing 'Treat this application as a Trusted Application' at the alert. This will deploy the predefined firewall policy 'Trusted Application' onto the application.
    'Train with Safe Mode' is the recommended setting for most users  - combining the highest levels of security with an easy-to-manage number of connection alerts.
  • Training Mode : The firewall will monitor network traffic and create automatic allow rules for all new applications until the security level is adjusted. You will not receive any alerts in 'Training Mode' mode. If you choose the 'Training Mode' setting, we advise that you are 100% sure that all applications installed on your computer are assigned the correct network access rights.
    Tip    : Use this setting temporarily while playing an online game for the first time. This will suppress all alerts while the firewall learns the components of the game that need internet access and automatically create 'allow' rules for them. Afterwards you can switch back to your previous mode. 
  • Disabled: Disables the firewall and makes it inactive. All incoming and outgoing connections are allowed irrespective of the restrictions set by the user. Comodo strongly advise against this setting unless you are sure that you are not currently connected to any local or wireless networks.

Keep an alert on screen for maximum (n) seconds
Determines how long the Firewall will show an alert for without any user intervention. By default, the timeout is set at 120 seconds. You may adjust this setting to your own preference.

'Alert Settings' tab

Users can configure the amount of alerts that Comodo Firewall Pro generates using the slider on this tab. Raising or lowering the slider will change the amount of alerts accordingly. It should be noted that this does not affect your security, which is determined by the rules you have configured (for example, in 'Network Security Policy' ). For the majority of users, the default setting of 'Low' is the perfect level - ensuring you are kept informed of connection attempts and suspicious behaviors  whilst not overwhelming you with alert messages.

The Alert Frequency settings refer only to connection attempts by applications or from IP addresses that you have not (yet) decided to trust. For example, you could specify a very high alert frequency level, but will not recieve any alerts at all if you have chosen to trust the application that is making the connection attempt.

Image:cf_fw_adv_rbs_as.gif

  • Very High: The firewall will show separate alerts for outgoing and incoming connection requests for both TCP and UDP protocols on specific ports and for specific IP addresses, for an application. This setting provides the highest degree of visibility to inbound and outbound connection attempts but leads to a proliferation of firewall alerts. For example, using a browser to connect to your internet home-page may generate as many as 5 separate alerts for an outgoing TCP connection alone.
  • High: The firewall will show seperate alerts for outgoing and incoming connection requests for both TCP and UDP protocols on specific ports for an application.
  • Medium: The firewall will show alerts for outgoing and incoming connection requests for both TCP and UDP protocols for an application.
  • Low: The firewall will show alerts for outgoing and incoming connection requests for an application. This is the setting recommended by Comodo and is suitable for the majority of users.
  • Very Low: The firewall will show only one alert for an application.

Checkboxes

Enable Alerts for TCP Requests / Enable Alerts for UDP Requests / Enable Alerts for ICMP Requests - In conjunction with the slider, these checkboxes allow you to fine-tune the number of alerts you see according to protocol.

Retrieved from "http://wiki.comodo.com/CFP3/Help_Guide/Firewall_Task_Center/Firewall_Behaviour_Settings"
Personal tools