How to switch modes in HIPS Settings and Firewall Settings of CCS using ITSM profile

Release Time
05/15/2018
Views
335 times
Category
Comodo Client Security
Tags


In ITSM, we can configure the HIPS setting and Firewall settings by changing from mode to another mode. This helps to manage the security level of access and the alert generation at the endpoint.

HIPS Settings - HIPS constantly monitors system activity and only allows executable's and processes to run if they command with the prevalent security rules that have been enforced by the user. 

Firewall Settings - Firewall screen allows an administrator to quickly configure the firewall security of an endpoint and the frequency of alerts that are generated.

 Go to ITSM → CONFIGURATION TEMPLATES → Profiles

i) The configuration of HIPS mode in COMODO CLIENT SECURITY

Step[1]: Select the profile applied to your devices (For eg: Security Profile)and Click ADD PROFILE SECTION and Choose HIPS from the drop down.

 

Step[2]: In HIPS setting, under the Enable HIPS option we can choose any of the modes from the below drop-down.

The modes available are,

  • Paranoid mode - Paranoid mode is the highest security level setting .Choosing this option generates the most amount of HIPS alerts and is recommended for advanced users that require complete awareness of activity on their system. Comodo Client Security does automatically create 'Allow' rules for any executable's - although you still have the option to treat an application as 'Trusted' at the HIPS alert.
  • Safe Mode - Safe Mode is the combination of highest levels of security with an easy-to-manage number of HIPS alerts. Like Paranoid mode, it also automatically creates 'Allow' rules for the activities, For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run.you can add that new application to the safe list by choosing 'Treat this application as a Trusted Application' at the alert. This instructs not to generate an alert the next time it runs.
  • Training Mode - If you choose this mode, you are 100% sure that all applications and executables installed on your computer are safe to run. You do not receive any HIPS alerts in 'Training Mode'

 

NOTE: Safe Mode is the default mode in HIPS settings. We can switch between one mode to any other mode.

Step[3]: Click on "Save" Button to update the Changes made to the HIPS settings.

 

ii) The configuration of Firewall mode in COMODO CLIENT SECURITY

Step[1]: Select the profile applied to your devices (For example Security Profile)and Click ADD PROFILE SECTION and Choose Firewall from the drop down.After that "Device Restart Alert" confirmation box opens saying that system restart required at the endpoint for this profile. click "confirm" button to proceed and "cancel" to abort.

Step[2]: In Firewall setting, under the Enable Firewall option we can choose any of the modes from the below drop-down.

The modes available are,

  • Custom Ruleset- The firewall applies only the custom security configurations and network traffic policies specified by the administrator, it automatically create network traffic rules for those applications. The user will receive alerts every time there is a connection attempt by an application - even for applications on the Comodo Safe list. If any application tries to make a connection to the outside, the firewall audits all the loaded components and checks each against the list of components already allowed or blocked. If a component is found to be blocked, the entire application is denied Internet access and an alert is generated. This setting is advised for experienced firewall users that wish to maximize the visibility and control over traffic in and out of their computer.
  • Safe Mode - After filtering network traffic, the firewall automatically creates rules that allow all traffic for the components of applications certified as 'Safe' by Comodo, if the checkbox Create rules for safe applications is selected. For non-certified new applications, the user will receive an alert whenever that application attempts to access the network. The administrator can choose to grant that application Internet access by selecting 'Treat this application as a Trusted Application' at the alert. This deploys the predefined firewall policy 'Trusted Application' onto the application.'Safe Mode' is the recommended setting for most users - combining the highest levels of security with an easy-to-manage number of connection alerts.
  • Training Mode - The firewall monitors network traffic and creates automatic allow rules for all new applications until the security level is adjusted. The user will not receive any alerts in 'Training Mode' mode. If you choose the 'Training Mode' setting, we advise that you are 100% sure that all applications installed on endpoints are assigned the correct network access rights.

NOTE: Safe Mode is the default mode in Firewall settings, We can switch between one mode to any other mode.

Step[3]: Click on "Save" Button to update the Changes made to the Firewall settings.