- How-To Booklet
- 1. How to protect your computer from malware and hackers
- 2. How to protect your information from physical threats
- 3. How to create and maintain secure passwords
- 4. How to protect the sensitive files on your computer
- 5. How to recover from information loss
- 6. How to destroy sensitive information
- 7. How to keep your Internet communication private
- 8. How to remain anonymous and bypass censorship on the Internet
- Glossary
- Hands-On Guides
- Avast - anti-virus
- Spybot - anti-spyware
- Comodo - firewall
- KeePass - secure password storage
- TrueCrypt - secure file storage
- Cobian - backup
- Undelete Plus - file recovery
- Eraser - secure file removal
- CCleaner - temporary file removal
- Riseup - secure email service
- Pidgin + OTR - secure instant messaging
- VaultletSuite - secure mail client
- Thunderbird + Enigmail - secure mail client
- Firefox - Web browser
- Tor - anonymity and circumvention
- portable security
How to Start Comodo Firewall Pro
Submitted by genner on Thu, 11/20/2008 - 23:19.
Important: While you are installing Comodo Firewall Pro, you will be asked on the screen if you have "any other third party personal firewall installed". You should only use one firewall program on your computer at a time. If you are using another firewall on your computer, it must be uninstalled before you can install Comodo Firewall Pro.
Note: Windows XP Professional Edition (Service Pack 2 & higher) automatically enables the Windows Firewall. Comodo Firewall Pro will usually prompt you to disable the firewall automatically. If it does not, you can manually disable the Windows Firewall by performing the following steps:
Step 1. Select: Start > Control Panel > Windows Firewall to activate the following screen:
Figure 1: The Windows Firewall screen
Step 2. Check the Off (not recommended) option.
Step 3. Click: 
to disable the Windows Firewall.
2.1 How to Grant or Deny Access
After you have installed Comodo Firewall Pro, it will prompt you to set access permissions or rights that control how different programs residing on your computer access the Internet. Generally, valid requests should be allowed and malicious ones denied; however, it may require a little experience to tell the difference between a valid and a malicious request.
Each time a request is made, a Security Alert screen resembling the following appears:
Figure 2: An example of a Comodo Firewall Pro Security Alert screen
Note: A firewall is a program designed to protect your
computer from hackers and malicious software. Both of these can access
your computer directly or try to send information from your computer to
a third party. Therefore, a new firewall must 'learn' which programs
are 'good' and permit access to them, while remaining closed to all
rogue software and processes on your computer. You will need to
investigate all new access requests and decide whether to allow or
deny access to them.
Important: You must read the information displayed in the Application and Parent items in the Details section of the Security Alert screen. Note that:
- The Application seeks access to the Internet
- The Parent is the program executing the request to launch the application
Typically, only a few programs will be displayed in the Application field. These may include your Internet browser, email client and instant messaging software, among others. You may recognise many of these applications just by their names. The Parent request, though not always present, could come from a number of different sources, some legitimate but others malicious.
Figure 3: A Security Alert screen featuring a Generic Host Process for Win32 Services request
Example: In Figure 3, the Application program is svchost.exe and the Parent is services.exe. The Security Considerations pane details which program is requesting access through the Parent and the Application. In this case, a valid program, called Windows Explorer, is requesting access to the Internet. This is probably one of the first Security Alert screens you will receive after you have installed Comodo Firewall Pro and rebooted your computer.
Important: Some tricky viruses can skilfully imitate a valid Windows application. There is no easy way to distinguish them from real access requests. You must be extremely careful when downloading anything from the Internet, and regularly scan your computer for viruses and malware.
Note: Usually, all valid access requests will reflect some action on your part. For instance, when you launch a new program for the first time, the firewall will prompt you to specify access permissions or rights. This may also happen when you install or uninstall software. It might take a little bit of getting used to, but soon the firewall will 'learn' and accept your choices, and these messages will stop appearing.
Figure 4: A typical Security Alert screen featuring a KeePass access request
At other times, Comodo Firewall Pro could present you with a slightly different message. In example above, the Keepass Password Safe program is trying to use the Firefox browser to gain access to the Internet. Since KeePass is a valid program that was previously installed on the computer, we can allow its access request.
Tip: Click: 
in the Details section of this Security Alert screen to reveal information about this process.
Figure 5: The Application Details screen
Figure 6: The Application Details screen in Parent Mode
Alternatively, researching these process names on the Internet may reveal information about their behaviour and purpose.
- If your research indicates that it may be a virus, or you cannot trace the origin of the message, click:
Important: It is best to be on the safe side and deny requests you cannot identify. If this causes a normal program to stop functioning correctly, you can allow the process next time the firewall queries you. Being strict about restricting processes is the best approach to computer security.
- If you are satisfied that it is a legitimate access request, click:
Note: Sometimes, the same program may attempt to access the Internet in many different ways, some previously invisible to you. Do not be alarmed if you are repeatedly prompted to grant access to the same program. After Comodo Firewall Pro has been in operation for a week or so, most of the Security Alert messages will stop appearing.
Here is an example of a malicious tool requesting access to the Internet through Internet Explorer:
Figure 7: A Security Alert screen featuring a malicious request from Wallbreaker.exe
Step 1. Click: if the Parent name looks dubious, and seems unrelated to any software you have installed on the computer.
This will reveal its true origin and information about it as follows:
Figure 8: The Application Details screen in Parent Mode for Wallbreaker.exe
Although little is known about this application, a Google search for wallbreaker.exe may reveal its real purpose.
Step 2. Click the Deny button, then scan your computer with an anti-virus and anti-spyware program like Spybot.
Tip: Check the Remember my answer for this application option so that Comodo Firewall Pro will 'remember' this decision, and this particular message should not reappear in the future.
Sometimes you may not recognise the name of a program. Often, there may be software on the computer which you've forgotten was there, or which you did not install yourself. Maybe somebody else using the computer put the program on and it could be valid, or maybe it's malware (malicious software). These are the ones we need to investigate. Don't worry, once you've done this process of checking which programs to allow once, you don't have to do it again. After a few days, you'll rarely see any of these messages.Tip: Denying an Internet access request implies that you consider that program or process to be a virus or malware. You must keep your anti-virus and anti-malware software up-to-date, and frequently scan your system for them, especially after you have received suspicious firewall requests.