Installing and configuring comodo firewall. Installing and configuring Comodo Firewall with fencing security

Expanded Comodo Firewall settings

1. On the ear of the proponated change the default (for the change) siro-gloomy "person" Comodo Firewall on schos tsikavishe. For everyone in the same deposit "Rizne" tisnemo " nalashtuvannya" → "Zovnishny viglyad "→ in" Subject "minyaumo" sirenka "the subject" COMODO Default Normal "on, for example," COMODO Blue Norma "l (first screenshot) and," having a little hair, "

2. By first adjusting the programs, you will be able to turn on the "invisibility" mode of your computer in the framing. For those who have deposited " fаєrvol"Onslaughtєmo applet" Meister of prikhovanih ports "→ vibraєmo" Blocking all the input and the welcome of my port for all the input "(Screenshot vische) and pіdtverzhumo svіy vibіr through" OK ".

3. Dal, in the same deposit " fаєrvol"Go to" firewall setup "I on the deposit" ". Now, for all supplements in the list of validators, the rules will automatically be allowed, so that I will allow you to be given permission by hand. "Automatically see new private ones "(Yaku can come to see your fancy) i, smut," firewall mode "Zalishaymo unconsciously" unbaked ".

All changes in the settings are confirmed with the button " OK".

4. Taking the settings to the mode " proactive zahist". For everyone at the deposit" zahist +"Onslaught" Nalashtuvannya Proactive zahistu "I, behind the analogy with the opposite point nalashtuvan, active" Storyuvati rules for baked supplements ". If you have an effective anti-virus scanner in the cleanliness of the system and from the virus and you can get an effective anti-virus scanner. ") A type of bezel-less, then boldly stavte" Clean PC mode "- I know, for the relief of the" obscene "notifications. Turn on the beaten zahistu mode "I presence is against the point" A adapt the robot mode with low system resources "(no comments).

5. Have quietly set up Let's proactively hijack the firewall from the depository " Adjustment of control "Perevirt, schob unrecognized files were crumbled yak" privately owned "(For zamovchuvannyam) abo" adolescent "- under the new settings, the add-ons can be modified to start.

6. Old people koristuvacham Comodo Firewall< 5.3 рекомендуется отключить в программе режим "Sandbox " ("Песочница"), по отзывам, работающий некорректно. Лучший вариант – просто перейти на последнюю стабильную версию брандмауэра (на данный момент – v. 5.10), которую можно скачать, например, из Каталога избранного софта. В этом случае отключение режима "Песочницы" не требуется.

And do not forget to confirm the changes in the settings with the button " OK ".

Note: When deactivated, Proactive enable is given the option ("Sandbox") to automatically enable.

7. Completing Tvik with the distribution "for the bazhannyam": at the deposit " Різне " → "nalashtuvannya"→ on deposit" zagalny"Check the box against the item" Automatically re-invoke software updates"(Redrawn screen shot), tim more, scho option" Revisit the newness "Start" by hand "(stop screen shot).

Another click per button " OK"I can close it properly. Comodo Firewall- when Windows is re-zapped, with a simple configuration, "comfortable" for a koristuvach, the program is superbly secured by a computer in the midst of fierce thunderstorms.

Good day, dear readers.

It’s not a secret for a long time, but be it a bitchy little guy, you can’t do without a computer and the Internet. The all-time fancy has become a part of the great life of us. Tse dzherelo information, a way (or with a) spilkuvannya and a lot of it. The computer, however, is a tool, for the help of which we can accept access to the all-important pavutin. To that, at the skin vine, it is natural to take away your good friend because of the need, as you have to hide behind you.

One of these tools is Comodo Firewall - a program that will help us to clean up our computer from a common computer infection, such as the Internet.

Food in the style of "firewall and for whom is it necessary?" Part 1., "Outpost Firewall, - installation, configuration, description of" or "Internet connection and security protection" and other Internet users.

The whole article will be assigned to the same product - Comodo Firewall. The program is given є bezel-less, moreover, it is not without reason that it is the number one among other products. With a wide variety of views, the product does not cope with its own facilities, not more than the paid analogs of the other virobniks. software security... At the same time, it is important that the vidminna of the Russian version of the firewall is important.

Installation and setup.

Installation of Comodo Firewall does not lie in any special folding, but all the same in some nuances.

When the file was loaded earlier than downloading the file (if you downloaded it from the proprietary software, then the fault is called cfw_installer.exe). Let you vibrate the vibrati mova of the installation, naturally there is "Russian - By COMODO" and tisnemo "OK"

The item "Enter your address e-mail"Mi passєmo. Give me a check mark under the item" Change settings DNS server on COMODO SecureDNS "(you can read about that here). There is also a check mark for the item" I want to be victorious. " "Parameters of installation" (see screenshot)

First for everything, we are set to the tab "Options of installation". Yak Bachimo, we need to install two products for the request, not the Comodo Firewall itself, as well as the Comodo GeekBuddy service. The rest is mentally postless service, For 60 days technical support koristuvachiv. The idea is that you can, at any moment, turn for help, or just consult to the sportsmen of the Comodo company without any problems with the programs itself. Ale tse is relevant only for quiet, hto good know English mov, So, as the Russian podtrimka is not transferred. That we should like to see you, if you want to go to us, go to the official article (), and if you know how to eat and fold, then you can probably go to such a forum FS [bezkoshtovna Computer help] (xto b mіg think). That boldly cleans up a tick against "Installing Comodo GeekBuddy", - it is unlikely that you will be victorious in practice, before that, the service of this service was lying, as it is called, a dead vantage in our system.

Інші adjusted the button "Back" without a change and embossed the button "Back", which will turn us to the already known window, in a kind of onslaught, "Good, Install". Cheka, while the installer completes all the necessary operations, and the onslaught of "So" on the proposal to re-enable our operating system.

If you want to re-preserve it, you must check the box "Don't show it anymore".

First, it’s quietly crooked, but we weren’t turbulent.

Practically one hour at a time. It is a smart program to reveal your border and propose to you to give it to you and to carry out the adjustment beforehand.

For example, if you have a laptop, which you are using for robots and at home, then you can name the hemlines as "Robot" Home fingering"If you want to go to your own investigation. If you need mother's power outside access to folders і (abo) seals on a grated printer, then a sign is put on the item "The computer is more easily accessible for other computers in the whole grid". If there is no such need, then it is more expensive to overlay the option with the included option, so it is worthwhile to add a level of security for your computer. Just give it a vibration by pressing the "So" button, and finally complete the installation.

Expanded Comodo Firewall setting. Brought zagist to rozumu.

Otzhe, the program is already installed on your computer and, in principle, can be adjusted with the settings for the options, as by putting the virobnik. For your comfort, it is necessary to bring the firewall to a rose. For those who are familiar with the main features of the programs. What kind of zvіr such a Comodo Firewall? It is possible to say that there are two main modules: the firewall itself (the "Firewall" tab) and the proactive module (the "Zakhist +" tab). The main information about robotic modules can be viewed from the "Pidsumok" depository.

By the day, you can read it quick access to do some basic adjustments and statistics: wonder how you have input and output data and statistics invaded; appraisal, which programs show the most common activity; Change the modes of the firewall robot and the "Zachist +" module and add a zupinite all the data. It is not necessary to lyakatya, as a part of it will be even great: for example, with the presence of a torrent client turned on with a great number of distributions, a number of hundreds of thousands can be reached.

Okremo varto zupinitsya on modes of robotics firewall modules і proactive module. For switching the robotic mode of both modules to the "Fail-safe mode", which means strict control over all fancy activity and file files. I propose for the cob to overshoot the yak, but on the other hand, such control can be done visibly. It will be necessary to hand over the skin once, if it is possible for us to pick up the activity of the supplements, not to be included in the list of patrons, as well as to start the file behind the skin. Especially the cost of feeding can be done for the module "Zakhist +", as if you will take into account all the files you don’t know for yourself, as you start your computer. In such situations, you will often be able to find out more.

If I will remember that you can start a supplement without any problems, then when such a screen appears, vibrate the item "Allow it to be powered up" and "Remember my vibration", if you want to write "So". You can change your share and switch the "Zachist +" module to "Clean PC mode" (at the "Pidsumok" depository in the "Zachist +" section, click on "Safe mode" and vibrate the required mode).

I would like it to be clear that it’s possible to get rid of it, because Comodo Firewall is right in your connection with some kind of antivirus, and I’ll make sure that your system is healthy. In the first window, you automatically get a call to launch a certain virus from your computer, and "Clean PC Mode" can also use the Zahist + module to the files that were on your hard disk at the time of installation.

Now let's go to the "Firewall" tab. Yak bachimo, there are a lot of different possibilities here, and if you get used to the skin, then one statty will be clearly lacking. A skinny point of care for a sufficient number of comments to ensure that you can be visually impaired for a good idea. At the same time, we are going to see the item "Meister of Prikhovanih Port".

In the first place, we have the ability to secure our computer from the invading call. To that there is an onslaught on "Blokuvati all incoming s'adnannya and prikhovati my port for all incoming s'adnan" and our vibir onslaught "OK".

Now there is an onslaught on "Nalashtuvannya faervol", and in the dialogue window at the depository "Zagalny nalashtuvannya" a tick is put on the item "Stvoryuvati rules for non-baked additions". Give a light vibration to the onslaught of the "OK" button.

Now, for all supplements, which will be on the firewall's list of safeguards, the rules will automatically be set up, so that we will be allowed to go through the process and I will give permission.

At all, from the tab "Firewall" and go to the next step for the rakhunk - "Zakhist +". The points in them are quite similar in some ways to those in front of them. And here we are deprived of the item "Nalashtuvannya Proactive zakistu".

For the analogy with the settings of the firewall in the dialog box at the deposit "Zagalny nalashtuvannya" put a tick on the item "Create rules for non-baked additions".

The tab "Rizne" is not without the need for a prioritization of the robot and the adjustment of the firewall. Here you select the adjustment, you can use the program interface, update, save your configuration, as well as technical support. There won't be anything here.

At the end of the day, it has been brought to a point. With such a configuration of the Comodo Firewall, it’s very important to take over your computer from any threats.

It is necessary for nobility for a fake robot.

Otzhe, the main robot is finished, your firewall of settings and adjustments. Now we will try to look at a number of basic food, as you can see it in the process of your registration. At the forefront of the distribution, we walked through the main tabs of the programs one by one, grabbing only those moments that made us in the light of the Comodo Firewall preparatory process to the next robot. Now, we will try to look at the basic possibilities, as you can do things in this year, even if you are also guilty of taking the cheruvati by the program, and not being surrounded only by the setting.

I think, for better nutrition, as you can win with robots with a firewall - like virishity (fence), the activity of okremikh dodatkiv (group of dodatkiv). For tsogo go to the tab "Firewall" and utter respect to the point "Dodati dovirena dodatok" and "Dodati blocked dodatok".

Let’s admit that you have a need for a fence to be more active, be it a program. For tsogo we go to the item "Dodati blocked dodatok" and dal the onslaught, "Vibrati":

The yak is seen from the baby, є the range of options for the vibor. First, є the ability to block a group of files (programs) at once. The Comodo Firewall retailers have combined most of the required programs in the group, but we haven't been able to handle everything manually. For example, it is possible to enable the nether activity of all additional documents that have been consumed during the auto-enrollment or the fence access to the nether will be added to all the filed files. In a different way, you can fence in any process that is running on your computer. When you select the item "Launching processes", you will shake a picture.

In order to block the required process, vibrate against the onslaught of the Misha button (in the application on the image of the VBoxService.exe process) and press "Vibrate". Dalі onslaught "Zastosuvati". Writing a firewall to add a rule to your lists, it’s worth noting that all the fancy activity of the VBoxService.exe process will be blocked.

Also at the window "Dodaty Blocked Dodatoks" for the additional button "Look over" you can vibrate yourself either a Dodatok (file) and add it to the list of Blocked Dates.

If it is necessary to add the required program to the list of permissions, speed up the item "Add new add-ons" of the "Firewall" tab. The principles of robots are also here, as in the item "Dodati blocking of add-ons", we will not be able to make a report.

I think the bagatokh now has a nutritional status: how else can you see the necessary processes (additions) from the list of blocked ones? Otzhe, earlier already zgaduvalosya, but when added to the list of blocked (dovіrenіh) add-ons Comodo Firewall, I set the rules to start the behavior of the firewall. The deyaki rules are set by themselves (as they robbed a number of things earlier for the VBoxService.exe process), and the deyaki also added for the suggestions during the installation. List of such rules є part of the policy hemispheres firewall. Access to the whole set of policies is through the item "Polyzhevoy security policies" of the "Firewall" tab.

Yak Bachimo, the "Rules for supplements" deposit has the "Blocking and restoring all power supplies" rule for the VBoxService.exe process, which we blocked earlier. When bazhannі, you can see if you need to correct the rule for additional buttons, roztashovanyh right-handers. Immediately you can add the rules for any programs by pressing the button "Dodati". All the rules in this contribution are set out, if only on the basis of the values ​​of the policies for the small groups of supplements (so that you just choose to place your supplement to which group, and that on the other hand, there will be broad rules that are important for all groups of here you can set new rules, so just follow the rules, set for the first time, if such bully).

The tab "Values ​​of policies" is to include in some of the standard policies (set of rules), as you can choose to set the rules for additional data.

You can also add your own policy here. It will be done by hand, if the same rules are required immediately to the decile. To do it once more to add a set of rules here, and then to add a new rule for a supplement.

Another tsіkavim and a necessary element of the hemisphere security policy is the tab "Set of ports". This is also the port, as well as the basics of terminology computer framing you can read it in the article: "Computer terminology".

Here you will find a set of ports, as for a given moment, on your computer. You can add a single port or group for additional buttons in the right part of the window. Bagato dodatkіv vicoristovuyut your port for the robot in a fancy, here you can add it to the list of appearances by pressing the "Dodati" button.

Then, we looked at the main features of the firewall. Let's pass now to the module of the proactive zahist "Zakhist +". In fact, the whole module is engaged in control of all files that run on your computer. Now we turn at the tab "Zachist +" and the main points of how to touch the module are clear.

At the item "Update files" you can edit access to the management of the local database of the given files on your computer. Suddenly a number of system files, And so it will be added to those files, as you can make them feel baked without baking.

All files that will be detected, but with a whole program, it is not possible to have a significant, non-baking stench, will be added to the list of unrecognized files. Access to the whole list can be done in the item "New files". The management of the list is in the same rank as the list of "Dovireny files". All files consumed in unknown will be launched in the virtual "sandbox". You can say that the whole mechanism is safe, like opening the virtual file system and registry, for launching additional files and additions. Such a rank, be it a supplement, is launched through the Sandbox, it will only be inserted into the virtual middle, and it will not take over your operating system. For substitutions, the virtual songwriter is included. In order to turn it on, go to the item "Nalashtuvannya proactive zaistu".

Especially I, apparently, not a great lover of the good stuff, I turn it on, let me be amazed at it: if you are more worried about security and constantly guard over viruses, then maybe a Sandbox and a sense for you. If so, then it is necessary to put the "Sandbox mode" changeover to the "Active" position, and also check the "Activate virtualization" file system"I" Activate virtualization reestra "and natisnut" OK. " point "Run the program in Sandbox."

Pislyamova.

Axis and pidіyshov until the end of the heroic epic about the battle of the valiant firewall against the overwhelming number of the army of computers. With your ample control, the struggle will end up with the power of good

I say goodbye to you. Don't let the viruses and іnshi malware go around you!

If it’s like it’s food, it’s supplemented, it’s okay, I’ll feel it’s radium in the comments until I’ll write it down.

fаєrvol Comodo Firewall From version 3.5 to the warehouse of the comodo Internet Security, which can be installed as an external component.

Comodo Firewall is a sign for capturing PCs to control Windows OS, for its capabilities it is practically not possible to give up analogous products, including those for commercial outlets.

The interface is borderline forgiveness, but at the same hour all the necessary features and functions are needed.

Main components of Comodo Firewall

Basic features of Comodo Firewall

Bagatofunctional firewall - hedgehog screen

Comodo Firewall will take care of itє visokiy rіven to find out all the incoming and outgoing threats. With this rank, you will deny the most effective attacker of hackers, high-profile programs and theft of special tributes. Now the firewall has added new functions:

• Stealth Mode makes your computer invisible to scan ports;
• automatically assigned additional zones based on the master;
• The revisions of the firewall policy allow for the quick fixation of the necessary security rules;
• Diagnostics for analyzing the system for the presence of possible conflicts with a firewall and a lot of it.

behavioral blockє

• Reconstruction of the integrity of skin programs, persh not allow it to be entangled in the memory of the computer;
• Vikonuє "hmarny" analysis of behavior for the innocent discovery of high-quality programs;
• Before you go through you skinny times, if it is not possible or inappropriate programs start to start or get up;
• Blocks viruses, Trojans and programs-shpiguni persh, lower stinks can restore access to all systems;
• Unauthorized information about critical system files and records Windows registry;
• Includes the function of an automatic sandbox, which will increase the isolation of unreliable files from the inner part of the computer

HIPS intrusion system

• Practically impenetrable zakist from rootkits, vvadzhennya in processes, keyloggers and other threats of "zero day".
• The Comodo firewall controls the performance of all additional data and processes on your computer and allows you to run files and processes, as the stench seems to obey the rules of security.
• Blocking the activity of a lousy code by a way is pinned down, which can lead to a operating system, System memory, register of special tributes.
• permission let us know Please, come in securely behind the quickest root of the koristuvatsky policies and sets of rules for additional manual and forced interface rules.

Virtual kiosk

• Virtual middleware "pisochnitsya" for launching programs and robots in the Internet, isolated from your real computer. Add-ons and web browsers work in the middle of the kiosk, do not add cookies, or history on real systems, so that they can be used as a secure middleware for Internet banking and online stores.
• Zapobіgє installation from shkіdlivny web sitesіvіvіvіvіv, rootkіtіv and spygunskі programs on the computer і will be sure to take away from evil.
• including virtual keyboard, Yaka allows koristuvachev to enter numbers forever credit cardsі passwords, do not be afraid of programs for transferring data, which can be entered (keyloggers).
• The virtual kiosk in the Comodo Firewall allows the admitted ones to launch the beta-version of the program in the isolated middle, so as not to destroy the stability or the file structure of the real system.

Viruscope

This is a system that allows you to conduct a dynamic analysis of the behavior of running processes and keep a record of their activity. Viruscope monitors the activity of the processes running on your computer and in front of you, if the stench is coming from the visitor.

Internet Security Essentials

A tool for reconverting SSL certificates from fake (phishing) sites, as they try to steal confidential information.

Tweet

Plus

It's a good idea to know about Comodo Firewall from your first installation.

When launching the installer file, there is a warning about the need to see the same programs for the identification of confrontational situations.

If you already have a firewall installed, if you see it, if it’s dumb, then cheerfully move on.
Now there is an onslaught at the window on the button "SO". Former installation is standard for most Windows programs. It is only necessary to push "Dale". In the program, the proponent options settings are: automatic or indications for koristuvach

We are too automatic. To complete the installation, you will need to overwrite the computer.

If you want to rewire, you will immediately be reminded of the power supply about the activity of the program, as it can be victorious in the framing.

Here, it is also necessary to have some kind of intelligence, which from the program you will allow or fence the activity. When pushing the button "Allow" or "Oboroniti" firewall one-time skip or do not miss the program on the Internet. Once again, try the program to go to the Internet as soon as you know about the activity. As soon as you enter the program, if you want to reimburse access to the Internet, you can tick the box “Remember my view for a complete complement” and press “Permit”. Comodo Firewall will give you a little more flexibility, and you will be able to do it without any problems. The same rank is used to set up a fence for programs: a tick “Remember my view for a complete supplement” and natisnut “Zaboroniti”. Comodo will want to block the program.

From the hour to the test for the first food, the bullets are set alg.exe and svchost.exe.

tse system programs and access is required. About the characteristics for the program of nutrition will be asked in the world of the launch. If the program is designed for robots in the Internet or through the Internet, then it is required to be viral. I’m zealous, I’m going to try hard in the turbot about koristuvach, and if I want to download from the Internet or transfer it via the Internet, then I need access to the fence. In such a rank, Vi, of linking in your own safe, moving into the global hedge, in a day, set the rules of behavior for all programs installed on computers.

Having broken the hibny fence, or having allowed the activity of the programs, you can quickly adjust the Comodo Firewall and fix the situation. Marveling at the right lower cube of the screen, the old man will be removed, you will swing the icon with the shield. Tse і є Comodo. Pressing the right button on the end, select the display. Immediately see the smut in the program

The main window shows the basic parameters of the firewall function.
On the way to wake up, vibrate between the panels "Zvedennya", "Zahist", "Activity".

Zliva vishikuvalysya icons for mixing between the windows of the panel:

zavdannya- At the end of the day, you can quickly display or fence access with programs to the hedge, as well as vibrate the best options, the possibilities of some kindly described by the name of the skin's possibilities. Without the need to be more beautiful than anything else.

dodatkiv monitor- indications for looking at and editing the list of documents, such as koristuvach dovirya. It is shown in the table below, in which it will appear:

• im'ya programs (Dodatok),
• IP-addresses, for which to see the data (Oderzhuvach),
• the number of the port on which it is possible to communicate (Port),
• protocol, within the framework of how the reception and transmission of information (Protocol),
• Well, the graph (Dozvil), in which it appears, permissions, abo fences, access with a supplement.

To brutalize respect on shvidki options:

• Enable / Disconnect - you can use the rules of the clock to enable, for example, for testing purposes.
• Dodati - I will tune in to create a new rule.
• Editing - Editing the rules, on which the cursor is positioned.
• Vidality - bezpovorotne visible rules from the list.

Having clicked two bears with the left button on the name of the program, or by typing "Edit",

At the same time, you will need to go back to the programs on the disk, go to the programs, like the way to the point of view to the mood. There is nothing needed here.

And marveling at the tab below, you can:
- designate the programs for the activity of the supplement, set the protocol and direct the activity of the programs (where the program is accepted for information (Received), forwarded (Received) or for accepted and sent for),
- add one or more IP-address with a combination of add-ons. One or a few ports, as a result of being ready for delivery, come and go with their own interaction.

component monitor- indications for the maintenance of the integrity of important files;

monitor- Uwaga! The order of the rules is important here! Comodo Firewall looks up and down. Welcome fine tuning parameters in filtering data transmission by IP addresses and ports. Here it is possible to close the primus with a potentially dangerous port. Axis yak tse zrobiti:
Press the button "Done" and at the window

Vibrate for “blockuvati” and add “one port” on the tab “Port of Dzherela”, as well as write down the port number, for example, 137. Press the “OK” button. New rule to appear on the list.
Use the arrows "Up" or "Down" to set the rules in the list. You won't be pardoned, as long as you can just put the rule in the middle.

on the bookmark "Dodatkovo" The "Zakhist" window can be set up with a firewall. The world of robots needs to learn step by step, in the world of robots with the program in the mind, if there is a need for additional settings.

Switch to panel "Activity" just two bookmarks: "З'єднання" и "Journal"
V "З'єднання" a list of programs that are currently active is displayed. Here you can wonder what the middle of the program is, how you see that you have grown up. And also the obsyag handed over / otrimanih tributes.

V "Magazines" the chronological order of important podіy is kept. Until then, it is possible to turn up at the analysis of the program.

Well, do not forget about the robustness of the new components in the programs. Pushing the "Update" button at the very top, you start the maister of the new components. Qia is a simple procedure not to allow novim to show up shkіdlivim programs Add destructive action to your computer. For zamovchuvannyam in nalashtuvannya set automatic conversion renovation.

It is simple for the victorian and adjusted program the Comodo firewall to steal your transfer to the Internet and, in addition, it may be necessary to sort out the processes, which are taken for an hour to exchange information through the net.

Tweet

Plus

Basic firewall modes in advanced settings: There are a number of rules for the corystuvach, if for all programs that do not obey the hedge rule, if there will be notifications, and Safe mode, if the programs are approved for the new ones. Details of the procedure for storing the rules. Additional, low-porosity modes: Outside the blockage, if you cringe, whether it’s a low-grade activity, it’s right from the rules, and the New mode, when it’s allowed, and the rules are automatically allowed.

The option "Stvoryuvati rules for baked supplements" is punished in " ovenless mode»It is not just that the activity is done by the programs, but the rules are automatically set for them. I do not recommend turning it on, yak i. The option is not added to the robot in the mode of "Attributions for the corystuvach of the set of rules".

If the item "Do not show it" is vibrated, then the notification will be replaced by a new one: it has caused a blocking. There will be no new rules at all. I recommend setting the mode "Do not show the help: Block the drink" after all the necessary rules are set.

As soon as you are prompted for a reason in the new option "Remember my vibir", then the rule will disappear. The option "Rivn Frequency Assist" is a rule that will be detailed in some detail. If, for example, if you set the ryven “Duzhe low”, then the rule will be allowed to fence at once, whether it’s a low-level activity. I recommend the "Duzhe Visokiy" rіven: this rule will be the misstatement of the IP-address and the port.

If the option "Automatically display private fences" is enabled on the deposit "Merezhevy zones", then when connected to new ones show up, proponyє to indicate її status. At the same time to be melted new record in the list of hedgehog zones, and in the case of the choice of the status of "home" or "robotic" hedge, there will also be appropriate rules for her. As soon as the option "Do not show the connection, you are connected to the Internet ..." is turned on immediately, then the new entries about the hedgehog zones and allow the rules for them to be automatically updated, without matching. I recommend to enable offense options: in all cases, the connection will be displayed without notification and without setting new rules, so that I will not be able to use the flywheel as "community".

When connected to unprotected Wi-Fi be notified of the proposition, hurry up paid service Trustconnect. Show of the number of references is included in the option.

To control the connection of all the middle computers (for example, to fence the programs connected to the Internet through a local proxy server), be sure to select the option "Enable filtering loopback traffic" (I recommend).

To control information over the IP protocol, the version is not only IPv4, but IPv6, next select the option "Enable filtering of IPv6 traffic" (I recommend).

The "Block IP Traffic Fragmentation" option hijacks an attack based on a forwarded TCP packet that is highly fragmented, as long as its header is not attached to the TCP session. I recommend turning it on.

The "Analyze protocol" option instructs you to change the skin packet for compliance with the protocol standards, break the packet when it is blocked. I recommend turning it on.

Nareshty, the option "Enable ARP spoofing logger" captures the ARP table from the malicious user, which is directed by the "mimic ARP spoofing" (displayed without power supply). I recommend turning it on.

Part of the rules of the firewall

Rules for dodatkiv

The most specific order of the rules for the programs:

• open the tab "Rules for Dodati", natisnut "Dodati";
• add a donation, the price can be changed in different ways:
  • nasty Look around → Postsі add a file;
  • nasty Look around → Running processesі vibrate the program;
  • nasty look aroundі vibrate a group of files;
  • bezposeredno in the field "Ім'я" enter the path (for a pattern with victorian symbols * і? і winter middle);
• set rules:
  • or natisnut "Vikoristovuvati set of rules" and vibrate from the list of required set;
  • or natisnut "Vikoristovuvati vlasniy set of rules" and add vlasnі rules (you can copy whether a set of rules);
• press "Ok" and sort out the rules for additional information behind the additional buttons "Up" / "Down".

If a new rule is added, it is necessary to provide:

• diyu: "Allow", "Blokuvati", or "Zapitati";
• directly: to enter (tobto іnіtsіyovane vіddalno), to go (tobto іnіtsіyovane to given computers) Anyway, be-like;
• describe: the text that represents the given rule; if not, then the list of rules will be displayed report to describe;
• dispatch addresses and reference addresses;
• protocol:
  • IP, in any case, you can concretize the protocol on the "IP Details" tab;
  • ICMP, in general, on the "ICMP Details" contributor, you can specify the type and ICMP-related information;
  • TCP or UDP, in any case it is possible to set the dzherel port and the value port;
• option, restruvate some activity in the journal.

I will assign that in the capacity of the address of the direction / assignment it can be not only a single IP-address, but the third zone, and without any problems, and it is also possible to use the option "Viclyuchiti". Similarly to the ports of dzherel / designated, there can be a set of ports, incl. inverted. Slid vrahovuvati, scho the address for the outgoing link is selected - tse "Addresses of the assignment", and the outward for the incoming - tse "Addresses for sending"; similar to ports. To that, no matter how much it seems, I immediately told the incoming and outgoing countries to be asked by two rules:

• One rule allows you to enter from a distant university at any address;
• We do not allow any kind of addresses to be sent to the university.

When a set of decals is established, the rules go through the ordering of the urakhuvannya, but the priority is, as a rule, roztashovanie vishche.

Global rules

Global rules start the overall activity of the computer as a whole, it may take precedence over the rules for additional data The fence, set in the global rules, is more effective, but not in the rules for additional data. Zokrema, globally prikhovannya ports rob the computer is invisible when trying їkh scanuvannya.

Check out the established set of global rules. The interface for intermixing between them representations as vibrating to the computer's visibility mode in the framing: "Blocking the input data" or "Help about the input data" ( Golovne vіkno → Zavdannya → Zavdannya firewall → Prikhovati port).

Vibir to the mode "Help about the input" is aware of the global fence of the input data and the load given control over the rules for the input. However, everything is safe to allow entry only on the singing port and / for the sings of the framing, and the sash is blocked. So, on the screen shot, the global rules with the minimum allowance of the input sources, the necessary information for the messages on the ping power supply local framing, Vіdkrittya access from it to files, backing up of fencing and for a robotic torrent client. Come and go for.

The implementation of the vlast global rules is carried out in a similar way;

Group files, neat zones, pick ports and pick rules

You can speed up the same type of operations and ask for more rules, such as opening your own groups of files, hedgehogs, picking up ports and your own set of rules.

Groups of files are formed on the deposit Rating files → Group files, Tse іmenovanі pick up nobles іх templates with victorious group symbols * і? and winter middle ground. For example, їх registration allows you to set the rules for robots and auto-update of the Flash-player or Java, so that during these processes the file changes and changes are changed for hours. It is possible to create templates for names without registering groups of files, however, for groups of different types of accuracy, compactness, and also the possibility of indicating an interconnected genus at once in different components to retrieve. For example, it is possible to create a group "NoInternet", which will be immediately fenced off without Internet access, DNS-feed, BITS service victorious, launching a browser and accessing your memory.

On the deposit "Set the rules" you can change how the rules can be found in the zooming policies of the firewall, as well as changes in the policies or set the power. It is possible to recognize the policy of additional information: through the tab "Rules for additional information" or through the notification of the firewall. I will designate that in the notification there will be only those policies, in which it is set unambiguously for a given low-level activity: a fence is called. For example, if an addon will try to connect to the web server on port 80, then the policy will not be prompted. Postage client", Ale policy" Web browser "," FTP-client "and in. - will be.

On the deposit "Pick up ports" you can group whether a combination of ports in the name of the number is changed, but instead of being victorious in the rules in the port of being sent or assigned. With the set-up it is possible to combine single ports, ranges of ports, as well as inversions.

The tab "Merezhevі zoni" is so special: it is possible not only to group addresses in the names of "zones" for іх falsified victorious in the rules (in the sense of the address to editable abo), but also to set the status of these zones. So, if you set up a zone, and then add it to the "Blocked zones" tab, then all the data from it will be blocked, just according to the rules. In addition, the fenestrated zone can be identified by the status of “Merezha for access to the fence”.

The procedure for storing firewall rules

In case of undesirable activity, it is necessary to change the order, and to send the address to the address. Yaksho to lay down, then z'єdnannya block... Yaksho mute - to fix the look global rules.

Global rules look from top to bottom. As for the powered mind, the first to appear is the rule from the "blockuvati" take a bite... Whenever there is a certain rule not to be found, or if the first to appear is allowed, the rule is to try to look rules for supplements.

If the program is going to get up to stand up (it is allowed by the global rules), the list of additions and rules for them will look from the top down. With the first known zbіg (tobto if you do given the program To take revenge on the group of the program and power supply, the type of food) allow, blockuwati to show notification(If the option "Do not show the promotion" is included in the adjustment, then the notification will be displayed as indicated in the option: called or blocked).

If in the list of rules of the firewall, if it comes, then it will be automatically allowed in the following cases:

• if fаєrvоl pratsyuє in "Mode navchannya" (the rule is allowed to melt into the whole vipad);
• if the option "Do not show the help: Virishuvati to drink" is enabled;
• if the firewall is in "bake-free mode", the option "Do not show the association" is enabled, and the program will be brought up and displayed in the real middle;
• If the firewall is pratsyu in "bakeless mode", the program will be brought up and displayed in the real center, and the program will be powered up.

In the іnshikh vipadks, the notification is alarming, if the option "Do not show the help: Blokuvati to drink" is included, it is necessary to fence.

Zokrema, by the way, we program, how to be visually displayed, controlled by a firewall right from the rating. So, if you put the firewall into the "bakeless mode", you need to set the rules to allow you to use browsers.

You can take a note, but in a "no-bake mode" the firewall is illogical. come in z'єdnannya dovіrenikh programs. Ymovirno, tse bug.

Access to resources of the local network

For the suggestions in the firewall rules, there is permission for the removal of information about the cutout, the display in the local grid for access to files, etc. Permission is not required, as the fence is victorious only for access to the Internet.

The status of "trusted fancy"

The permissions for the local netting are most simply accorded to the recognition of the “trusted” status. The price can be made in different ways.

If the option “Automatically display new private patterns” on the deposit of “Merezhevy zones” is enabled, then when connected to a new one, a notification is required, in which case it is necessary to add your own message. The status of "trusted" is indicated by the choice of options "at home" or "on the robot". Tse bring global rules to the point of wagering, as they allow wagering and wagering, and wagering analogous rules for the System ("System") process. If you choose the option “in a huge community”, the new rules are not applied.

As soon as the appearance of new hemlines is included, for the ones before the status of “community” are included, then the next window is “Keruvannya by the hemlines” ( Golovne vіkno → Zavdannya → Zavdannya firewall), Put a tick against the item "Add heirlooms" and press "Ok". The result will be similar to the previous one.

Turn back to turn the nether to neutral status, simply put a checkmark against the item "Blocking the net" at the window "Keruvannya by the net", and then at the window settings, open the tab Merezhev_zones → Blocked zones and I will be given to the edge to come.

Є Bug: if the hemisphere has not been set for an active hedge, and in fact the whole hedge is clouded like a “giant”, then the window “Keruvannya with hens” will indicate the status of “trusted” for this hedge.

Uwaga! As soon as you press the "Ok" button in such a window, then the hem is active in accordance with the “new”, so that an appropriate entry appears in the list of squares and the rules of the firewall are set, so that you can allow data to be added to the whole square. If you don’t need to do it, then close up the “Keruvannya with the hemlines” with the “Skasuvati” button.

Butt of permissions for access to local fences

It is possible to install a local net only in different times without baking. It is recommended for this to recognize the neutral status ("community mice"), to include, and then to give the necessary permission. Call for access to hedgehog resources it is necessary, in addition to the obvious rules, to allow the System ("System") process to enter the input (skipping "forwarding addresses" - local netting):

• UDP-connection with port 137 and port 137: you can go to computers via NetBIOS-name;
• UDP-connection with port of dzherela 138 and port of designation 138: shchob with a bachelor of low temperature;
• TCP-z'єdnannya z port naznachenna 445: for displaying zalny access to files.

When the rules are set to use the "System" in addition, it is necessary to vibrate because of the running processes.

All permissions must be duplicated in the global rules. Also in them it is necessary to allow incoming ICMPv4-data, so that they can be sent from the local hedge due to the occasional "moon-powered"; It is not only required to display on ping-power, but to display local access to files. Applied to a set of global rules.

features of faєrvola

The Comodo firewall does not control the entry of loopbacks. So, when the local proxy is enabled, it is only possible to allow access to the Internet for the proxy server, and the access to the localhost for the browser (as many of the default firewalls were allowed to enter the localhost for the localhost).

It is deliberately vashtovano: how to put in the rules in the way of addresses domain name Then CIS knows the minimum and maximum IP-addresses for the whole name, and then all the industrial IPs in the same way.

The peculiarity of the CIS 10 version, as it is possible to call it a guest, has begun to become a part of the ICMP traffic of new generation. Many versions of CIS (as well as, for example, Windows Firewall) managed to track traffic to the System.

Content filter

The "Content-Filter" component will allow you to access websites with addresses. For viznennya security address vikoristovyuvani new lists Comodo, you can also ask the list of rosters. When you try to see the fence, the site will turn on the page about blocking information, as well as, in the fallowness of the settings, by proposing the timing of the fence, or enter the site's Danish into the activation.

Categories. Import of attributes for the list of lists

Lists address abo їх (wikoristoyut symbols * і?) Are called categories. The most important categories of Comodo are "Safe Sites", "Fishing Sites" and "Shkіdlivі Sites". The stench onovlyuyutsya automatically; Reshta category - available for a change by the user - can be asked on the "Content Filter"> "Categories" tab. There is a list of the category "Vinyatki", in which you can use the site, enabled from blocking through a notification in the browser.

MAKE SENS DODATE CATEGORIES WITH LISTS OF SHKIDLIVE WEBSITES FROM THE INSHILE DZERELS. Lists and Symantec WebSecurity are recommended. For otrimannya remainder on the site MalwarePatrol.

If you want to select an additional list, go to the "Category" contributor through the context menu to open a new empty category, and then import the list to the file. When choosing a file, it is necessary to specify the format for the list, the content filter will not be correct ( typical pardon koristuvachiv).

Recording format for content filter categories

Writing in a viglyad_ template I want addresses, in a whole form in a template. For example, the records * .example.com appear to be http://test.example.com, not http://test.example.com/404 or http://example.com.

The record without presetting symbols is identical to the template, which is set to the given symbol *. For example, the records https://example.com і https: //example.com* are identical, їм give addresses and https://example.com, https://example.com/404 і https: //example..example .com. In such a rank, I will write down the same directories at the site of the domain name, but not the subdomain.

Assigned to the HTTP protocol in the content filter є visibility protocol. For example, records of the form example.com correspond to the addresses http://example.com, but not https://example.com. Records like example.com/* will look like http://example.com/404. Uwaga! The addresses http://example.com will not appear in the records http * example.com * and * / example.com *, so I would like to take revenge on a part of the protocol.

The HTTPS protocol is used explicitly for other templates. For example, the records https://example.com match addresses to https://example.com, https://example.com/404, etc. Records * // example.com are provided for https://example.com, not http://example.com or https://example.com/404.

Slide to say that the blocking of the content filter of HTTPS-links will be displayed without any hesitation and suggestions to skasuvati to the fence. Moreover, the blocking of HTTPS-links may not work well, it’s hidden from a victorious browser.

Already, admittedly, it is necessary to block the site example.com one hour for HTTP and HTTPS protocols, with directories, or without subdomains... Schob zrobiti tse nibilsh "pritsіlno", made in the blocked category 4 records:

• example.co?
• example.com/*
• https://example.co?
• https://example.com/*

(Victory of the sign?

Yak option, you can get around with a single record like * example.com *, but not only the required addresses will be blocked, but https://www.example.com/404, https: //myexample..common.html.

Content filter rules

The skin rule of the content filter is to revenge the list of categories, to which they are stashed, and the list of coristas or groups from the designated ones. The interface for the list of categories is obvious.

Koristuvachі і їх groups are added through the context menu in the "Interchange" field: "Dodati"> "Dodatkovo ..."> "Tipi ob'єktіv"> select all> "Ok"> "Poshuk"> vibrate required entry> "Ok".

Call the group "Vse" in the role of koristvach vikorist. It is also necessary to ask for a small amount of money for the small children, slid obov'yazkovo vkazati obmezheniya for the skin of them... In addition, it is not enabled, but a corystuvach, which does not mean the rules, will deny access to sites from re-insured categories to navigate if the rule is obvious.

Surely, for Windows 8 and in the skin rules to the list of koristuvachiv next to add the entry "ALL APPLICATION PACKAGES" Inakse blockuvannya will not be pratsyuvati for Internet Explorer 11.

For correct robots, the rule "Allowed sites" can be changed over the rules "Blocked sites".