System information

ManualsBrandsMcafee ManualsOtherQUICKCLEAN 3.0

111

112

113

114

115

116

117

118

119

120

Comodo Endpoint Security Manager - SME - Administrator Guide

the network. The administrator can choose to grant that application Internet access by selecting 'Treat this application

as a Trusted Application' at the alert. This deploys the predefined firewall policy 'Trusted Application' onto the

application.

'Safe Mode' is the recommended setting for most users - combining the highest levels of security with an easy-to-

manage number of connection alerts.

• Training Mode : The firewall monitors network traffic and create automatic allow rules for all new applications until the

security level is adjusted. The user will not receive any alerts in 'Training Mode' mode. If you choose the 'Training

Mode' setting, we advise that you are 100% sure that all applications installed on endpoints are assigned the correct

network access rights.

Tip: Use this setting temporarily while playing an online game for the first time. This suppresses all alerts while the firewall

learns the components of the game that need Internet access and automatically create 'allow' rules for them. You can switch

back to your previous mode later.

• Disabled: Disables the firewall and makes it inactive. All incoming and outgoing connections are allowed irrespective

of the restrictions set by the user. Comodo strongly advise against this setting unless you are sure that you are not

currently connected to any local or wireless networks.

Check box options

Create rules for safe applications

Comodo Firewall trusts the applications if:

• The application/file is included in the Trusted Files list under Defense+ Tasks;

• The application is from a vendor included in the Trusted Software Vendors list under Defense+ Tasks;

• The application is included in the extensive and constantly updated Comodo safelist.

By default, CIS does not automatically create 'allow' rules for safe applications. This helps saving the resource usage, simplifies

the rules interface by reducing the number of 'Allowed' rules in it, reduces the number of pop-up alerts and is beneficial to

beginners who find difficulties in setting up the rules.

Enabling this checkbox instructs CIS to begin learning the behavior of safe applications so that it can automatically generate the

'Allow' rules. These rules are listed in the Network Security Policy > Application Rules interface of CIS. The Advanced users can

edit/modify the rules as they wish.

Background Note: Prior to version 4.x , CIS would automatically add an allow rule for 'safe' files to the rules interface. This

allowed advanced users to have granular control over rules but could also lead to a cluttered rules interface. The constant

addition of these 'allow' rules and the corresponding requirement to learn the behavior of applications that are already

considered 'safe' also took a toll on system resources. In version 4.x and above, 'allow' rules for applications considered 'safe'

are not automatically created - simplifying the rules interface and cutting resource overhead with no loss in security. Advanced

users can re-enable this setting if they require the ability to edit rules for safe applications (or, informally, if they preferred the

way rules were created in CIS version 3.x).

Alert Settings

Administrators can configure the amount of alerts that Comodo Firewall generates, using the slider on this tab. Raising or

lowering the slider changes the amount of alerts accordingly. It should be noted that this does not affect your security, which is

determined by the rules you have configured (for example, in 'Network Security Policy'). For the majority of users, the default

setting of 'Low' is the perfect level - ensuring you are kept informed of connection attempts and suspicious behaviors whilst not

overwhelming you with alert messages.

The Alert settings refer only to connection attempts by applications or from IP addresses that you have not (yet) decided to trust.

For example, you could specify a very high alert frequency level, but not receive any alerts at all if you have chosen to trust the

application that is making the connection attempt.