 | |
| |
| 02 Oct 2010 | #1 |
| | Secure Hi, Is anyone able to help me, take a look at my configurations please. system services as well as comodo firewall set rules? Reason I'm asking is because I think theres a security flaw which i hope you may be able to help me with. For those able to help, could you please advise me meaning how to upload my sys config file, comodo config file and anything else you may need. I'm running Windows 7, no file sharing as far as I know, stand alone system, wired up to a modem, with one firewall running which is comodo, its set to basically be invisible but I don't think it is. |
My System Specs | |
| 02 Oct 2010 | #2 |
| | I can't find anything in your configuration that hints to a "security flaw". What makes you believe that there is a problem? |
| My System Specs |
| 02 Oct 2010 | #3 |
| | It's probably not a security flaw, but if you want to upload the system config file and the comodo config file, you'll have to use winzip or 7zip to create a zip file, then upload using the paperclip icon. I use the Comodo firewall too, but I think for some reason Microsoft doesn't like Comodo because I get a lot of alerts for normal internal connections in my computers that wouldn't happen if Comodo and Microsoft had even the slightest collaboration. The latest version of comodo is constantly connected to the internet, to check running processes against a list of malware. A lot of the firewall and defense plus alerts are for legitimate system services. Comodo does lock down all connections when you select block all.. I've verified that using port scans from another computer I have at home. |
| My System Specs |
| . |
| |
| 02 Oct 2010 | #4 |
| | I think the attached zipped file below has my system services configurations in it. I exported list in windows services if that correct, I've tried to disable everything that could lead to a possible hack. could you please have a look at it and let me know if anything else should be disabled for increased security. again i have no wireless, no router, no file sharing or network sharing. its a stand alone system wired up to a modem (Virgin Media) |
| My System Specs |
| 02 Oct 2010 | #5 |
| | The best way to further secure your system would be to disconnect from the internet whenever you're not actively surfing the web, and turn the computer off completely when you walk away. The comodo defense plus has a good feature as well, just set it to block all unknown requests when the application is closed, whenever you're not using the internet |
| My System Specs |
| 02 Oct 2010 | #6 |
| | thats currently disabled, not ticked as I don't know whether or not that will mess up anything while I'm using the net. Should I enable it and leave it enabled? Also would you be able to look at my comodo configurations if I uploaded the *.cfgx file or will you find it hard with you having to import it into your own comodo which may mess up your system? If you do wish for me to upload the file, I have the following... COMODO - Internet Security COMODO - Proactive Security ACTIVE COMODO - Firewall Security Will you only need the ACTIVE proactive file or should I upload all? Also regarding the system services log file above, is that ok? ------------------------------------------------------------------- heres my hijack this report if its any use, Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 06:38:22, on 02/10/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\SOUNDMAN.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Opera\opera.exe C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe C:\Program Files\Java\jre6\bin\java.exe C:\Windows\system32\conhost.exe C:\Users\mh\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - AppInit_DLLs: O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5780 bytes |
| My System Specs |
| 02 Oct 2010 | #7 |
| | I can read it without applying it to my system.. but I've found the default firewall security setting to be adequate. also don't apply the "block all unknown requests" option unless you've ran your current software configuration with comodo set to training mode for about a week, and run every installed program at least once |
| My System Specs |
| 02 Oct 2010 | #8 |
| | files are attached, as said above the proactive security file is the one which is marked active in my configurations. please advise |
| My System Specs |
| 02 Oct 2010 | #9 |
| | Looks ok to me.. only thing I would suggest, make sure the following folders are given exceptions program files/eset, program files/common files/eset, users/appdata/local/eset, users/appdata/roaming/eset and so on. Defense plus doesn't play nice with other antivirus apps. Also, if you haven't already done so, disable autoplay.. which is one of the biggest security flaws in windows |
| My System Specs |
| 02 Oct 2010 | #10 |
| | how do I disable autoplay, is it in windows services? |
| My System Specs |
 |
Secure problems?
| Thread Tools | |
| Similar help and support threads for: Secure | ||||
| Thread | Forum | |||
| Just how secure do you need to be? | System Security | |||
| Is EFS secure? | System Security | |||
| So how secure you are really ? | System Security | |||
| How Secure Is Your PDF? | Security News | |||
| Is this secure? | Network & Sharing | |||
All times are GMT -5. The time now is 09:05 AM.
