Comodo Firewall can be used to block Microsoft calling home?

Discussion in 'Windows 10' started by roga, Aug 29, 2015.

  1. roga

    roga MDL Member

    Aug 12, 2015
    144
    61
    10
    There are 2 threads now with guides on how to use Microsoft Windows Firewall to block all traffic, and whitelist only selected traffic.
    People are saying this method works to stop Microsoft calling home. In my experience this kind of blanket blocking is the only way, I used all the tweaks including uninstalling packages, O&O Shut Up and PeerBlock, Microsoft still could call home regularly.
    The danger with using Windows Firewall is it is part of Windows and owned by Microsoft, Microsoft can change the firewall any time with auto update to allow Microsoft traffic. It only takes 1 such update to suck all the logging accumulated on your PC, making everything you did to block Microsoft useless!!!
    I read many great things about Comodo Firewall, it was voted best firewall many times. It is third party, will not be changed by Microsoft in auto updates.
    Can someone make a guide to use Comodo Firewall to block all Microsoft traffic?
     
  2. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,857
    2,029
    210
    From my experiences, only and Hardware Firewall or Semi-Hardware Firewall could be 100% sure used for to block any connection to any site. If you like to block with any Firewall running on Windows OS that Windows call back 'Home', that could be easily bypassed by thye OS and that, without you'll know of see it! It would maybe work till some extend, but completely!

    That's exactly the Reason why I use by my customers an Semi-Hardware Firewall, called Smoothwall!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. roga

    roga MDL Member

    Aug 12, 2015
    144
    61
    10
    Is the Smoothwall running on the same computer, or different computer doing only firewall? What ports and IP addresses do you whitelist, to make it work?
     
  4. Vico

    Vico MDL Junior Member

    Jan 4, 2008
    93
    4
    0
    @pisthai
    Aren't your blocks based on IP's?
    Which I think is very iffy, since MS can/are changing ip's...
     
  5. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,857
    2,029
    210
    IP, DNS and even use Wildcards!!

    Just to mention: any use of an Firewall means to have all times an eye on what you blocked with it!

    Also, while using Wildcards, you could block whole IP Ranges like: 192.172.1.xxx and alike!

    Important is, that you really need to know how a Firewall is working and what any specific could do! There a lot differences between the different Firewalls. And the most perfect of those are the one like Smoothwall, which running on it's own machine with it's own OS (preferred: Linux)! A firewall apps running on Windows OS, will gives the OS the power to bypass what you like to protect!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. shewolf

    shewolf MDL Senior Member

    Apr 16, 2015
    330
    872
    10
  7. shewolf

    shewolf MDL Senior Member

    Apr 16, 2015
    330
    872
    10
    It seems that you do not recognize sarcasm and mockery.:p
     
  8. cuteee

    cuteee MDL Guru

    Oct 13, 2012
    3,226
    407
    120
    I think the best firewall program is the built-in firewall in Windows.
    Another programs are heavy or almost disable the internet connection.
     
  9. roga

    roga MDL Member

    Aug 12, 2015
    144
    61
    10
    All it takes is one auto update from Microsoft, to make the Windows firewall allow all your accummulated data to be sent off to Microsoft.
     
  10. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,034
    60
    It is time to move on. Telemetry has always been part of Windows in order to provide proper bug fixes. Windows 10 does provide a new level of interaction at the server level with the OS. However we need to move on. This topic has been beat to death to the point of mods and staff not able to keep up with the duplicate posts. If you want to look at this stuff there is a perfectly good sticky on the 10 forum. Now enough.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. manix

    manix MDL Junior Member

    Aug 18, 2012
    80
    20
    0
    You can't stop it with a firewall.
    There are a ton of services that use svchost.exe and if you block it, you stop the internet, if you allow it, you are allowing everything in your system to communicate through it.
     
  12. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,034
    60
    moderation

    I'm going to say this in the nicest way possible

    Svchost.exe is the service host for Windows.

    If you want to block it then use Windows 7 / 8.1 or Linux.

    We are done here.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. manix

    manix MDL Junior Member

    Aug 18, 2012
    80
    20
    0
    Yes, it "hosts" over 20 services, you can't block separate services with Comodo, so you either block all of them or allow them all.
    What is so difficult to understand ?
    I'd bet I know more about this than you can even imagine.
     
  14. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,034
    60
    You do not block the SVChost without the entire OS going crazy. If you're really that paranoid about windows with blocking ports and programs then use Linux or Windows 8.1.

    svchost must run for the os to function properly hence you're still an idiot.

    Sorry I had to correct my grammar of you're an idiot. To say you are an idiot.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. manix

    manix MDL Junior Member

    Aug 18, 2012
    80
    20
    0
    So I assume you have no idea what you are talking about ?
    90% of the services under svchost don't actually need an internet connection, like Windows Event Log, FontCache, Windows Management Instrumentation, etc. You need a connection for: Filtered ICMP, DHCP, DNS, Network Discovery and that's it, unless you also want Windows Updates.
    Sadly you can't block selective services under Svchost, and allowing it to exist fully open creates a security hole.
     
  16. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,034
    60
    #17 Smorgan, Aug 30, 2015
    Last edited by a moderator: Aug 30, 2015
    I actually sadly do know what I've talking about because just look at my signature for 5 seconds. Then take the time to absorb that for a few minutes. Windows Event Log is needed for the purposes of Windows update. You need the svchost for basic OS functionality.

    Along with any programs that you install that would make use of svchost.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. manix

    manix MDL Junior Member

    Aug 18, 2012
    80
    20
    0
    Yeah, you don't know the first rule of IT security.
    The Diagnostics Tracking Service that was installed on Windows 7 via updates is using svchost.exe, which means that it bypasses every firewall everywhere, since, as I said, you can't block svchost.exe unless you want to block the DNS/DHCP service also, which is not desired since you won't have Internet.
     
  18. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,034
    60
    The first rule of IT security is Patching of Products. The 2nd rule is to use firewalls built into Access points on networks. The 3rd rule is that the end user will screw everything up for you anyway.

    The firewall is not stored on the endpoint machine but on the boundary side. I actually had to pause because I couldn't believe what you said.

    Please stop speaking.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. manix

    manix MDL Junior Member

    Aug 18, 2012
    80
    20
    0
    #20 manix, Aug 30, 2015
    Last edited: Aug 30, 2015
    The first rule is you restrict local processes and services to what is absolutely needed for the functioning of the process. The FontCache service doesn't need an internet access, but it has one.
    Running 20+ services under one process means the process is uncontrollable, you can't limit it in any way without reducing the capabilities of the system, and it is used by malicious services. The diagnostic tracking service is running under guess what process, svchost.exe.
    This service alone proves that svchost.exe is not used only for "good", which is my entire point - you can't stop the telemetry with a firewall since it uses svchost and svchost needs to be left alone.
    I never in any way claimed that you need to block svchost.exe, in fact I said exactly the opposite - that you can't block it. Which is exactly what you are saying.