Comodo Firewall can be used to block Microsoft calling home?

Discussion in 'Windows 10' started by roga, Aug 29, 2015.

  1. roga

    roga MDL Member

    Aug 12, 2015
    144
    73
    10
    What other people say here is, even external firewall is useless. Because it must allow some essential services to run, or your internet will not work at all. And Windows uses those essential services to do the spying.
     
  2. amajmon

    amajmon MDL Senior Member

    Sep 21, 2012
    273
    120
    10
    I use Privatefirewall 7 and it can block all, telemetry too. :D :p Very good firewall. :worthy:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Bob.D

    Bob.D MDL Junior Member

    Mar 22, 2010
    59
    4
    0
    #43 Bob.D, Aug 30, 2015
    Last edited: Aug 30, 2015
    With Comodo Firewall I blocked for the following processes accessing the internet :
    C:\Windows\SystemApps\Microsoft.Windows.Cortana_\SearchUI.exe
    C:\Windows\explorer.exe
    C:\Windows\System32\wsqmcons.exe
    C:\Windows\System32\backgroundTaskHost.exe
    C:\Windows\System32\taskhostw.exe
    C:\Windows\System32\SIHClient.exe
    C:\Windows\System32\WerFault.exe
    C:\Windows\System32\wermgr.exe
    C:\Windows\System32\CompatTelRunner.exe
    C:\Windows\System32\invagent.dll
    C:\Windows\System32\dmclient.exe
    C:\Windows\System32\WWAHost.exe
     
  4. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,222
    2,272
    240
    As long as you couldn't use optional Port's, there are some standard Ports which need to be open all times, like Port 80, 443 and others.

    It's all about the main setup of your LAN, Website etc., which need to have some ports open and accessible from within the Internet. If you could use optional Port's, I would go for those instead of using standard ports, you have more than 60k port's available!! You'll have to do an audit what port's are needed and if you could use Standard or optional port's. Even if your Server need to be accessible from the Internet, you simply could use an optional Port instead of Port 80 for that, just your Domain Name Registrar/Registration need to be 'adjusted'! Same happen for Apache, MySQL, FTP and so on. Al.l you need is access to the Domain Name Service for Adjustments, and also alter/edit some of the INI Files of the software used. Not a big deal at all.

    In a Hardware Firewall like Cisco, Netscreen and others, you also have some limit's which you couldn't bypass! That's exact the reason for my Company and for my customers to use Smoothwall which could be more 'deep' configured than even any very expensive Hardware Firewall like the Cisco's, Netscreen's and alike! In fact, the Smoothwall is also a Hardware Firewall because that software run on its own machine, with its own OS (A special Linux edition), fully independent. Just it's easier and more deepen to configure than any other Hardware Firewall and cost just ver little!! The software itself is free of charge, include the Linux OS, and the only physical 'investment' is a low power computer and a few NIC's, depend on your LAN config! And for sure the time to setup and configure. And just to note: A Monitor, Mouse and Keyboard is needed only for the basic installation, the final configuration etc. is done from any Workstation via a Web Browser!

    Depend on your own Hardware Firewall, it could be an adventure for to do any 'adjustments', special if you're not really familar with the used Language of that machine!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,222
    2,272
    240
    Fact is: most of the Hacker etc., incl. the NSA etc., looking for open standard ports and just 'jumping in' if they found them.

    Read my other answer I gave to @endbas (Post #44)e just before and you may understand, I wouldn't like to reapt again and again what I said several times already.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. manix

    manix MDL Junior Member

    Aug 18, 2012
    80
    23
    0
    #46 manix, Aug 30, 2015
    Last edited: Aug 30, 2015
    Yes. This is the only way to block specific services instead of processes. But the Windows firewall is a part of Windows and I don't really trust it, it's like relying on the system to restrict itself. If they can bypass the hosts file, they could probably bypass the integrated firewall.
     
  7. ancestor(v)

    ancestor(v) Admin
    Staff Member

    Jun 26, 2007
    2,971
    6,044
    90
    ...on the other hand... why should I fiddle around for hours with an OS I don't feel safe with just to get it somewhere near "OK" if I can use an alternative in the first place?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. manix

    manix MDL Junior Member

    Aug 18, 2012
    80
    23
    0
    This is why I had to uninstall Windows 10.
    I really wanted to work with 10, I put a lot of effort into customizing it so it doesn't violate my privacy. Just after I was finished customizing it, an update came and I noticed one day later that some of the settings were reset. It just went and turned on things I had disabled.
    This is just too much, I can't be expected to engage in a day to day battle with my own operating system. It shouldn't work like this, I should be able to rely on my OS to do what I want and protect my interests and not work against me.
     
  9. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    4,071
    4,651
    150
    @mannix: And why I never installed it in the first place. From the very beginning, I warned -everybody- about Windows 10, and suggested that We all take a "wait-and-see" attitude towards it.

    When a New Yorker says to You, "That's a scam, don't get involved", I suggest you heed their warning. We have seen just about -every- kind of scam, con game, and flim-flam known to man.

    And when they finally hit your town, chances are they've been honed to a fineness by being practiced in New York. ;)

    :MJ
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. PaulDesmond

    PaulDesmond MDL Magnet

    Aug 6, 2009
    6,980
    7,149
    240
  11. roga

    roga MDL Member

    Aug 12, 2015
    144
    73
    10
    I am going to do the same and uninstall Windows 10. Which OS did you go back to? My concern now, what if Windows 8.1 is doing the same spying? You can avoid installing the telemetry updates, but what if a security update installs the spying secretly? Microsoft has shown they ignore users toggling telemetry to off in Windows 10, what if that happens to Windows 8.1 too?
     
  12. Skaendo

    Skaendo MDL Addicted

    Sep 23, 2014
    888
    534
    30
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Garbellano

    Garbellano MDL Addicted

    Aug 13, 2012
    947
    248
    30
    #54 Garbellano, Aug 31, 2015
    Last edited: Aug 31, 2015
    really? .

     
  14. AsadAhmad

    AsadAhmad MDL Novice

    Jul 25, 2013
    2
    2
    0
    YES u CAN

    imageshack .com/a/img538/7628/tHgBHt.png

    Traffic Filtering Level = Custom Ruleset
    Set Alert Frequency Level = Very High

    imageshack .com/a/img661/263/7MlA2r.png

    The firewall would ask if svchost makes any unsolicited connection. The best practice would be to whitelist certain ips, like the ones captured during windows update & block the rest.

    imageshack .com/a/img912/7264/sMdexQ.png
     
  15. exe98

    exe98 MDL Novice

    Dec 11, 2013
    22
    6
    0
    anyone use look n stop ? best firewall imo but not working on 8,10 windows
    private firewall and comodo are low seciurity