Need someone to analyze logs for me

[Guest]

[Cvette]

Hi there, lately I've been having a TON of alerts in my log, major network slowdowns, slow browsing...etc. If someone is willing, could you please analyze the log for me and let me know if there is anything I should do? Thanks! 

[futuretech]

Sure, just post a screenshot of the firewall logs or export them and attache it to your post.

[Cvette]

Thanks a bunch!

[LordRayden]

As far as I see, you are blocking your Windows Messenger from Broadcasting (port 1900), you are blocking the svchost.exe from getting to the Internet (port 80) which could be responsible for your Internet slowdown, and you are blocking ports 137 and 138 which are basically broadcasting, but could be a slowdown.

You can't generally block the system from getting to the Internet, especially not the svchost.exe cause you get major problems, which you have, you can switch to "Custom policy mode" so you can decide when the systems gets out and when not, for example no browser, Mail, P2P open, and the svchost want to go to the Internet, then you can block it (but don't hit the "remember" switch")...

Could be you blocked it by accident, happened to me. Let svchost.exe out, and if you are using the Messenger, let him out also. Important, the file Name is svchost.exe, this files is Ok, if the filename is svchosts.exe then it's a virus and shouldn't get out.

LordRayden

[Cvette]

Thank you! 

Yes I did indeed block svchost a few weeks ago, I randomly received a pop-up from COMODO asking about it, a pop I have never received before so I blocked it to be safe. I'll check into the messenger too and make sure alls good.

Thanks again! You guys are great!

[Cvette]

Here's all that is left, I completely renewed my Firewall rules and made sure to allow Messenger and svchost.

[clockwork]

i dont know, which operating system you are using.
but if you look for port 137 and 138 you will understand, why to block them is a really good idea. i just say netbios (what should be disabled itself!).
for the future: if you block something, make it "block and log". and when something slows down or doesnt work, just look in the log, which rule was fired.
i dont see a hint in your log about "svchost.exe".

choose firefox as "treat as a webbrowser" in comodo. IF svchost is necessary to connect (somehow), that you can use the internet, just allow the FEW adresses where it would want to connect to (i guess only local ones to the router, for example). make a windows update, and after that you know all the adresses. apart from them, svchost has NO need to connect to the INTERNET.

for example, i have blocked everything system related.... guess what, all is working fine. only windows updates wouldnt work while that.
you said yourself: "internet explorer is working". firefox isnt a system program. so, when firefox doesnt work, but IE does, then you shouldnt allow UN-needed system connections.
i guess, you just messed up the firefox rule. just mark "treat as a web browser".

MOST IMPORTANT: dont get used to allow "svchost" connections temporary on the fly. because one day there could be a "svchosts.exe tries to connect", and you will allow it by routine. fail.
make the least amount of necessary rules, and save them for the future. when one day a question comes, but all is working, you know that you dont need to allow that.

[Tags:]