Author Topic: Win7: SYSTEM IGMP 224.0.0.22 connection  (Read 22284 times)

Offline raynor

  • Comodo Family Member
  • ***
  • Posts: 82
Win7: SYSTEM IGMP 224.0.0.22 connection
« on: October 27, 2009, 03:42:32 PM »
Hi, I just installed Win7, and now Comodo Firewall  (in Custom Policy Mode) warns me
about an outgoing IGMP connection to 224.0.0.22 initiated by "SYSTEM".

No special Network configuration here, I am behind a router, the only computer on
the local network, and all Win7 network services are running unchanged (a fresh install, just
2 days old). I have run the "stealth my ports" wizard, and no trusted zones are defined in the firewall.

There are no special rules for system in the Network security policy, the "System" Item there
is empty (i.e. it says "Add rules for this application" just below the "System" entry).

Any ideas what this might be  ???  What Windows component / service might initiate such
a connection ?
Any help would be greatly appreciated.

Raynor

« Last Edit: October 27, 2009, 05:12:16 PM by raynor »

Offline DonZ

  • Comodo's Hero
  • *****
  • Posts: 430
Re: Win7: SYSTEM IGMP 224.0.024 connection
« Reply #1 on: October 27, 2009, 04:08:06 PM »
I don't know if this applies to WIN 7 http://www.herongyang.com/Windows-Security/MS08-001-Vulnerability-Explanation-by-Microsoft.html but I would block it untill you do further research.

Offline raynor

  • Comodo Family Member
  • ***
  • Posts: 82
Re: Win7: SYSTEM IGMP 224.0.024 connection
« Reply #2 on: October 27, 2009, 04:37:42 PM »
Hmm, but what could cause this behavior ?

As I said, this is a fresh install ...  ???  ???

Maybe someone can give more information on what IGMP does,
and why windows tries to make outgoing IGMP connections ?

Thanks in advance.

EDIT: I attached a screenshot of the log entry (I blocked the outgoing connection manually)
« Last Edit: October 27, 2009, 05:13:25 PM by raynor »

Offline Dennis2

  • Awaiting Admin Approval Moderator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 7394
Re: Win7: SYSTEM IGMP 224.0.0.22 connection
« Reply #3 on: October 27, 2009, 05:40:36 PM »
Moderator: Aims Forum a friendly place. Any concerns? Please PM me and/or review the Forum Policy 2012Updated.
System:Windows 7 SP1(UAC)x32,LUA, CIS7.0.4132Upgrade,Sandboxie4.08
Vista Home P.(UAC)x32 SP2, LUA, CIS.7.0.4132

Offline DonZ

  • Comodo's Hero
  • *****
  • Posts: 430
Re: Win7: SYSTEM IGMP 224.0.0.22 connection
« Reply #4 on: October 27, 2009, 06:24:27 PM »
224.0.0.22 is used by remote access connection manager service in XP. I have a feeling Win 7 is doing the samehttp://www.pcreview.co.uk/forums/thread-596507.php

I suspect there is a way to shut down remote access connection manager in Win 7. In XP, you use system manager for that.

Offline raynor

  • Comodo Family Member
  • ***
  • Posts: 82
Re: Win7: SYSTEM IGMP 224.0.0.22 connection
« Reply #5 on: October 27, 2009, 06:48:22 PM »
Thx.

Just when that alert popup happened again i had a look at the service manager, and
the "remote access auto connection manager" service is NOT started (set to manual, and not started).
So i figure that is not the culprit.

On a Sidenote:

is there any problem to completely trust "SYSTEM" and thus to select it as a
"trusted application" in the popup ?
Or should it be outgiong only ?

As mentioned, at the moment the "System" entry does not contain any rules ... (see screenshot)
« Last Edit: October 27, 2009, 07:27:18 PM by raynor »

Offline Creasy

  • Product Translator
  • Comodo's Hero
  • *****
  • Posts: 858
  • I'm watching you.
Re: Win7: SYSTEM IGMP 224.0.0.22 connection
« Reply #6 on: October 28, 2009, 04:12:56 AM »
Hi, I just installed Win7, and now Comodo Firewall  (in Custom Policy Mode) warns me
about an outgoing IGMP connection to 224.0.0.22 initiated by "SYSTEM".

No special Network configuration here, I am behind a router, the only computer on
the local network, and all Win7 network services are running unchanged (a fresh install, just
2 days old). I have run the "stealth my ports" wizard, and no trusted zones are defined in the firewall.

There are no special rules for system in the Network security policy, the "System" Item there
is empty (i.e. it says "Add rules for this application" just below the "System" entry).

Any ideas what this might be  ???  What Windows component / service might initiate such
a connection ?
Any help would be greatly appreciated.

Raynor



UPnP(universal plug and play) uses 224.0.0.22
You are using one of UPnP devices.
(printer, router, scanner, wireless device etc)
ex) if you use a printer and don't want to see that IGMP and any related packets,
turn off or uninstall 'network and printer sharing' in your 'Local connection property'.
And  turn off SSDP service.
Otherwise ,do not use any UPnP devices. ;D ;D ;D
(you can turn it off in your services)
It's up to you.

Solution.
1.get rid of 'network and printer sharing'
2.turn off UPnP service.
3.turn off SSDP service.
3.turn off any related services and program.

« Last Edit: October 29, 2009, 09:32:15 AM by Creasy »
Wrong messages are dangerous, but wrong interpretation of correct messages is even more dangerous.-Andre Kostolany-
I'm a MAN!!
I'm not a girl!

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek