Windows Operating System / System Idle Process in Logs [Merged Threads]

[Guest]

[Bros]

I recently installed comodo firewall 3 and while looking through the new gui i suddenly notice a lot of connection blocked i check the log and its all a bunch of incoming tcp from seemingly random ip's for system idle proccess
what can this be?

Additional Information:
comodo firewall version:3.0.1
os: windows xp sp2
internet: adsl shared through home lan
other secuirty program: avast antivirus 4.7.1074
permissions level: admin

[Goose18]

I also am getting around 100 of these alerts too.. wonder if anyone knows why?

[Soyabeaner]

I got them as well, but I disabled the logging on it .  Depending on how you set your rules (I shouldn't have picked expert on everything ), the application rules now have the ability to log blocked connection attempts.

[Toggie]

Don't remember seeing this in Beta, but I'm getting a lot of blocked inbound connection from various IP's to SIP. Any thoughts?

[kail]

Really? I've always had blocks against System Idle in probably every release. Although Egemen might have said.. I'm vague on this. I've asked previously what it was, but I can't remember if I got an answer. It's not reference in the Help. I've assumed, up to now, that System Idle means "no associated process".. and/or maybe a Global Block.

[Toggie]

Hi Kail, I guess the block does come under the Global Rule, but I'm curious as to what, exactly, it's doing. I've never seen this in any firewall I've used. Almost as soon as I logged on to the Net, I got inundated with these block events.

I've put Wireshark on the case, maybe it'll reveal something.

[ocky]

Have just installed and am also seeing plenty System Idle Process blocks. Even testing at
Shields Up (via dial-up to bypass router), shows all the Shields Up source ports as SIP blocks.

[shinobiteno]

AFAIK SIP is only required to be configured for tunneling and can be safely blocked for other things.
Always blocked it, since it always tried to make outbound DHCP calls to some unknown(for me) locations.

[ahuramazda]

I'm also getting this "system Idle process" blocked in my log for version 3.   I've never seen it in any firewalls I've used either.  What does it do and what is it blocking?

[AuraWolf]

I've noticed this as well.  The SIP from what I understand has to do with process' in your own computer, nothing with the internet.  Under Firewall-Advanced-Network Security Policy the system is outgoing only and blocks unmatching requests.  I don't know what it means but I, personally, don't think it's going to hurt the system.

[AnotherOne]

If you look at the TaskManager processes window, SIP is the process that nominally uses all the system resources that are not being used by other processes.  I think it is a RAM scavenger, picking up RAM from other processes as a housekeeping action.  I don't get the blocks on my system, but I have configured it for local and multicasting privileges.  The multicasting IP range is from 224.0.0.0 to 224.0.0.255 and 239.0.0.0 to 239.255.255.255 for local multicasting and 224.0.1.0 to 238.255.255.255 for Internet multicasting.  If you are seeing remote IP's not in the multicasting range, you should try stealthing your ports.  There is also the possibility of torrent servers polling your computer to see if it is available and probably others that I know nothing about.

[Toggie]

'System Idle Processes' reflects the percentage of time your Processor has nothing to do, that's all.  Generally this value has a high value 90 plus.

I can see no reason why this process should be trying to connect to the Internet, as it's a local system process.

As I said the IPs  and ports it's attempting to connect to are totally random. I don't use P2P or IM... 

[gibran]

What those entries look like?

[Toggie]

Hi gibran, here's a couple.

[ice]

I have the same problem like Toggie.

[Tags:]