"Windows Operating System is trying to connect to the internet"

Giant_Lizard · March 5, 2017, 8:24pm

Hi,

I hope I choose the right section to ask this, honestly the forum is a bit confusing

Anyway, I received the alert written in the title from my Comodo Firewall and since it’s not the first one, I’m starting to worry a little. Here is the log of these events:

The alert message says:

Windows Operating System [b]could not be recognized[/b] and it is about to connect to the internet. If it is one of your everyday applications, you can allow this request.

Well, I use Windows 10, so of course it’s an everyday application, but that message is still really suspicious, so I always blocked it. The destination IPs are, one in Germany (79.110.82.72) and the other one in USA (151.101.64.60).

I checked the other alerts I had in the past, and they always had a real source file, except this one. It’s like there is no real file that’s trying to connect to the internet, just a process somewhere. And “Windows Operating System” would be a nice name to give to a malware, in order to induce a user to accept. I checked the processes but I didn’t find anything suspicious.

I made a google research and I see other people had the same problem, but I didn’t find any real solution. Also, most of the posts I found were kind of old.

I use Avira Antivir as antivirus, Comodo CIS as Firewall and sometimes I also scan the system with Malwarebytes, all of them updated to the last version. It seems my system is clean, but this Comodo’s alert still worry me. Can you tell me what could it be or how could I check more? :-\

Jon79 · March 5, 2017, 8:38pm

are you using website filtering in comodo firewall?
if so, try to disable it

Giant_Lizard · March 6, 2017, 12:10am

Yes, I do. Why that should create such problem?

And even if I disable it, I couldn’t know if that’s the source of the alert, since it’s usually a random event. And in the meantime I would be without website filtering, which is a good thing

Jon79 · March 6, 2017, 6:18am

website filtering is totally useless, check here

better to use a browser add-on.

furthermore, few years ago i found website filtering trying to connect to some yahoo ips…

Jon79 post:2:

In my opinion, better to use a dedicated browser extension to block both malicious websites and advertisements.
Some great examples are ublock origin, adguard, adblockplus.

Few months ago I noticed that CIS sent some requests to Yahoo servers when website filtering was enable https://forums.comodo.com/firewall-help-cis/firewall-blocking-icmpv4-connections-to-yahoo-from-cis-t109845.0.html;msg798141#msg798141.

Nobody gave me a clear answer about why that happened, the only statement was “there is no reason for us to phone yahoo” (check the following link, scroll down to the last comment from Melih himself) https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-8204508-is-released-t110542.135.html.

Funny answer considering that, upon every installation or update, CIS asks you to change the browser homepage and search engine to Yahoo…

stealth2017 · March 8, 2017, 7:28am

Hello i receive the same alerts and Comodo block this directly. Incoming connections for Windows Operating System is curious and yes malware is able to calling themselves as legal but Comodo is much smarter and block this shit. I saw yesterday other malware blocked by Comodo so Comodo does what is must does preventing that malware can harm your system and yesterday Comodo blocks 318 attempts to infect mine system. Ip’s from Germany, USA and China tries to harm mine system but i have Comodo CIS so let’s go computing and forget the shit.

DecimaTech · March 8, 2017, 3:05pm

It could be either a delayed alert for a process that was attempting outbound access but process no longer exists and thus CFW can’t determine the source application of the request. Or it could be that you have a kernel-mode driver that makes use of winsock kernel.