After updating to 5.12, all traffic goes through “Windows Operating System”. I haven’t changed any settings, just let the firewall update from 5.10. It happened on my 2 computers.
At first I thought it was a new method that CFW used to detect the computer’s access to internet connectivity, so I created a rule to allow all outbound traffic. Only several days later I noticed that ALL my applications were freely having access to any traffic they wanted, even if I had rules to block them. I was not very pleased… The summary tab doesn’t detect any outbound or inbound connections, even if some app is using the internet.
Avira AV with everything disabled except the AV itself
Can anybody tell me what is going on with this new version?
UPDATE: Installing v5.10 on top of v5.12, without uninstalling it, restores the normal behaviour. The summary tab detects the active connections, rules are followed and new apps that try to connect trigger an alert as they should. So I can say that v5.12 can’t correctly detect traffic in my machines, since v5.10 can do it. What is wrong?
What happened was, the first time i rebooted after the update, a multicast connection of this “service” was attempted ( 255.255.255.255 , UDP ), then another to my router (TCP). If I denied them, I ended up with no internet connectivity. After another reboot, I allowed the connection with the “remember” checkbox activated. The rule was created on top of the list, and i edited it to allow outbound traffic. What I didn’t know was that that action was allowing outbound traffic for EVERY applications!
However, even if it wasn’t on top of the list, I suspect it wouldn’t make any difference. With v5.12 in my system(s), applications aren’t recognized, just that one. Even if I had applications connected to the internet (by allowing “Windows Operating System” traffic), comodo showed 0 active connections in the summary tab.
Maybe it has something to do with certain windows services that I have disabled (ICS is one of them). However, v5.10 works just fine.
UPDATE: Ok, I just read that v5.12 only adds Windows 8 support, and that for the other OSes there will be v6. So I will continue to use v5.10 and wait to v6.
I have allmost the same configuration: Win7x64 and Kav2013
And i have the exact same problem with no view of active connections except system and win operating system which i have to allow trough comodo to get a connection
Problem unsolved at this time…
going back to comodo 5.10 version
Thanks for solving this in the futur and giving a hint about downgrading to 5.10 version from :
I read somewhere that the “windows operating system” is a misunderstanding of svchost.exe
in 5.12. If if find the discussion i will post it a link to it. it covered just remote desktop and they say it was a bug. But they didn’t discuss ALL traffic coming through the “windows operating system”.
Here is the discussion about the remote desktop and the “Windows Operating System” 5.12 bug
i can also verify i have been using remote desktop with the cis 6 beta’s and the release 2674 and I have never seen “Windows Operating System” under Cis 6 ever with any function in cis6. So i guess it’s a bug that was not fixed in 5.12. But running 5.12.2599 under Windows 8 home premium it works fine and never ever
says windows operating system to me on that system.I do not have 5.12 on a windows 8 pro os so there is no remote desktop.
But also windows 8 x64 may behave differently then windows 7 x64…
Running 5.12.2599/Win 8 x64 Home Premium smooth and it is smooth as silk here.
The post you’ve linked to is about the 'System ’ process not ‘Windows Operating System’ they are completely different things. the System process handles the majority of the kernel level processing under Windows, whereas WOS is a pseudo process more akin to the System Idle pseudo process (PID 0) In CIS 6, for some bizarre reason, both the System process and Windows Operating System (System Idle) are missing, which is a problem and a bug.
Yes, you’re right.
When I apply the new version, I’ve got a comodo windows explaining me that Windows operating system is a pseudo-process and I have to allow it to access “out” so I can get the Internet connection. Each time an application tries to access outside, Windows operating system claims this authorisation to permit to go out.
I can make a screen-shot if needed in order to better understand the problem.
As you see, I consider my configuration as “correct” and there is no reason to see this pseudo-process “sucking” all the traffic.
The only solution is to allow it as a trusted application, that means to have no firewall >:(
Thanks again for your consideration