5.12 -> All traffic goes through "Windows Operating System"


After updating to 5.12, all traffic goes through “Windows Operating System”. I haven’t changed any settings, just let the firewall update from 5.10. It happened on my 2 computers.

At first I thought it was a new method that CFW used to detect the computer’s access to internet connectivity, so I created a rule to allow all outbound traffic. Only several days later I noticed that ALL my applications were freely having access to any traffic they wanted, even if I had rules to block them. I was not very pleased… The summary tab doesn’t detect any outbound or inbound connections, even if some app is using the internet.

some CFW configs:
Custom Policy; “Very High” Alert Settings; Defense+ disabled

some machine configs:

  • W7 Pro x64 updated
  • ICS service disabled (no internet sharing used)
  • Avira AV with everything disabled except the AV itself

Can anybody tell me what is going on with this new version?

UPDATE: Installing v5.10 on top of v5.12, without uninstalling it, restores the normal behaviour. The summary tab detects the active connections, rules are followed and new apps that try to connect trigger an alert as they should. So I can say that v5.12 can’t correctly detect traffic in my machines, since v5.10 can do it. What is wrong?

I would say, that is wrong.

Rules are valid from top to bottom.

What happened was, the first time i rebooted after the update, a multicast connection of this “service” was attempted ( , UDP ), then another to my router (TCP). If I denied them, I ended up with no internet connectivity. After another reboot, I allowed the connection with the “remember” checkbox activated. The rule was created on top of the list, and i edited it to allow outbound traffic. What I didn’t know was that that action was allowing outbound traffic for EVERY applications!

However, even if it wasn’t on top of the list, I suspect it wouldn’t make any difference. With v5.12 in my system(s), applications aren’t recognized, just that one. Even if I had applications connected to the internet (by allowing “Windows Operating System” traffic), comodo showed 0 active connections in the summary tab.

Maybe it has something to do with certain windows services that I have disabled (ICS is one of them). However, v5.10 works just fine.

UPDATE: Ok, I just read that v5.12 only adds Windows 8 support, and that for the other OSes there will be v6. So I will continue to use v5.10 and wait to v6.

You should never allow “that” service in any form.
Because its a placeholder.
“Windows Operating system” is used when no application is yet specified, usually for ingoing traffic that wasnt requested.

Anyway, stay with 5.10 … thats the best solution without much “troubleshooting” :slight_smile:

For version 6 you will need a new configuration anyway.

For the future: If you enable a router connection, note what is asked. Combine the usual aspects into a rule. So your router connection works, while you did not create a too wide permission.

Use stealth port wizard setting 3. No annoyings about unrequested ingoing traffic.

Yes, I was lazy when I created that rule :-[

Anyway, thanks for the answers!

Hi, I have exactly the same behaviour after upgrading to 5.12
Could you please provide me the 5.10 installer? I can’t find it anymore.
Thanks alot.

I got it here: Download Comodo Internet Security 5.10.228257 for Windows - Filehippo.com

Don’t click the ‘Download this version’ link. This leads to the current 5.12 version. Click the Filehippo mirror below that link to get the 5.10 installer. That’s where I got it.


Hi everybody,
I have exactly the same problem with the update : all traffic goes through “Windows operating System” so my comodo firewall is now of no use. Thinking to dis-activate it :frowning:

Rick ■■■■ the firewall developer has said some fixes are coming.

Good news.
Thank you master :-TU

I have allmost the same configuration: Win7x64 and Kav2013
And i have the exact same problem with no view of active connections except system and win operating system which i have to allow trough comodo to get a connection

Problem unsolved at this time…

going back to comodo 5.10 version

Thanks for solving this in the futur and giving a hint about downgrading to 5.10 version from :


Any news on that subject ?
Seems to be not solved by the new versions no ?
I am still in 5.10 … >:-D

I read somewhere that the “windows operating system” is a misunderstanding of svchost.exe
in 5.12. If if find the discussion i will post it a link to it. it covered just remote desktop and they say it was a bug. But they didn’t discuss ALL traffic coming through the “windows operating system”.


Here is the discussion about the remote desktop and the “Windows Operating System” 5.12 bug


i can also verify i have been using remote desktop with the cis 6 beta’s and the release 2674 and I have never seen “Windows Operating System” under Cis 6 ever with any function in cis6. So i guess it’s a bug that was not fixed in 5.12. But running 5.12.2599 under Windows 8 home premium it works fine and never ever
says windows operating system to me on that system.I do not have 5.12 on a windows 8 pro os so there is no remote desktop.
But also windows 8 x64 may behave differently then windows 7 x64…
Running 5.12.2599/Win 8 x64 Home Premium smooth and it is smooth as silk here.

The post you’ve linked to is about the 'System ’ process not ‘Windows Operating System’ they are completely different things. the System process handles the majority of the kernel level processing under Windows, whereas WOS is a pseudo process more akin to the System Idle pseudo process (PID 0) In CIS 6, for some bizarre reason, both the System process and Windows Operating System (System Idle) are missing, which is a problem and a bug.

It’s surprising from COMODO not to have solved this problem yet.

Since I’ve been with them (for years), I have never had ANY kind of problem except this one.

I hope it will be solved soon…


Nothing new under the sun, even with 6.0.264710.2708 >:-D
Always this ■■■■■■ Windows operating system

Perhaps you could export and post your configuration here, as the problem you’re seeing may well be related. Failing that, post some details about your settings/rules etc.


thank you for the time you spend to answer to me.

I have attached my current configuration.

If necessary, I will reinstall 6.0 and I will post here the configuration that brings problem.

Operating system is windows seven pro sp1.

[attachment deleted by admin]

Thanks for the configuration file. Just so I understand, with the attached configuration, all communication is being routed through Windows Operating System?

Yes, you’re right.
When I apply the new version, I’ve got a comodo windows explaining me that Windows operating system is a pseudo-process and I have to allow it to access “out” so I can get the Internet connection. Each time an application tries to access outside, Windows operating system claims this authorisation to permit to go out.
I can make a screen-shot if needed in order to better understand the problem.
As you see, I consider my configuration as “correct” and there is no reason to see this pseudo-process “sucking” all the traffic.
The only solution is to allow it as a trusted application, that means to have no firewall >:(
Thanks again for your consideration