A quick question about SVCHOST+UPnP and DEP

Greets Everyone,

I would firstly like to say a big thank you everyone at Comodo for making such a great firewall. It proves that sometimes people with less can do more than competitors that seem to have more money than god these days. Symantec are you listening, its not about what you got but what you do with it that counts. :slight_smile:

Anyway I just wanted some advice on a couple of issues that will make my Comodo firewall even more pleasant than it already, these are:

svchost.exe and UPnP
In my comodo firewall logs I have a lot of blocks from incoming connections that originate from my NAT/router in this case These connections are TCP connections going from the router to my intel apple workstation (running in XP mode) which is to the application svchost.exe on port 2869. On my system UPnP ports are 1900 UDP/TCP and 2869 UDP/TCP.

Now I understand the importance of svchost.exe and its relevance to windows services and upon analysis of how Comodo works I thought that during the initial configuration process I defined trusted networks which allowed nodes within this address range to connect freely without impedance to services offered on my system(s) (file+printer sharing) which of course Comodo does wonderfully.

When researching Global and Application rules and their effects on how data is passed across the software firewall I found that in the application rules that svchost.exe is set to allow OUTGOING connections from the workstation ( but not accept incoming connections i.e. from my Upnp enable NAT/Router @

I was wondering is this correct, wouldn’t it be better for svchost.exe to be allowed to accept in incoming and outgoing connections to allow it to service the needs devices on the LAN. Here s and example of how this block effects my workstation ( In the Network Connections window of XP Upnp devices like my NAT/router appear as “Internet Connection”, normally one would be able to double-click the icon and receive information about the connection up and total number of packets received and sent and the modems current sync speed i.e. 2.24Mbits. Ever since installing Comodo what I get is the NAT/router device appearing in the Network Connections window but it would always register as being disconnected when it is not.

Would it be prudent to for me to change the rule of svchost.exe to allow incoming and outgoing connections, what do Comodo experts and other forum users think of this?

If you made it this far :slight_smile: I know you must be tired of reading so I will describe the second issue in the shortest possible way. On my Intel Apple Core 2 Duo 2.0GHz I am running XP with DEP switched on for all services and applications running on the system. I have noticed with Comodo v3 that when I try to trigger a manual update from within Comodo a DEP error gets triggered and the UPDATER form crashes please note Comodo does not get terminated only the updater component does. The only way around this is to place a special rule in the DEP window to have DEP switched off for Comodo v3 firewall. Has anyone else had to do this?

To better help the diagnosis process here are my system specifications.

Apple iMac Intel Core 2 Duo 2.0GHz
1 GB Ram
Windows XPSP2 (patched to the latest windows updates)
Integrated Gigabit LAN (not used)
Integrated Wireless 802.11g (used to connect to the LAN and other network nodes)
Please note that the Windows WPA2 hot fix has been applied to the adapter to allow for WPA2 encryption via wireless.

Regards and thanks for getting this far


You have to define your LAN zone and then use the defined IP address range to set up your Stealth Ports Wizard. This will write rules for the LAN that will allow traffic over the LAN to work: Click Firewall>Common Tasks>My Network Zones. On that page, click the Add button, select “A New Network Zone” and give the zone a name like LAN or Home or Trusted and click Apply. On the My Network Zones page, there will be a new entry with the name you gave it and an entry below it (add addresses here). Select that line and click “Add” and choose “A New Address”. Your LAN zone includes the following range: to, so enter that range in the “Range” section and click “Apply”. As a precaution, you should add the individual addresses and, in case your rules don’t allow them already. You will have to do the “Add” process for each of those two addresses. Make sure to click “Apply” on the Add screen and when you are finished, on each parent page where you see “Apply”.
You should take this opportunity to define a Predefined Firewall Policy to allow you to restrict some application to communicate only with your LAN, such as Explorer.exe and system. Add the two policies as follows:
Firewall\Advanced\Predefined Firewall Policies
Allow IP In From In [Local Area Network] To IP Any Where Protocol Is Any
Allow IP Out From IP Any To In [Local Area Network] Where Protocol Is Any
Allow IP In From In [Special & Local Multicast] To IP Any Where Protocol Is Any
Allow IP Out From IP Any To In [Special & Local Multicast] Where Protocol Is Any
Block and Log All Unmatching Requests
o LAN & Outgoing
Allow IP In From In [Local Area Network] To IP Any Where Protocol Is Any
Allow IP Out From IP Any To In [Local Area Network] Where Protocol Is Any
Allow IP In From In [Special & Local Multicast] To IP Any Where Protocol Is Any
Allow IP Out From IP Any To In [Special & Local Multicast] Where Protocol Is Any
Allow TCP or UDP Outgoing Requests
Block and Log All Unmatching Requests
The IP address range for [Special and Multicasting] ports is:
o Special & Local Multicast
IP in
IP in
which you should add to your My Network Zones, if you need it. These ports are not required by most users, so you may want to omit them.
With those two rules defined, you can apply them to some of the applications that are listed on your Firewall>Advanced>Network Security Policy page:
Firewall\Advanced\Network Security Policies\Application Rules
o Svchost - LAN & Outgoing
o System - LAN & Outgoing
o Explorer - LAN
This makes your policies for these applications much tighter.