A seemingly very large amount of intrusion attempts?

Hello, I’m very new to Comodo, (luvin it btw), yet I seem to be getting an alarming amount of intrusion attempts, in the time frame of approximately 4 hours, I’ve had close to 8000 intrusions attempts blocked.
The mass majority are from utorrent, and pretty well all the others are from windows operating system.

Is this normal? Should I be worried about this? (and also very happy that I decided to use Comodo)

thanks in advance,


Hi gavee,

And welcome to the forums, we’ll it’s hard to say based on your explanation but normally for torrents we see the following behavior.

Have you run stealth ports wizard?
Did you setup your torrent client to use a static port or does it use uPNP?

The Windows Operating System drops normally occur after a closed torrent client, there are still pc’s on the internet “thinking” you are part of the torrent download and therefor trying to contact you.
Windows can’t find an application listening on the requested port and gives the packet to the WOS to handle it and get’s blocked by CIS because there is no allow rule for this traffic.

Hi Ronny, thanks for the welcome

I have run the stealth port wizard, and verified that my ports are in stealth mode, through grc.com security check, (which gave comodo stealth a VERY good passing grade, :-TU)

My torrent client is setup to use uPNP with a randomized port.

A very good explanation btw as to why I could be recieving so many blocks, (its now over 40k since the time of original post)
So I take it its just a downside to using torrent clients? My computer is constantly having access attempts to seed content?

Since I’m assuming this type of activity is normal then, would it be safe to allow all utorrent activity though CIS, since 95% of the attempts blocked are from them, (with a few system and WOS blocks),
Or would this be something more related to my torrent client and not Comodo?

Normally we advise to allow all outgoing traffic from the torrent client to the Internet.
And from the Internet to the torrent client it’s best to use a fixed port.

If you have used Stealth Ports wizard all incoming traffic will be blocked so the torrent is only working as a “download” client.

If you wish to allow torrent traffic to be handled by the application you need to setup a fixed port otherwise you need to allow all ports to be open on the global rules, and that will kill your “stealth” setup.

Thank you very much Ronny for your replies, I think I got enough outa yah to be able to get this all cleaned up.


Your welcome,

If you need more feel free to ask.