Modem: Actiontec GT701.
This device is showing up as an Upnp device in My Network Places. CIS 2011 Firewall Free is displaying numerous intrusions that are blocked, all pointing to this device. At present I am showing 28 intrusions. All packets originate from 22.214.171.124 and destination 126.96.36.199, TCP ports are variable.
I set CIS to automatically block both explorer.exe and svhost.exe from connecting to the internet. Thus, I have the packet intrusions detected by CIS firewall. Even though both executables are blocked for outgoing, I still will see the modem in My Network Places. Just opening the folder for network places and closing it (when the Upnp device is displayed) will result in the window not opening the next time I check. Using Start/My Network Places does not work either. So, invoking or opening or closing the window will result on failure on the next check. If there is no device listed, I can open and close this window w/o fail.
Let me be clear: the Upnp device does not show immediately; it is only after a few minutes does it show.
Explorer.exe would fail to close on reboot before I set CIS to automatically block it; I used manual block instead. This resulted in the computer hanging unless I used force quit.
I must point out I did not see this behavior when I ran CIS V4. This showed up only after upgrading to V5.
I have seen this before when I ran Zone Alarm Free, but not after switching to CIS V4 Firewall Free.
Running Win XP Home, SP3, CIS V5 (stable), Avast Home Edition Free, v. 5.644. CIS is set to Safe, Safe (firewall and defense +) so I am pretty certain the modem is the problem, not CIS or the computer settings.
What can I do about this, and how to fix?
UPDATE: CFP.exe now does not load or show in notification area on boot or logon unless I click ‘Cancel’ or enter password. See attached .jpg pictures for clarification. This behavior was not there on first install, and the window for ‘New Network Found’ always appeared when modem was connected until I changed settings for explorer.exe and svhost.exe.
192.168.0.2 is the internal DHCP IP address of my computer.
UPDATE: Here is a picture of My Network Places.
UPDATE: Update at 1352 hrs, 10/8/2010; Firewall logs.
Yet Another Update: See .jpg below for picture of Network Gateway.
Any response to this out there?
[attachment deleted by admin]