Alert: "SYSTEM is trying to receive connection from Internet"

I installed Comodo firewall today and I m getting alert “SYSTEM is trying to receive connection from Internet”.
Remote: - TCP
Port: nbsess(139)

do I have to allow or block this?

You need to identify the URL to decide. Go here

This will give you all the info you require to decide to block or not. Any URL can be queried by putting it in the Whois box.

Hi cska133,

Unless you are sharing files and printers i would block this traffic !!
Port 139 is used to share files and printers, so it’s “someone” trying to connect to your pc to access your files/printer and/or registry.

ok, (1) the IP is from Arcor, this is my Internet provider. But why it needs to connect my PC???

(2) I dont share my printers or files with anyone, so could is lead to problems if I block SYSTEM to connect Internet? Beacause I get alerts that many different IPs are trying to connect SYSTEM.

Is this OK?

I would block all those incoming connections, those are probably all from infected hosts trying to spread their worm virusses…

how can I block all the incoming connections to SYSTEM at once and not for every IP alert? Where is this setting in Comodo firewall?

You can create this rule on the Global Rules tab.

Create a rule

Source = Any
Source Port = Any
Destination = Any
Destination port = Range 137 - 139

And move it all the way to the top, if you decide to go with these rules also create one for port 135 and 445.

If you don’t ‘share’ any thing on your PC then you can also use the Stealth Ports Wizard and then chose option 3 Block all incoming traffic, global rules will then be changed automatically.

If you want to check how stealth you are you can use a web scanning service like shields up!

And move it all the way to the top,

why should I move the rule at the top? Which role/effect does this play/have?

could I get a answer please why I need to move the rule on the top? which top actually?

The reason to move rules to the top is the rules are read from the top of the list first, so a rule you wish to take precedence over all other rules has to be at the top.


which rules do you exatcly mean?

The global rules i suggested.

You can find them by going to Firewall → Advanced → Network Policy and then switch from the applications tab to the global rules tab.

You can also just set the rule for System to “Outgoing Only” and do the same for svchost as well. This is what I and many others do.