Alerts Displayed & Firewall Events

searchit · February 14, 2012, 10:10pm

Alerts Displayed & Firewall Events
is a safe application. However you are about to receive a connection from another computer. If you are not sure what to do, you should block this request.
I received this alert and blocked it, now Comodo has blocked 200 + site in 2 days. Is this normal, should I unblock or not. Are the other 200+ sites being blocked possibly connected to me blocking this connection.
The blocking continues to current date and time. Bran new to Comodo 2 days in. I searched the forum today to no avail. Thanks in advance for any advise!

[attachment deleted by admin]

Maniak2000 · February 14, 2012, 10:20pm

I’d say this is normal. You should not allow incoming connections for system process or svchost.exe process unless they are coming from a trusted source like your home network (assuming you want to share files \ printers with that home network).

As they say, if everything is working with those blocked connections, then leave it that way.

Radaghast · February 14, 2012, 10:21pm

Welcome.

These are inbound SMB connection requests (Microsoft file and printer sharing). As you’re directly connected to the Internet, it’s preferable to block these. As they’re currently being blocked, I assume you have a rule that blocks IP In with logging enabled? If you’re not sure, post screenshots of your Global and Application rules. It may also be worth disabling file and printer sharing, if not being used.

searchit · February 15, 2012, 4:54am

Thanks for your responses Maniak2000 and Radaghast
In response to your post Radaghast. This is a fresh install of vista ultimate and Comodo firewall on 02/12/2012. All software should be at default settings including Comodo. I do intend to add an HP printer and Microsoft home and student. I have not as of this post. So I don’t think disabling file and printer sharing is an option. Here are the two elements you mention, Global and Application rules. They should be default for firewall, as I have not changed security settings.

[attachment deleted by admin]

Radaghast · February 15, 2012, 5:24am

File and printer sharing is only something you’ll need if sharing between PC’s on a LAN. As you appear to have a direct Internet connection, this is not something you’ll be using unless you also acquire a router or some other NAT device.

The Global rules are default for firewall security but the Application rules have the System process blocked. I imagine this was done in response to an alert, as it s not a default setting. This is also the reason you’re seeing the log entries.

For now, I’d seriously recommend running Stealth Ports Wizard with the third option:

Block all incoming connections and make my ports stealth for everyone

This will create a Global rule to block all unsolicited inbound connections, this is a wise course of action with a direct connection. I’d also suggest modifying the rule for the System process that does the following:

Application name - System
Action - Block
Protocol - TCP or UDP
Direction - Out
Source Address - Any
Destination Address - Any
Source Port - Any
Destination Port - A Port Set with the ports 137, 138, 139 and 445.

If/when you get a printer, things need to be changed, you can simply replace this rule with something more appropriate.

One more point, if you’re running a p2p or a server application, adding the aforementioned Global block rule will require you to add rules to allow inbound connections for the said application(s).