Alerts for system.exe using port 138

I’m a new user of Comodo. I’ve installed a few times over the last 6 months, got frustrated when I couldn’t understand what was going on and then uninstalled and returned to my “comfort zone” firewall of Sygate.
This time I seem to be doing better - well, so far, anyway.
I’m running XP pro x64 with SP2
I have Comodo and Avast AVG 4.7 (Avast is set to exclude Comodo from its start-up scans to preven boot conflicts)
I connect to the internet via broadband cable and am behind a Linksys Router
Application Monitor seems to have gone through “learning” and is now “on” although compnent monitor is still “learning”
I realise that there is a fairly big diference between Sygate and Comodo in terms of allowing applications and the detail of alerts, etc. but something keeps coming up and I can’t find any info about it, either here or when I Google, so I decided to post.

One alert which keeps coming up - I do not have any applications on allow as I want to know what is going on all the time until I understand enough to make informed decisions about what I can allow and deny - is for system.exe using port 138 for nbdgram. Some of my research shows that this is used for NETBIOS. I have a vague recollection of disabling NETBIOS with a GRC tutorial on my previous WIN98 machine, because it was a security flaw in the system. My question is: do I need to allow this connection for system.exe on this port?

I haven’t updated XP lately so haven’t experienced the problems other users have recently, tho’ I do get lots of alerts because of my fear of “allowing” any applications! However, I’m puzzled as to why svchost and system try to access the internet as soon as I turn on my computer, whether or not my router is powered up; is this normal? Previously, when using Sygate nothing tried to connect until I ran a program, like my browser or email program, but now these alerts begin as soon as I switch on my machine.
I regularly scan my machine with Spybots and Adaware; I have Spywareblaster running in the background; all programs are set for manual updates, so I’m puzzled as to the connection attempts.
Any explanations would be appreciated.
Apologies if I’ve missed a previous thread concerning these points; if I have missed a previous post, I’d be grateful for a link to read it.

System doesn’t need any Internet access at all. I’ve blocked it from accessing the Internet, and it haven’t affected my computer in any way, so you can safely deny it Internet access.

And about svchost.exe, it needs Internet access for your computer to obtain and update your IP adress, use Windows Update and if enabled, to synchronize your clock.
Normally svchost.exe needs port 53,67,68,80,123,443.
Parent should be services.exe
Hope this helped you.


Thanks for that Ragwing. I’ll deny access in future. Is there a rule I need to block it permanently? I tried to make one, but I’ve found that I can’t type in the “application/parent application” boxes; I always have to browse, find the application and select it that way, but cannot find the “System” file I need. Is it ever possible to just type in the name? or do you always have to browse all files and select the *.exe file that way? I guess selecting it means you can’t get the wrong application by making typing errors.

When I booted up my machine tonight, all of Comodo’s monitors remained off and I got 3 warning messages about this. They suggested uninstalling and then re-installing Comodo to try to fix this. I booted into safe mode, uninstalled, rebooted and then re-installed. Do you have any idea why that might have happened? and is there anything else I should do to prevent this happening again? I think one post I read recently suggested uninstalling both Comodo and the Antivirus program and then re-installing Comodo first before the Antivirus. Is that something I should try?

I’ve scanned my machine with Adaware and Spybots since the crash and all seems well.
Thanks for your time.

You can only use ‘Browse…’ to find the file, not write the path yourself.
And if you want to find the ‘System file’, you can use Windows search function.
There’s one in system32\config named ‘system’, without any extension.
And then there’s a system.drv

Did this happen the next time you booted your machine after denying System Internet access?
If yes, then it might be the reason.


Hi Ragwing,
The first time I booted up after denying System any internet access, all was well. The warning messages appeared on the second or third time of booting up. I did reinstall, but Comodo frequently shows “bad protection” with all monitors with red crosses, for several minutes after booting up, so I don’t know why that should happen.
I restricted svchost.exe to the ports you suggested and all seemed well, but then I lost connection to the internet and when I checked the logs, Comodo was blocking svchost on port 67. The only way I could connect was to reboot. That seemed to work for a while, but then Comodo blocked svchost again.
I checked in application monitor and svchost was set to “ask”, but it didn’t.
Unfortunately, I’ve had to uninstall Comodo as too many things seem to happen that I neither understand nor can fix. This is the third time I’ve tried to get to grips with Comodo and I managed to last a lot longer this time - normally, I try for a couple of hours and give up! this time I made it past a week.
Maybe I’ll try again in a few weeks, but for now, my brain hurts :frowning: and I’ve gone back to my old faithful Sygate.
Thanks for your help anyway.

Hi Ragwing,
Have just been reading a few things in the forum and wonder if I may have discovered the reason for some of my difficulties. I was checking the release dates of version 3 and saw that the version I was using did not support the 64bit XP program. Is it likely that that could have given me some problems? If that could be the reason, then once the final version is released, I’ll give Comodo another trial: I really would like to get to grips with Comodo as I was impressed with the parts I could successfully control.
I’ll keep checking back for details of the final version release date.
No doubt I’ll have more questions in the future!


You are correct in that v2.4 is not 64-bit compatible. And, that would definitely cause a problem such as you encountered, with the monitors turned off.

On a side note, you mentioned that with Sygate, svchost.exe was never connecting from boot. I beg to differ on that; svchost’s behavior is not changing in that respect, as it always attempts to establish an internet connection as soon as possible. The difference in behavior is that Comodo does what Sygate does not - it monitors/controls/reports that action.


Hi Little Mac,
Thanks for clearing that up. I wasn’t sure if that was just another “problem” I was having with svchost. Like many other people, I’m sure, I’ll be keen to try out the new version of Comodo and hope that I’ll be able to master it this time!
I last a little longer each time I try it out, and I learn a little more each time as well, so at least all of these trials haven’t been wasted experiences. :slight_smile:


You seem like a glutton for punishment… :smiley: You keep coming back for more - glad you’re getting something out of it each time!

I think (hope) you’ll like v3. It has some very good “learning” implementation to help real-world users (not geeks) get it working with minimal fuss. They’re still implementing and tweaking, and have big plans for it. It’s obvious to me that they’re making a big effort regarding our feedback, to listen and implement/include our suggestions. When they get done and bugs are gone, I think this’ll be a hum-dinger application!