I have been using Comodo standalone Firewall for a very long time. Rarely i was getting some Warnings about Windows Operating System trying to connect to the Internet, but as i wrote it was RARE.
Latetly i get it every day. More and more. Tried to block it (it was trying to connect to some Amazon sites) but that also blocked other things like DNS. I dunno what changed, Windows 10 Fall update or something else.
So the question is, why we don’t have any more a CLEAR picture of what is trying to connect to the Internet. If we don’t know that, we can make a decision and that MAKES COMODO FIREWALL (and any firewall) USELESS.
Useless and also dangerous, since users will see Windows OS and feel safe to ALLOW.
" IF " you have the firewall set to Custom Ruleset and Create Rules for Safe Applications unchecked then under Firewall Application Rules - change the rule for System Applications to Custom and add the rule " Ask IP IN/OUT From MAC Any To MAC Any Where the protocol Is Any " and click OK. When you get a popup for svchost.exe then set it to Allowed and remember this rule. Now when you get a popup for System you can safely block it.
If you want a clearer picture of whats connecting to the internet you can also set the rule for Windows Updater Applications to the same as the one above. Then you will be presented with all OS alerts from that point, but if your unclear on what each process or service is used for and what you can safely block then that might not be the best idea.
Basically I have similar issues ([url=http://my thread]https://forums.comodo.com/firewall-help-cis/rdp-is-not-working-with-global-rule-for-port-3389-t120917.0.html[/url]) with WOS permissions. RDP as well as the SMB-sharing for some reason require custom rules for WOS to be work. But the SMB never requested such rules before, and for RDP was sufficient to create global port rule.
For me it looks like some bug in process detection system or something like that.
I understand. Only seen a request for Windows Operating System only once or twice over many years and have always blocked it. It didn’t affect anything because there were rules in place already for other components. If a rule is in place for svchost set to allow and it’s above a rule for WOS set to block in the list then it will not block your DNS servers. What else it would block exactly I’m unsure so that’s why the suggestion to create separate rules for each process. Then you know exactly what’s outgoing.