CF keeps blocking "windows operating system" application

Hi to you all, guys!
i’ve noticed a weird behaviour from Comodo Firewall in these days.
I had a look at “firewall events” and i’ve noticed that CF was keeping blocking “windows operating system” application. This is the point: i’ve set my network policy on “my custom policy mode”. Sometimes, it happens that CF keeps blocking over and over the same intrusion attempt. Which is? It’s the “Windows operating system” application. And with “over and over” i mean 4/5 times a minute. “Firewall events” says that CF has prevented “windows operating system” application from establishing connection from some IPs addresses to my own IP over UDP protocol.
The weird thing about all this ■■■■ is that there’s no rules about the above application in my Network Policy and no alert window is prompted asking for my decision while CF is still blocking it! And the name “windows operating system” does not help me finding out what is going on.
The only thing i’ve pointed out about that mess is that the destination port is the same port (over the same protocol) of my p2p client “emule”.

So here is the question: why CF is keeping blocking that application even if there’s no rules about that and no alert window is prompted? and above all, which applications are grouped under the name of “windows operating system”?

i’m very frustrated because sometimes it happens that all this mess causes my system powered down making it inactive and i’ve to boot my system again.

thx in advance!

regards

Please see the below given link.

https://forums.comodo.com/empty-t50450.0.html

AFAIK, when you stealth your port or when there is incoming connections which are blocked by Firewall, these are logged as ‘windows operating system’. This is not a bug. The IP addresses which tried to connect to your computer can be seen in the same log.

Hope this helps.

To Stop the Firewall logging problem when your Torrent client is Closed.

You have noticed that your firewall logs fill up with Blocks attributed to the Mysterious Windows Operating System. ???
You don’t see any Application Rule for Windows Operating System.
It seems like the World wants to get at your OS. :o
You’ve noticed that all these IP’s are going after the same port incessantly. >:(
You will further notice that it is the Port you have set up for your Torrent client to “Listen” on.
Further still you see that these Blocks only occur after you have Closed/Shutdown your Torrent Client.

When the Torrent client is running it handles all of these requests.
When the Torrent client is shutdown, the requests continue but no one is listening.
The Firewall just defaults the dropped/blocked requests to the Windows Operating System.
No harm, but the logs fill up fast with these Blocks aimed at “Nobody’s Home Man” >:(

Finally to Fix It :slight_smile:

Leave your Torrent client running all the time and pause or finish all torrents, when you

want to stop traffic. And not have the rampant logging.

Or

Open CIS GUI > Firewall > Advanced > Network Security Policy

Application Rules > Add

Application Network Access Control > Select > Running Processes

(highlight) Windows Operating System > Select

Application Network Access Control > Use a Custom Policy > Add

Network Control Rule

Action = Block Do not check the box to “Log as a firewall event…”

Protocol = TCP or UDP

Direction = IN

Description: “Torrent Port Logging Filter” or your preference.

Source Address > Any
Destination Address > Any
Source Port > Any
Destination Port > A Single Port = Your Logging Problem Torrent Port #
Apply > Apply > OK

Yer Done!!

first of all, thx to you all!
Now:

i’ve eventually got clear of all this stuff, thx.
there’s just something that doesn’t match with what you’ve well-described.
to begin with, these “intrusion attempts” make my system going crash.
and finally, at my system restart, the firewall still keeps blocking those intrusion. well, actually windows operating system still keeps establishing the same connections which was attempted before my reboot.
how is possible all this ■■■■?

but this not solves the question: even if all those intrusion aren’t logged anymore, they still attempt to establishing connection to my host.

thx, again^^

regards

In the end there is no such thing as 100% security. Keep your Windows and Torrent application updated to reduce risks.