I tightened up my DNS rules and disabled winxp SP3 DNS client service. Ever since I did this, I see periodic log entries for cfp.exe connecting outbound UDP on port 53. I am curious as to why Comodo is “dialing out” this much. I would buy one connection at startup to check for updates but why the connections at other times?
If you shut down the Windows DNS service, every app trying to connect the internet looks up DNS itself.
You should get such alert for every app like Fifo or IE.
I would not recommend to disable Windows DNS service.
The service is there to improve performance, not hinder it. Why turn it off?
It needs dns answers for download.comodo.com to check for AV updates and Program updates that’s what causing these DNS queries also if you use ThreatCast it will use DNS protocol for that.
The only way to prevent DNS “leaks” outbound effectively is to have an individual DNS rule for each application that requires it. Look up web refs. for various commercial firewalls to verify this.
I coded a predefined rule for DNS and just apply that when I get an alert. Rootkits are notorious for appending their nasty code to svchost.exe. I am a bit paranoid these days after I removed Hacktool.Rootkit from my Comodo firewalled home PC.
Yes, I accept the initial cfp.exe outbound DNS at boot for Comodo update checking. I also don’t have Threatcast turned on. What I don’t like is the intermitent cfp.exe requests I have seen. I did find an old forum posting about this that was illuminating. That one dealt with cfp.exe connecting to Planet servers.
I have also observed that Comodo is blocking outbound ISP activity after boot until cpf.exe fires off which is kind of interesting.
Boot up leak protection…