cfpupdat.exe blocked [resolved]

HI today i had the strangest thing this came up in my logs as blocked i don’t see a entry for it in firewall area ether can someone explain to me how to fix it thanks.

um also this dose not appear to be a comodo ip it is trying to connect to here is the whois on the source ip address this is really strange is it a bug i have found?

OrgName: AltaVista Company
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US

NetRange: -
NetHandle: NET-209-73-160-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
RegDate: 2000-06-08
Updated: 2004-05-21

RTechHandle: NA258-ARIN
RTechName: Netblock Admin
RTechPhone: +1-408-349-3300
RTechEmail: jluster[ at ]

OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: network-abuse[ at ]

OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: jluster[ at ]

ARIN WHOIS database, last updated 2008-08-24 19:10

Enter ? for additional hints on searching ARIN’s WHOIS database.

cfpupdate is Comodo Firewall Pro Updater. Did you change things and block it?

not that i’m aware of i removed a couple of programs and purged them but did nothing with comodo other then add a program to its interprocess memory that’s it. how would i tell if it’s block if i go and hit update it works? i don’t even see a entry for it i see comodo in firewall but it’s the same as it always has been nothing looks out of the ordinary.

ehm (:NRD)
according to my “source” O0 , a screenshot of the log entries containing the blocked cfpupdat.exe would be helful.

here you go Ganda ignore the svchost blocks it’s my router lol i hope this helps someone figure this out for me. image attached.

[attachment deleted by admin]

SVChost is showing cause I think your router is not fully stealthed. I have SVChost set to outgoing only and I get no blocking cause my hardware modem covers all those. What do you have Comodo updater set as under the firewall.

here is the strangest thing i don’t see it in there at all on ether one of my pc this cpupdat.exe dose not show in there. no my router is fully stealthed always has been. the svchost comes from my other pc on the network. the only reference to comodo in my firewall is comodo firewall pro and it’s on it’s default as outgoing only.

As per CFP default policy the updater don’t need inbound connections.

Group :	[COMODO Firewall Pro] is defined as
[0] %Program Files%\COMODO\Firewall\cfp.exe
[1] %Program Files%\COMODO\Firewall\cmdagent.exe
[2] %Program Files%\COMODO\Firewall\cfpupdat.exe
[3] %Program Files%\COMODO\Firewall\cfpsbmit.exe
[4] %Program Files%\COMODO\Firewall\cfplogvw.exe
[5] %Program Files%\COMODO\Firewall\crashrep.exe

Application : Group [COMODO Firewall Pro] Treat as: [Outgoing Only]
The predefined rules are as follows:
[0] Allow        TCP Or UDP  Out    From  IP Any  To  IP Any  Where Source Port Is Any And Destination Port Is Any
[1] Block & Log      IP      In/Out From  IP Any  To  IP Any  Where Protocol Is Any

Please check cfpupdat.exe digital signature.

Maybe it was an attack carried when cfpupdater was running ref:

ok i checked it here are some pictures of its signature i think all looks ok also attached is a picture of comodo firewall in my network policy. maybe your right maybe someone tried to attack it that would give it a block.

[attachment deleted by admin]

[attachment deleted by admin]

i hope the pics help in figuring this out :slight_smile:

Well done, “destination”. Over and out O0

Hey, I’ve seen that wallpaper before. I think I know where you got it ;D.

As Gibran mentions, all CFP files do not require incoming connections, so the default Outgoing Only firewall rule on CFP would be appropriate. Your log basically means something from the internet was trying to connect to the CFP Updater, but was blocked, which is good in the sense that CFP was doing its job :-TU

As for your other question of why you don’t see a blocking rule in the firewall section, take another look. There’s a ‘Block and Log All Unmatching Requests’ rule (the 2nd one) on Comodo Firewall.

Soyabeaner your correct lol i did not see that glad to here that comodo did it’s job:) case closed thanks all mistry is solved.

solved, locked.hallelujah (:HUG)
(i love this job :slight_smile: )
pls PM me or other mod if you want this topic reopened.