CIS - Firewall blocks the "Windows Operating System" in Windows 10.

The firewall between blocked applications blocks the “Windows Operating System” path.
What is it? My PC is clean, it is not infected.

I can not find the details?

Can i unblock it or remove it?

Thank you :wink:
Nunzio.

Hi,

Can you please share the screenshot of your firewall event logs? and Do you use stealth ports task to block incoming connections? If yes, please unblock it.

Kind Regards,
PremJK

No I do not use invisible ports to block incoming connections. For now I have removed the notice and since April 7th it has not blocked me. However, the PC is not infected, I scanned with other tools and is clean.

The block has returned. Here is the print screen: Print screen firewall hosted at ImgBB — ImgBB

Can it be an intrusion attempt in my PC?

Normal blocking of fragmented UDP packets due to block fragmented IP traffic enabled in firewall settings.

What do i have to do? Should i leave this setting enabled or do I have to disable it?

These are the settings I put: impostazioni firewall hosted at ImgBB — ImgBB

Which ones should I leave and which ones to take off if they are useless?

Thank you!

PremJK was talking about Blocca trafico frammemtato.

Even when you disable this setting you sometimes catch fragmented UDP traffic. The UPD protocol is a stateless protocol. It means both sides are not acknowledging data being received. Sometimes a site may respond later to a request from your computer then the Stateful Inspection time limit of the firewall. The firewall then thinks the traffic is not an answer to a request from your computer and will see it as a possible intrusion.

You could also consider disabling Annaliza i protocoli because it may influence network performance.

Ok. Thank you. I disabled “analyze protocols”.

Hello!
I continue to receive occasional attempts to intrude the ARP protocol, which in the advanced settings of the firewall I put the flag on “enable anti ARP spoffing”. But it can be removed (if there can be legally “intrusions”) or is it better to keep the active flag on this setting?

It’s better to keep ARP filtering enabled especially when you are on wifi.

When the IP address in the ARP messages are the same then you are safe. When the IP addresses are not the ARP filtering is protecting you.

Thank you so much! Very nice! :wink:

Hey Guys,

Im not sure if it is better to open a new topic for my issue, but I think this conversation is a good place for my problem:

I have the issue, that Comodo Firewall blocks the whole traffic in WPA-2-Enterprise network (at university), when I enable the “Enable anti-ARP spoofing” feature. After enabling this feature, the whole internet connection is blocked. See screenshot for the log.

Windows 10 1803
CIS v 10.2.0.6526

Is this a known bug or is there a comprehensible reason? Never got in touch with this problem in WPA-2-Personal networks.

Thanks

Are the IP addresses in the log you attached the same for Source and Destination IP or different? Usually the Block Fragmented IP Datagrams is the culprit in University networks.

Your university is most likely using VRRP you can see this post for more info on the cause of your issue.

The IP addresses for Source and Destination are different. The university network called eduroam is an international (very huge in europe) network for education and research area.

Thanks. This helps to understand this problem. Did I understand correctly, that I cant do anything against this problem and I have to disable the ARP protection?

Thanks. This helps to understand this problem. Did I understand correctly, that I cant do anything against this problem and I have to disable the ARP protection?
Yes