COMODO and new router question

Hi,

I recently installed a router but have only just looked at the firewall log which has lots of entries like this:

Application: C:\WINDOWS\system32\svchost.exe

Action: Blocked

Direction: In

Protocol: TCP

Source IP: 192.168.1.1

Source Port: 3072

Destination IP: 192.168.1.2

Destination Port: 2869

Apparently, the above IPs are router-related and I was wondering if I should unblock whatever request the router is making, not least because it sometimes gets blocked several times a minute.

Er, I’m remarkably ignorant regarding computers an’ stuff. If I do need to unblock this request, um, how do I do so?

I would appreciate some advice, please

John Latter / Jorolat

The traffic to port 2869 is SSDP:

The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for advertisement and discovery of network services and presence information. It accomplishes this without assistance of server-based configuration mechanisms, such as the Dynamic Host Configuration Protocol (DHCP) or the Domain Name System (DNS), and without special static configuration of a network host. SSDP is the basis of the discovery protocol of Universal Plug and Play and is intended for use in residential or small office environments

The mentioned Universal Plug and Play framework makes it easy for devices to find and connect over the local network. It also provides for applications to be able to open and close ports on a router.

As such it is normal traffic.

Thank you for replying, Eric

Do I need to “unblock” the requests the router is making? - my computer is slow enough as it is!

John

I don’t think allowing these requests will make your computer slower.

It is up to choice if you allow them or not. I have made my router’s IP address a trusted network (that allows all traffic to and from). Others may choose not to allow it. Both choices I expect to have no influence on performance.

Thanks again, Eric!

I tried to add my router to the trusted zone list but COMODO said it was already on it, so I guess I’ll just leave things as they are.

Mind you, if my router is “trusted” then I’m surprised the incoming requests from the router (mentioned in the OP) were blocked.

But as I say, I dunno nuffink much 'bout computer stuff!

John

Making a zone is a two step process. First step is define a Network Zone. That I think you may have already done.

Next step is to use the Stealth Ports Wizard to make a zone a trusted zone. You need to choose the option Define a new trusted network and make my ports stealth for everyone else in the wizard.

It seems I’ve already done this, which must have been when I installed the router.

Looking at my application rules, it says for svchost.exe: “Block and log IP in from IP Any to IP Any where protocol is Any” - I think this may be why the router is being blocked.

I’ve never altered a Network Control Rule before. It looks straightforward:

Leave “General” on BLOCK

Source: change type to network zone then pick my router’s trusted zone and check “Exclude”

Destination: change type to network zone then pick my router’s trusted zone and check “Exclude”

IP Details: change IP protocol from Any to Custom at which point a box appears in which I think I’m supposed to put my router’s ip address.

In my OP I wrote:

Source IP: 192.168.1.1

Source Port: 3072

Destination IP: 192.168.1.2

Destination Port: 2869

So I think I enter 192.168.1.1 - is that right, Eric?

John

Your suggestion is to adapt Global Rules. But since it is logged that svchost.exe is not receiving the traffic it means that the traffic is already past Global Rules.

That means we will have to make an application rule for svchost.exe. Could you for my reference posts screenshots of your Global Rules and Application Rules?