I unchecked “Do not show any alerts for the applications certified by Comodo” on my new XP sp2 Home install.
Does checking it increase my security risk?(I noticed the Comodo help file shows it unchecked.)
I prefer it unchecked. When unchecked I get alerts for three “applications”:
alg.exe with services.exe as parent
svchost.exe with services.exe as parent
system with system as parent
alg and svchost are in C:\WINDOWS\system32. System does not show a folder. What is its path?
As soon as I logon Comodo alerts:
application layer gateway service is trying to act as a server
application: alg.exe
remote ip:127.0.01port:listen(****) - TCP
[I [b]allowed[/b] it, but do I really need to allow this?]
generic host process for win32 services is trying to act as a server
application: svchost.exe
remote: ip:listen ports: ms-rpc(***) - TCP
[I [b]allowed[/b] it, but do I really need to allow this?]
windows system process is trying to act as a server
application: system
remote: ip:listen ports: ms-ds(***) - TCP
[I [b]allowed[/b] it, but do I really need to allow this?]
As soon as I connect to the Internet I get 2 additional alerts regarding svchost.exe(generic host process)
Generic host process for win32 services is trying to act as a server
application: svchost.exe
remote IP: ... port : nbdgram(***) - UD
Security considerations: c:\windows\explorer.exe has tried to use svchost.exe through OLE Automation, which can be used to hijack other applications. exploreer.exe might be using svchost.exe to connect to the Internet
[I [b]denied[/b] it this time. Is that ok to do?]
Generic host process for win32 services is trying to connect to the Internet
application: svchost.exe(deny)
remote IP: 255.255.255.255 port: ***() - UDP
[I [b]denied[/b] it. Is that ok to do? I am really not comfortable with svchost.exe connecting to the Internet.]
I have changed these settings a number of times and, it seems to me, that I have definitely been able to connect to the Internet fine even after denying all 3 svchost.exe requests. I believe that I have also denied the others with no obvious problems. I have “researched” what the “applications” are, but I still come away with uncertainty. The first of the two svchost.exe requests that I get after I connect to the Internet displays my own IP address(whois shows my ISP) as the remote IP; so, I assume this is some kind of “ping” or something. I have always denied these things in the past with ZA.
Which, if any, of these 3 applications do I need to be allowing through Comodo?