Comodo blocks windows operating system?

So, one day I am browsing the web as I normally do. I’m just watching videos, checkin my email, not doing anything special when my firewall pops up and informs me of this:

“Operating system is a trusted application, but another computer is attempting to connect with your computer, would you like to allow or block this connection?”

So, what I do is I choose block, however, I don’t know if I clicked on remember my answer or not, but now in my firewall, it shows that Operating system is blocked, but I can still use my computer as normal, so I thought nothing of it, but I’m worried, I don’t know if I should keep it blocked or not. I opened up my firewall and it says that the firewall has blocked 0 intrusions so far, so I’m not sure if my firewall should even be blocking it. How can I reallow it so that it doesn’t show as blocked in my firewall? Again, even if it is blocked, my computer runs normally, but how can I allow it so I can test to see if I want to keep it blocked or not?

Hi Rman87,

It could have been an intrusion attempt from the outside (one of the many reason to have a FW) or another computer from your LAN. If you don’t need to allow some inbound connections, go to Firewall > Stealth ports wizard and there choose “block all incoming connections and make my ports stealth for everyone”. CIS FW will make a global rule blocking silently the inbound connections. If you want to have a record of the eventual attempts blocked, edit the rule and check “log as a firewall event if the rule is fired”. This way, you’ll see the silently blocked attempt intrusions in “view firewall events”.

You can remove the application rule previously made for Operating system just by selecting it and clicking on remove in the right column.

Hope this help.

As an addition to the previous comments by Boris, it’s probably worth noting that ‘Windows Operating System’ under CIS is not a real process, in the sense that something like firefox.exe or svchost.exe is a real process. Basically, ‘WOS’ is similar to a pseudo process found in Windows called System idle Process, which in the case of network connections, is simply used to handle a connection when the original owner of the connection is terminated.

In a nutshell, blocking WOS is not going to have any significant effect on the operation of your PC, as it’s not real. That said, it’s not often an alert is generated when WOS picks up a stray connection and doing so will, to some extent, depend on the firewall settings you are using and which applications were being used. Were you by any chance using a p2p application at the time of the alert?

I am pretty sure that I do not use a p2p application. If it is what I think it is, people try to use those tools to try to infect someone’s machine.

P2p (peer to peer) is a technology used in a variety of applications, most notably file sharing applications, such as bittorrent and emule. However, the technology is also found in applications like Skype, Spotify, BOINC and is even part of the Windows operating system.

How would you test this? If your test comes out with “wrong”, you have a problem :wink:

General rule: Dont allow what is not needed. + Dont allow (random) unrequested ingoing attempts. Usually most things work with “direction out” rules.

To avoid getting questions about unrequested ingoing traffic, use the stealth port wizard setting 3.

Hi all. I’ve a problem and was checking out online when I saw this forum. I’ve been using Comodo Firewall (just the firewall) for about a week now (pretty new with the CIS family). My problem is similar - the firewall blocks a 1000+ intrusions a day (fffreaks me out) from application “Windows Operating System”. I saw a similar post but the intrusion came from a single source IP. Mine intrusions are all from different IP’s (different ports ) on a single IP (and a single port - 53784). Also a note: I am using Bittorrent (similar to Utorrent) but I’ve allowed it as an application (although the ever since I installed CIS there’s no seed from me). I don’t know if it’s related but still… Now my question is can anyone say what’s going on and most importantly if I should make any adjustments to the network settings because I’m now fresh of ideas… (like I said Comodo is somewhat new to me)

Windows Operating System is a pseudo process, its more like the System Idle Process in task manager.

As your using P2P software, when your torrent program, other peers may still try to connect thinking you’ve just timed out. These connection have no associated process listening for them, so windows has to handle the connection. In your case Windows Operating System is where a non graceful shutdown of a connection goes to die.

Though that means ‘not to worry’ are u saying there is nothing I can do (and just leave it as it is) ?.. Also I’ve read some CIS manuals here on configuration but they only show how to add/apply/modify Security Policies in Comodo (both Firewall and Defense+) Can anyone give an example of a list of rules (both application and general) we should add to those by default. This is also a concern of mine… 10x

The first thing you need to do, is establish the cause of the log entries. Maybe you could post a screenshot of the log entries and your Global firewall rules. - use additional options when you reply.

■■■■… Those entries where so many they really annoyed me so I cleared the logs. No doubt I’ll be able to post some tomorrow though :{ As for the global rules they re the ones i got by default - here goes:

[attachment deleted by admin]

Greetings,

it seems I’m having the same problem. Here is a screen:

http://img600.imageshack.us/img600/4435/screenvh.png

As you can see there is a block every few seconds. I already cleared my personal settings to pin point the source of this but it gets blocked without any notice from Comodo.

As you can see it’s source is my router. It starts as soon as I boot up. I do not care if there are like 10.000+ blocks every day. I just fear that it might stress my system somehow?

Well if anyone has a idea how to stop it please post it! ^^

What router do you have? A quick google came up with TCP 14013 being a child protection service scan on AVM FRITZ.

I never considered to google the port. But you were right. I deactivated the child protection thing and everything works just fine! Thanks for your help :wink: