Comodo doesn't remember the options to block or allow

Need help i keep getting incoming connection from the internet through svchost.exe every 1 mins

3/31/2010 8:36:13 AM System Asked In TCP 10.10.43.244 1076 10.10.85.139 445
3/31/2010 8:37:34 AM System Blocked In TCP 10.10.43.244 1076 10.10.85.139 445
3/31/2010 8:37:34 AM System Asked In TCP 10.10.128.80 2207 10.10.85.139 445
3/31/2010 8:37:44 AM System Blocked In TCP 10.10.128.80 2207 10.10.85.139 445

i confused should i allowed that connection or block it? as 10.10.xxx.xxx is a private ip right?

im using 3,5G hsdpa modem
my ipconfig
PPP adapter Wireless Terminal:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.10.85.139
Subnet Mask . . . . . . . . . . . : 255.255.255.2
Default Gateway . . . . . . . . . : 10.10.85.139

the main problem is comodo pop up keep asking every time an incoming connection from svchost. i already set it to remember my answer but its still keep asking every time a new incoming connection from svchost

and it continue to pop up every couple minutes so it really bother me :smiley:

so my question are

  1. Should i block the 10.10.xxx.xxx connection through my svchost.exe?
  2. if yes then how to set it so comodo remember my answer? (as the option to remember seem ignored)
  3. why in D+, firefox got blocked (3/31/2010 8:37:15 AM C:\Program Files\Mozilla Firefox\firefox.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe) every couple mins

i already tried to uninstall and reinstall, but its still the same

when i uninstall comodo, avast seem automatically blocked the connection

thank you

Those are most likely from people using the same wireless phone connection. It is best to keep that blocked.

More in particular. That port belongs to Microsoft - DS which supports sharing files over a local network. Apparently your wireless phone provider puts its user in a “local network”. When allowing that traffic you open for complete strangers that also use your providers service.

thank you for your detailed help :slight_smile:

but could you answer question no. 2 & 3

2. if yes then how to set it so comodo remember my answer? (as the option to remember seem ignored) 3. why in D+, firefox got blocked (3/31/2010 8:37:15 AM C:\Program Files\Mozilla Firefox\firefox.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe) every couple mins

cause its really bothering me to keep click block and ok every 1-2 mins when the attack occur and comodo pop up alert me.

anybody?

i tried using parental option.but it a little bit annoying especially when i installing a new program, or running a new program…cos it disable all the comodo pop up

the solution for appearing of new pop ups may be that there is the same adress, but different ports been asked.

i would suggest you to use the stealth port wizard in comodo (setting 3). that will generate a rule “block ip in any” under global rules. this means, that you will get requested packages, but all unrequested (outside) traffic will be blocked without asking.

as long as you are not a server or in a network, this is always the best choice :wink: (in the two other cases you have to configure a bit).

and firefox doesnt need access to comodo. so just block this attempt. but i wonder why it want to have it, often, as you said.

An other option is to create a block rule on the “Global Rules” tab of the Network Security Policy.

Block
TCP
IN

Source netmask 10.10.0.0 / 255.255.0.0
Source port ANY
Destination ANY
Destination Port 445

Make this the first rule on Global rules.
You could also be seeing this traffic destined at TCP 139 it’s the same sort of file sharing traffic but based on an older protocol version, you could copy the rule and change the port, or use the Stealth Port Wizard like proposed above to block all unsolicited incoming traffic.

Beware that using the Stealth Port Wizard will reset your current Global Rules!

thank you clockwork and Ronny for your solution,

im currently trying Ronny solution first cos it more detailed :slight_smile:

The ip address who attacking is different every mins, but it always start with 10.10 (10.10.0.0 - 10.10.255.255) and it attacking port 135 and 445

trying while writing and currently no pops up, so it seem it works :slight_smile:

for firefox, yes that why i asked cos its a bit strange, and why it try to access comodo memory,perhaps one my addon, will try to uninstall one by one.

so thanks again clockwork & Ronny, will report if the same problem occur thanks :slight_smile:

I would suggest to start Firefox in “Safe Mode” from the start menu programs this will “disable” all addon’s and if then there is no more memory access attempts against comodo modules then it’s one of the addon’s saves you a lot of “uninstalling”.

You can also “disable” addon’s one by one to find out which one is the cause, simply go to addon’s and select “disable” now restart FF and see.