Comodo firewall warns on wininit.exe

Last night Comodo firewall popped up a warning about “wininit.exe”. Noit knowing exactly what it does, so I clicked on do not allow (?) and immediately got the blue screen.

Some brief researching, seems “wininit.exe” is a crucial part of Windows. (Windows 7 here.) So why did Comodo warn on this? The blue screen and warnings that Windows was not shut down properly are somewhat disconcerting to say the least. All seems OK now but who knows…

You could check at

if your wininit.exe has been compromised / replaced by malware.

If not, please request your version of this file to be whitelisted.

Kind regards, REBOL. :slight_smile:

Thanks for the reply and link. No further issues so far.

You can also check your TCP connections with this prog:

wininit.exe should usually show up as “listening” to local port 49152.
You can safely allow this connection.
Only if it’s showing a remote address here, you should be somewhat concerned. I guess that’s not the case, though?

Kind regards, REBOL. :slight_smile:

What is it listening for? Mine does not listen on port 49152 but some remote IPs wanna talk with my wininit.exe every day which is actually clean over this port. :slight_smile: So what is so interesting on my wininit.exe for remote IPs? ???

Hi Sterndi,

Which remote IPs? Could you list them here?
(Could be MS, btw.)

Kind regards, REBOL.

Hi Sir,

MS-Updates are disabled. I have a router but use it like a modem (DMZ-Host - Ports open). First I also thought MS but it doesn’t seem so. :wink: I just blocked the port manually for inbound traffic with COMODO. Most of the traffic/programs I control and configure manually and I consider myself as skilled already. :wink:

I’ve been using the router (TC7200) just for a few weeks. I had a normal cable-modem before without any configuration function - all ports were open but cannot remember remote access to wininit.exe. :P0l My PC itself works fine - no strange behaviour in any way. :-TU

Best regards

[attachment deleted by admin]

Never saw anything like this related to wininit.exe, to be honest. :-\
HOSTEAM S.C., Poland
Beijing SanxinShidai Co.,Ltd, China
Ecatel LTD, Netherlands
IP Range Snel Internet Services B.V. assigned to server #38, Netherlands
CHINANET Beijing province network, China
CHINANET jiangsu province network, China
FibrLINK Communications Co., Ltd., China

Kind regards, REBOL.