CPU "system" at 100% with Net TV - please help!

HI, I am running 2.4, with NOD32 and spyware terminator (latest).

When using p2p TV, including Sopcast and PPmate, I receive a great number of incoming connection on random high port numbers. The connection attempts continue for several minutes - even after the programs are shut down.

This causes the “system” process in task manager to eat up all the CPU’s cycles.

Connections are being logged by comodo 1-2 times per second and are a mix of incoming TCP syn on port 80 and random UDP incoming.

I can stop this by opening ports 1057 - 65535 and port 80.

This is less than ideal!

I have done a very thorough scan for malware, including rootkits and nothing has come up.

I use SP2 and only have 23 processes running at startup, due to disabling many windows services.

I have also hardened my IP stack using freshui and have disabled dns client, netbios, LMHOSTS lookup, win firewall, qos services, B.I.T.S, win updates, etc…

I have increased the number of half open connections to 100.

My PC runs perfectly apart from this! (it is a laptop amd xp 2500, 1gb ram)

Does anybody have any clue what is happening?

Thanks Soya!

I’ve been reading through and so far I am stumped.

How do I disable or limit logging?

Edit - worked out the logging!

Why is it the ‘system’ process which eats cpu?

Actually, before trying that, try setting the C:\Documents and Settings\All Users\Application Data\Comodo\Personal Firewall\Logs\logs.log file to read-only (right on file). This should stop the cpf.exe 100% cpu.

To disable logs there are a few methods. The easiest is to right click in the Logs window and uncheck the network monitor - assume it’s this one that’s causing the most alerts.

The system…it’s belongs to Windows. I think of it as Windows itself. Someone else should fill you in on the details.

I don’t have cpf.exe 100% problems!

It is the system process which goes to 100%

Oops. Sorry. What about a reboot?

reboot doesn’t make any difference, the problems continue as long as the incoming connections are still being attempted.

Any unsual activity in your logs? You might want to post a sample here or screenshots of your Connections window. Remember to mask any private info.

Lots of incoming TCP flag SYN on port 80, from different IPs.

Lots of incoming UDP on random high ports.

A few invalid flags.

A few ICMP.

A few normal attacks on 1026, 1027.