I have installed Comodo Firewall (not Anti virus) v4.1.150349.920 on two PCs.
Under Firewall → Advanced → Network Security Policy → Application Rules there are rules which use File Groups that are Comodo created but I cannot find which files are within these Groups (I have looked under Groups in My Protected Files). The Group names are:
“Windows Operating System”
While I can guess which files are probably included I would like to know exactly.
You can find these groups on the Defense+ tab (protected files, press Groups button and it should show up).
And the files that are part of this group should just show up on the firewall policy if you expand it.
Please go to Defense+ and open “View active process list”
Now there are “Windows Operating System” and “System” that’s the two you are looking for.
Their not groups, just internal Windows processes.
System is used for example when you connect to a network share, or when your system uses Multicast to join Multicast groups.
WOS is used by low-level stuff, normally there should not be traffic outgoing from WOS.
A known outgoing is for example Nmap the port scanner in combination with WinPcap the packet driver, that can cause outgoing traffic for WOS.
There could be traffic showing up that matches firewall blocked rules on incoming traffic.
Say for example you run an application like torrent, and lot’s of people connect to your system on different ports, and all these ports are handled by the torrent app. Now you close the torrent app and Windows/Firewall/CIS does no longer know where they have to leave the still incoming connections from people who think you are still sharing… This traffic that “ends up nowhere” will be logged against “Windows Operating System” cause that’s the last place to live for those requests.
It then seems very strange/very worrying that under Firewall → Advanced → Network Security Policy → Application Rules Comodo has created an Applications Rule for the “Windows Operating System” that allows all outgoing traffic??
Comodo would not let me access the internet without creating that rule from an alert!!!