Excessive Blocking of System Application in Firewall

Hi:
I’m running the most current version of CIS Home Premium. Over the past few months, I’ve noticed an excessively high number of blocked connection attempts from my router to my PC. Actually, other than the ipv6 reference (shown in attached), this is the only blocking action the firewall has taken over the past several months. I’ve attached the policy in question, and several event entries over the past couple of days. I don’t know if this policy was triggered by me because of a warning about someone attempting to connect to my computer. However, there have been a few hundred blocks since the beginning of March 2012.

Please advise on what I should do with this policy. I should note that I have this exact same policy on my wife’s laptop as well. Again, I’m not sure whether it is a default policy under the proactive configuration, or was triggered as the result of an action I took based on a warning.

Thanks in advance for your help on this matter. SA Jack

[attachment deleted by admin]

Can you tell us what the networks Home #1 and Home #2 are? What IP addresses make those two networks?

Thank you for the prompt reply.

Below are my network zones.

Thanks. -SA Jack

[attachment deleted by admin]

Are you using a virtual machine like Wmware or Virtual Box? The rule for Network Home #1 could be for making a network connection with a vm a trusted connection to be able to share files, folders and printer.

The instance for Network Home #2 is for the situation where your machine temporarily did not see a network connection. Windows then gives the network adapter an IP address in the 169 range. Unless you use the network in the 169 for an ad hoc connection with another computer you can remove the entries for Home #2 in Global Rules and the System rule.

On a related note. Do you want your computer to be able to share files, folders and printer with your wife’s laptop?

Looking at the protocol and port being used, I’d guess these are Web Services on Devices requests, which is all part of network discovery environment.

With regard to the network zones, The 192.168.56.1/255.255.255.0 is for Virtualbox host only networking and the 169.254.199.135/255.255.0.0 is APIPA (zero configuration networking) Neither of which need ‘System’ rules unless they’re being used.

Thanks again for the quick response.

I do use Virtual Box for the purpose of taking a look at Windows 8 (Customer Preview). If I recall, that is when Home #1 was created. I took your advise and removed Home #2 from System in the Application Rules and from the Global Rules. I also deleted the Home #2 under Network Zones.

I’ll continue to monitor Firewall Events for a few days and let you know if the problem has been resolved.

It was my intent to share files between my PC and my wife’s laptop; primarily to run backups and drive images to my external HD. However, I was never able to successfully get that setup correctly. Any help or instructional link would be appreciated. Thanks.

Thanks for your help on this matter. -SA Jack

What are you using to perform backups/images?

To enable sharing over the local network run the Stealth Ports Wizard and choose option 1. In the procedure that follows choose Local Area Network #1.

When done check Global Rules and the rule for System to see that adaptation were made for Local Area Network #1.

You also need to run this procedure on your wife’s computer.

EricJH:
Thank you for the info on configuring a home network with CIS. I’ve updated my PC and I’ll do the same for my wife’s. I had not intended to use the new Home Network within Windows, but rather the old-fashioned Work Group. Do you think there’s any advantage to using Home Group over Work Group. Both PC’s DO NOT share the same account identity and it does appear Home Group can manage that.

Thanks again. -Jack