Firewall alarm involving Sychost.exe

Hi,

Can anyone tell me why I keep getting this alert when Windows starts up, and most importantly, what I should do with this request?

Not being an expert in computers, the info available in the Firewall Event section could not help me figure this out.

Is there any other info I should provide to help anyone answer this question?

Thanks

Windows XP SP3 (32-bit)
KAV 2011, Prevx 3.0

[attachment deleted by admin]

Hi Sarastro,

When in doubt you should block it.
I had the same question a few moths ago (in my case was after initializing Utorrent). See this link, a made a few questions and a moderator answer them.
Hope it will help.

Regards

https://forums.comodo.com/firewall-help-cis/receiving-connection-from-the-internet-t62066.0.html

See this too https://forums.comodo.com/firewall-help-cis/all-about-svchostexe-t58549.0.html

Hi Peter5,

Thanks for your reply! Based on the info you gave me, I will surely block that request. That said, it would be good to know how to “cancel” my decision, should I find out later that I should have allowed that request.

Since I am not all that familiar with Comodo Firewall, could you tell me how to reverse such a decision? It would be much appreciated! (I already looked at the many firewall options, but I am still not sure what to do in that case)

Best regards

The remote ip is 192.168.0.1, local and unroutable, most probably the routers LAN ip (and not it’s WAN side).

Upnp requests on the LAN are related to local network discovery, they are most certainly useless, but shall occur as long as the ssdp service is not disabled.

However, they are most certainly not a security threat outside of multi-user corporate networks, and do not need to be blocked on the behalf of an “in doubt” opinion.

Peter5, you probably should “doubt” about your own basic knowledge of LAN before writing.

Concerning utorrent, TCP connexions shall of course occur for remote ip external to the LAN, and have therefore nothing relevant to the present situation.

Hi Brucine,

Thanks for your advice. Reading you make me realize how much I need to learn about computers and firewalls in general, in order to make the right decisions regarding my firewall alerts. Do you know of any good website where I could learn the basics of such knowledge?

Thanks again!

the basic important rule is:

DONT allow ingoing requests. there is no one in the internet scanning other computers to help them!

use only outgoing rules for (all) applications (as far as they run like they should then, 99% do run fine). so your requests go out, and the requested answer can come in though. EDIT: …IF you want a programm to have access to the internet :slight_smile: !

use the “stealth port wizard” to generate a global rule “block ingoing IP” (in this case ip means ALL PROTOCOLLS). hide me from everyone. then you dont have to answer about unrequested ingoing attempts at all.

OK. I made the changes in the “stealth ports wizard”!

Thanks you!

I don’t agree.

If, of course, inbound must be denied in most situations, it is obviously not the case if e.g. running a FTP server on the WAN side, and does not apply, if more then one computer, to LAN communications if the said LAN is operated from a same person or a trusted group (family…).

Separate rules must be made in these conditions for the unroutable local ip (192.168.0.n and localhost 127.0.0.1 in the present situation) and other ip.

Moreover, i still do not agree that everything should be allowed outbound and denied inbound: no one wants, on a principle basis and even if not holding defense classified informations, his computer to leak private data to the whole world.

The safe behavior is not to allow everything outbound, but to only allow what is strictly necessary (e.g. your mail client is only allowed ports 25 and 110 for the dns of your isp), and the firewall should as a consequence be fully customized in order to only allow what is needed.

then you misunderstood me brucine…

“basic(!) rule”

“DONT allow ingoing requests. there is no one in the internet(<—!) scanning other computers to help them!”

“use only(<—!exception from usual not giving internet access, and not an advice to let everything leak) outgoing rules… 99% do run fine” (the other 1% includes servers and p2p)."

“hide me from everyone. then you dont have to answer about unrequested(<—!) ingoing attempts at all.”

"so your(<—!) requests(<-----doesnt mean let everything leak!) can go out, , and the requested answer can come in though.

i think, there is nothing wrong with that.