Firewall events - Continuous "Windows Operating System" connection attempts

This morning I got a connection attempt on lsass.exe from an ip located, I believe, in the US, on port 500. I denied access, of course. But ever since, I keep getting connection attempt which read as follow:
the process is Windows Operating system; most of the attempts are made by ISPs as it seem [I looked them up on whois ip] from germany and saudi arabia, some by made to Also, ever since, the Defense module reads firefox.exe as attempting a DNS/RPC Client Access action on \RPC Control\DNSresolver target. I googled this in vain and can’t find anything similar. Has anyone got an idea?
Thanks, B

LSASS.exe is responsible for enforcing the security policy on your system.
Do a complete virus scan to ensure you are not infected by any worms.

That was the first order of business and nothing was found, I did both spyware and virus scans, lsass.exe is clean [I thought of that trojan isass.exe infection] and just in one copy [\system32].
Anyway, these connection attempts just keep pouring in, 2-3 every minute.
How can I make sure in Comodo settings that just my http ports are open and the rest blocked? I can’t find anything about port forwarding or asnything like that.

If your pc has been rootkit(ed), any antivirus/antimalware scan will return negative result. I can say this because I were hit which what I still don’t know, only thing I know for sure is my boot disk’s MBR has been hijacted. If I boot normally into windows nothing happens, but if I boot into Windows Recovery console, the MBR is gone, and the disk is unreadable

The first sign is a Comodo popup similar to your, mine said:
Windows operating system want to connect to the internet: ip 224.0.0.x (which is a reserved broadcast channel) and further, comodo said it cannot locate the process that made the request.

I would suggest that you try some rootkit detection at, however I have not try this (I’m just learn of it in the last few days, and my pc had been infected for more than a month and currently powered down)

I’m currently try to make a windows boot disk from this

hope this help


You can set CIS stealth by using the Stealth Ports Wizard under Firewall → Commom Tasks. Run the wizard and select the bottom choice → Finish.

To open a port follow this:
To open the port TCP 1723

Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port VPM

Are you using an updated version of Windows? To know where an IP is from: .

Source address: Any
Destination Address: Choose MAC or Single IP address (only when it is fixed) or Host Name
Source Port: Any
Destination Port: 1723

Then push Apply → Ok.