firewall events

Hi all,

I’m trying the latest CIS free version under Win Vista SP1 patched to latest level and I found something weird in firewall events:

when blocking e.g. UDP communication it is writing as application “Windows Operating System”. Is there a way how to find out which executable is being blocked (as log with this kind of application description is not usable at all)?

Thank you

Can you post a screenshot of the traffic you see? It may be just regular communication with a local router.

Hi Eric,

please see the screenshot. it looks like it is not communicating with wouter …1 only, but also with other PCs. SO I’m confused why it writes out for IP where is …2 or …3 Windows operating system

[attachment deleted by admin]