firewall logs

system · December 21, 2007, 3:36pm

Hi All

I have just reinstalled Comodo, after having some stealth problems, which see okay now as they are passing the test at ShieldsUp, PC Flank.

This Is what i get in the logs
Windows operating system
C:\Windows\system32\svchost
System

I have Placed a attachment with my logs.
Are they okay as i think that they are different then before

Cheers

[attachment deleted by admin]

AnotherOne · December 21, 2007, 7:44pm

A couple of them look a bit suspicious, but most seem to be the usual ISP traffic and other common connection attempts. Check the IP addresses at: http://www.whois.sc/ to see if there are any that you don’t recognize. I don’t get these connection attempts any more - they seem to quit after a while and I have not had any problems as a result.

bluesjunior · December 21, 2007, 9:09pm

I am also getting loads of these being blocked ( approx one every 5 seconds) except the Destination IP is 255.255.255.255. I haven’t a clue as to what they mean but would like someone to explain how to set a rule so as I didn’t get them anymore. Bear in mind that i am old and not very PC technical.

system · December 22, 2007, 5:47am

thanks AnotherOne

I will check out a few Ip addresses and see what i get

hi bluesjunior

Cheers

AnotherOne · December 25, 2007, 5:26am

Hi bluesjunior - A common connection is 0.0.0.0 to 255.255.255.255 - it appears to be a system connection and should be allowed. Have you written rules for the firewall? I don’t recall which process makes that connection since I have allowed it on my computer. Would you reply with the process name?

bluesjunior · December 25, 2007, 8:19pm

Thanks AnotherOne for the reply. The process is Windows Operating System.

AnotherOne · December 26, 2007, 6:31am

Now another question: have you written a Custom Policy for WOS or do you use one of the Predefined Policies? The simplest fix is to Add a rule to the policy used for WOS. If you have selected “Use a Custom Policy”, you can just do the following: Click Firewall>Advanced>Network Security Policy>(locate and select the WOS entry)>Edit. On the Edit window, click Add and write a rule as follows:
Allow
(check the event log for the protocol being used - or choose IP)
Out
Source 0.0.0.0
Destination 255.255.255.255
IP details Any (OR if using a different protocol: Source port Any Destination port Any)

This may not work if you have a rule for that protocol already defined. To alter that, you will have to edit the IP addresses in your My Network Zones to include the addresses already in the rule defined for WOS as well as the 0.0.0.0 and 255.255.255.255 addresses and use the new Zone in the rule you want to alter. Simplest if you can send the details of the rule that you have defined for WOS so I can advise you better.