Firewall problem with System

Just did a re-install of CIS (latest version) and set it to the Proactive setting.

Now I get these Firewall alerts for System wanting to recieve something from the Internet.
My current action has been to block it.

Also, I am on/using a proxy server - if that helps.

It is safe to allow, as I am not sure what to do?

[attachment deleted by admin]

Hello,

My name is Jacob Kilgore
I’m one of the Comodo Forum Moderators
I would like to answer your question for you.

For System/SVCHOST.exe should be “Out Going”
I’ll ask one of the Moderators to Double Check This Reply

  • Jacob Kilgore
    C-O-M-O-D-O Forum Moderator

Thank you.

But I also got a Firewall alert for ‘Windows Operating System’.

Solution.

1.go to TCP/IP setting.
2.Disable NETBIOS.

You don’t need NETBIOS if you don’t use your PC on LAN for sharing folders or network group.
If you use sharing folders and network on LAN enable it, otherwise disable it.
Also I don’t recommend you using NETBIOS for the safety reason.

After do this, if you still have same problem or any other problems.
Let me know your system details including network settings.

When I first got the Windows Operating System firewall alert I set it to block, as I was unsure ???

I have disabled the NetBIOS.

I just checked the logs now and still ‘Windows Operating System’ are being blocked, but the Destination ports are different now.

Do just like this.

go to here.

You will see what you did before.
Remove the rules what you did before.
Add system rules to following screen shot then click ‘apply’
Do that exaclty same with screen shot.

[attachment deleted by admin]

Did you disable Windows Operating System firewall?
If you didn’t
1.go to control panel
2.go to windows firewall
3.disable firewall
4.reboot

I have changed the System to what you posted.

[attachment deleted by admin]

Ok now do this.
You are getting close to slove the problem.

now clear?

[attachment deleted by admin]

I disabled the Windows Firewall and rebooted.
Still intrusion attempts.

Ran the Stealth Ports wizards.
Intrusion attempts stopped :slight_smile:

edit: I am using Windows Vista Home Premium SP1

So all cleared?

Congratulations!

Let me explain little bit about port.

If you use ‘block all incomming connections’ on the stealth ports wizard, your router or proxy
server can’t connect your PC properly. Because they connect PC via the NIC(network interface card=lan card)port. That’s why you had that problems. Actually it was not real intrusion.

I just did a reboot and recieved another firewall alert, I didn’t click on allow or block - by the time I returned it had gone.

What is Type(3) port?
Also what should I change my Firewall rule for Windows Operating System?

Thanks

edit: When I first connected my computer to this network, Windows [Network and Sharing Center] prompted me with Home, Work or Public, I chose Public - (on a university network).

[attachment deleted by admin]

ICMP port unreachable(Type 3)

I’m gonna explain about network and protocol shortly.

Source IP: it’s an attacker’s ip or some normal ip just want to know about your pc’s information(eg.
network pc name or which port is opened)

Destination IP: this is your IP address.

in case of your screen shot.

121.15.245.215:this is what we call ‘zombie pc’ controlled by botnet admin(criminal)
where? it’s from china. 121.15.245.215 is usually tries to attack port 1080,3128,8000.
Most of bot attacks come from china, russia, usa now a days.(rainking 1st is USA,
2nd CHINA by Statistics-but real world? Ranking 1st is CHINA)
So this alert is normal. If alert pop-up bothers you, just change alert option on comodo firewall)

212.219.255.168: your IP.

type(3) it’s one of ICMP(Internet Control Message Protocol).
When you or somebody want to check the PC is still alive or not,
you normally use ‘ping’ command on CMD.
that’s right… ping command uses ICMP.

72.9.241.58: comodo threatcast server.(u should allow it)
There is a threatcat option on your comodo firewall.
It is turned on, but you blocked that IP(72.9.241.58).
So…
1.ICMP packet from your pc automatically by comodo firewall>> comodo threatcast server
2.threatcast server respond it with ICMP>>send reply(ICMP) to your PC
3.But you already blocked 72.9.241.58
4.then your PC recognize it ‘ICMP port unreachable’(=type3)
5.now you know how to change the option for type3 alert.
(also you can disable threatcast option(this option is not that important) or
delete older policy for 72.9.241.58 then remake(allow) it)
how to disable threatcast?
look at the follow screen shots.

Now let’s talk about [Network and Sharing Center].
Even if you are using your pc on the campus(dorm or any where on campus),
DO NOT choose public until you need it. Because when you choose work or public,
all of people who are using same network with you on the campus.
They can see you folders if you allow it. Even if not allowed somebody can
attack your pc with ‘Brute Force attack(put ID/Password with brute force attack
tool automatically until passed’ or Windows vulnerability attack.
You are using firewall so you will not have that problem.
But Netbois alerts will bother you alot.
So just choose HOME.

[attachment deleted by admin]

Helpful information :slight_smile:

Changed the Network to Private - I guess that it the same as Home
[http://windowshelp.microsoft.com/Windows/en-US/help/6ed24a90-6b57-4f0f-a3b3-e521ae945f331033.mspx]

Thank you