Follow on from My last post concerning fireall intrusions(*new info)

since installing comodo fireall sumtime ago i have chose to block…system…which periodically attempts to recieve a unknown connection from the internet…
Can any1 confirm this to be the cuplrit of my numberous and abnormal amount of blocked intrusions.??

my sys is clean scanned with everything recoomended and more

thanks 2 all for previous help and any that might follow
dean

Hey there,

As far as I know it’s normal that system is requesting to go outbound, so you can safely allow that. Inbound however could be dangerous…

Xan

Hang on, I’m requesting other mods help as I’m not so much into the CIS :).

just a question … is this a processor log or a firewall log as it states the core temperatures etc ???

Xan

hey sorry ive just corrected that lol

Could you change the rules from system to outgoing only, just delete the rule and when ask go to predefined policies : outgoing only (look here if you don’t know how)

Xan

ok have done now what repost log in a bit??

still recieving roughly an attack every 3-4secs

Strange, are you on a network or something ?

Xan

nope just my home/work pc
like i said last nite in the other post around 4000 intrusion attempts in a few hours

really want to get to the bottom of this

also do i need to alow system to connect to the internet??

Just use the predefined rule : outgoing only
Can I ask you with which products you scanned ?

Xan

i have used the predifned rule for system i will post the log in a minute,
scanned with
comodo av.full scan
malwarebytes.full scan
superantispyware.full scan
kaspersky online.
bit defender deep scan.

thanks
dean

also posted a log of hijack this and nothing suspicious detected.

log

[attachment deleted by admin]

also should svhost be allowed both in/out??as have it set to that,cheers 4 help

also should svhost be allowed both in/out??as have it set to that,cheers 4 help
Svchost should also be outgoing only

Xan

Just to give you an update, here are my rules for System (see pic)

Xan

[attachment deleted by admin]

active connections are as follows
system 32 alg.exe-tcp listeneing
system 32 svhost.exe-udp out
system 32.exe tcp listening/tcp in

and my browser…

That should be normal, are you still getting the attacks ?

Xan

ok.
Yes all trying to get to windows operating system.a few to system since in changed the rule…so thanks for that 1…any more advise on this 1?

dean

As for “system”, you can probably disable it from accessing the internet completely (both in and out) I have done so on various computers with no problems.

Windows update still work, I don’t understands why it needs to connect to the internet really, but I guess some setups needs the “system” to have internet, but if your setup don’t then block it (you notice if you need it).