I have just installed the Firewall only on a familiy PC and have the Security Level set to “safe”.
I’ve defined the Home Network as a new trusted network and now I have two new Global Rules:
Allow All in & out if sender/target is in Home Network.
Why do I still get popups like “System is trying to receive a connection from internet”
Remote: 192.168.0.12 - TCP
Port: UPNP&SSDP(2869)
The Home Network is:
192.168.0.10
255.255.255.0
Should the global rules allow this connection?
There is no separate application rule for System.
Because there is no separate rule for “system”, CF asks if it is okay for it to receive the connection.
I’d advise you to make a rule for system to accept the/any connection if it comes or leaves from private network address (source address is set to Home Network, for example). Otherwise UPnP should be strictly blocked. Best to do it on global scale.
If you did not know, CF works like this: Incoming connections first go through global rules, then application rules. Outgoing connections do the reverse, frist go through application rules, then global ones.
Therefore, outgoing traffic has to 'pass' both the application rule then any global rules before it is allowed out of your system. Similarly, incoming traffic has to 'pass' any global rules first then application specific rules that may apply to the packet.
This is how I understand it:
CIS receives an incoming connection
checks global rules and if allowed
checks application rules for the application which receives the connection request
if no specific rule is found connection is allowed
else the connection request gets processed according to the application rule
I'd advise you to make a rule for system to accept the/any connection if it comes or leaves from private network address (source address is set to Home Network, for example). Otherwise UPnP should be strictly blocked. Best to do it on global scale.
This is what I've done.
I've allowed all IN/OUT connections for "system" (and I think "svchost") from the network and blocked everything else.
@Valentin:
Unfortunately I’m currently not at the PC. I’ve setup a family PC and don’t know when I have access to it again.
Besides that I’m not absolutely sure what exactly you mean.
If I remember correctly 192.168.0.10 should be the concerning PC, 192.168.0.1 the router and 192.168.0.12 my laptop where the incoming requests came from (over a WLAN connection).
I’m occasionally using Teamviewer to connect to that PC.
But primarily to help with other problems
As long as only connections from within the subnet (home network) are allowed no harm should be done, or?
Only trusted computers use the network.
Yeah, I know, if somehow a PC in the network gets infected the malicious program could try to spread through the home network.
But I assume this is the price to pay.
If no rule is present, behavior depends on your firewalls settings. Otherwise correct.
But aren't the essential firewall settings the global and application rules?
Yes, I have unrestricted traffic through my home network. Any specific blocking rules that I need inside it go above that rule in global ruleset, so they apply to home network too. I see no problem with that, tho I don’t use UPnP and have it totally blocked.
There are some settings in Firewall Behavior Settings at CF firewall-screen. Check them out. They set how firewall handles unknown connections from trusted and unknown applications. Also alert settings are there.
Firewall Level = safe
Incoming connections from Home Network are allowed in global rules.
winvnc.exe is started and in trusted files but I’ve set no specific application rule for it.
When I try to establish a connection from another PC I still get an incoming connection request for winvnc.exe.
Apparently a separate application rule for allowing incoming connections is always needed.
The firewall behavior settings don’t change this.
Never mind, everything’s working.
I was always using the custom policy mode for the firewall at home and did set separate application rules anyway.
Thank you all and kind regards!
Edit: Another question to be sure
The IP protocol in Comodo comprises all other protocol like TCP, UDP, etc., correct?
Yes, in CF Internet protocol (IP) seems to comprise any protocol that works on IP. Also ICMP and IGMP, even though OSI modle classifies them as network layer protocols.
To make it simple, anything that is transmitted through IP addresses is working on internet protocol. If you look closely, you find a tab when IP is selected as protocol where you can specify a protocol number. For example, TCP protocol os IP number six.
Protocol numbers canbe found at IANA web site.
More information about protocols and layers can be found on Wikipedia.
