got this firewall alert when i launch BitTorrent on vista 64

what’s the problem ?
i deleted the BitTorrent rule then recreate it but after i always got those alerts.
some unknown process i have to allow to use BitTorrent…

[attachment deleted by admin]

Looks like CIS has problems detecting the application this call belongs to.
Id you reboot in between the “deletion” of the BitTorrent rule ?

i’m going to try some reboot after deleted the BiTorrent rule to see how it is so, thanks.

ok i deleted all rules in the FW and D+ so i rebooted and launched again BitTorrent.
D+ is learning the BitTorrent prog and i had an alert from the FW about BitTorrent.
the other alert i had is no more there, the problem seems solved.
thanks :wink:

oups, i talked too fast, i started again BitTorrent and got the same FW alert about some windows operating system that wants to connect to various ip.
must be torrent clients i connect to but why this unknown process…
anyway i blocked this windows operating system alert (as i don’t know anything about it) and BitTorrent still works.

i use the protection “Monitor other NDIS protocols than TCP/IP” , can it have a link ?

I think it’s bug related, my guess is that it will be fixed with the next release.

ok thanks for the explanation about the reason why i had this obscure unknown process.

This obscure pseudo process is where it the MS TCP/IP stack revolves around :wink:

this problem happens with vista 64 but not with xp pro 32.
don’t know about vista 32.

the problem is fixed in the new build 477 :slight_smile:

update : error from my part, i still got the same prob with this unknown process with last build 477 on vista 64.

so is this problem comes from vista 64 and comodo or i have some process that is a malware using torrent to communicate,
in case i got no malware, this prob is a 64bit prob only cause it doesnt appear on xp pro 32bit.
i have to test on vista 32 to see if this is a vista problem (any version) or a vista 64bit problem only, or maybe a malware installed on my machine using torrent protocol, but i doubt about that cause of the protection as guardian kernel and digital signature drivers there’s only on vista 64, so malwares can hardly modify the kernel or add some driver that got no signature, it’s impossible to install a driver on vista 64 if it’s not signed. there’s no way to bypass it (in general, but who knows, malwares makers are far from being stupid).
but users are stupid, it remembers me this story about some worm that infected more than 1 million of machines in 24 hours, this happened like the 14 of january 2009 as microsoft released fixes in october 2008.
it has no link with the topic but i know so many people that dont care about updates and think it’s useless but this story shows that the infection could be stopped easely if updates were downloaded and installed…

Yep, Install all updates, do you normal suff as Normal user and more then 85/90% of the malware doesn’t stand a chance :-)) the other 15% should be covered by CIS :wink:

I’ll see if i can reproduce this on a x64 system, can you please post your Bittorrent client and version number you use ?
Maybe you could put Wireshark underneath it to see what is in the packets, and what other connections are going to that address/port ?

i’m using BitTorrent 6.1.2 (build 13422)
i extracted the installer u can DL on BitTorrent site to only get the bittorent installer without the rest like the DNA thing and some toolbar that silently install without asking anything like the DNA thing.
so when u extract this installer, u can get only bittorent with a size of 623KB as the all installer with the things u dont want is 1.65MB.
it’s some µTorrent, cause it installs nothing more than bittorent.exe
but i prefere bittorrent just cause Bram Cohen is the the creator of the BitTorrent peer-to-peer (P2P) file distribution protocol. ( ).
and not like edonkey that created the edonkey P2P protocol but released a not so good client, that’s why eMule took the lead with a far better client.
but in the case of torrent protocol, bittorrent is my favorite one but the installer needs to be extracted to only get the client installer without the things they added.
and the stand alone installer is signed so u are sure it really comes from the real authors.

i’m going to follow your advice about the unknow process comodo detects but i think it’s the same IPs that connect to bittorrent.

i don’t know Wireshark, i’m going to try it.
i’m going to delete my rule about the unknown process to see if it’s the same connexions i got with bittorrent.exe.
thanks for the help.

[attachment deleted by admin]

i deleted this rule about the unknown process that appeared when i used to start bittorent, i deleted bittorent rule too, in the comodo FW,
i rebooted the machine, started bittorrent, had alert about bittorrent connexion, created a rule but got no more alert about the unknown process,
but when i look at the FW logs i can see that now comodo FW is blocking this thing instead of sending me alert about windows operating system, it’s the same thing cause i use a particular port and this is what comodo is now blocking instead of sending me alert.
don’t know why it’s acting like that now and not before…
i’ll see in the next hours or days if this alert appears again but i doubt it will appear again cause now it’s blocked in the FW logs.

this is now the process blocked by comodo, no more FW alert, i did nothing, now comodo is just blocking this.
it comes from bittorent and it’s a lot of connexions blocked, kind of flood.

[attachment deleted by admin]

Only reason i can think of is 1) Attack detection settings (but that seemed not to log anything in the past).
Or it thinks that there is no application listening on port 3310, can you check to see if “Active Connections” shows bittorrent listening on 3310 while this happens ?

Also please check with a command box, netstat -ban to see if it’s still “listening”.

it’s the port 3310 i use for TCPin with BitTorrent, so when i close BitTorrent i got all this flood coming into comodo FW logs.
actually BitTorrent is open so i got no log about comodo blocking some windows process on port 3310 but when i’ll close it i’ll get flooded for many many hours.
this is a BitTorrent protocol problem, it should stop hamering me when i close the app like emule does.

Okay this explains what’s happening.

If the listener 3310 is gone then the Windows Operating System does not know where to go with those packets, so if other torrent users still have your ip+port in the tracker they will still try to “download” from your host, this will then be blocked by WOS because there is nothing there to route the packets to.

I guess it will be difficult with the current implementation, you should never see 1 ip address try it twice, your host should send out an ICMP 3/3 destination unreachable, port unreachable, then the remote host should stop trying… (so don’t block ICMP 3/3 :wink:

ok thank you for this info :-), u, u’re good u :wink:
i’m going to try it right now to allow icmp 3 reply cause i’m fed up with this enormous flood i get when i close BitTorrent.
that’s nonsense, they should insert this into the protocol itself, when no more torrent client is detected as open and sharing they should stop trying to hamering your machine thousands of TCPin,
sometimes i got like 3600 connexions blocked by comodo in one day just with the torrent port, that’s insane.
there’s no problem like that on eMule, when u close the app, the hamering stop very quickly, needs like 1 min or so to have no more people trying to connect to your eMule port.
so WTH with torrent !
and when u dont set torrent the right way to authorise only one port for tcpin and one port for tcpout, then allow only one port in advanced mode, your machine is completly flooded by thousands connexions and it becomes almost impossible to use internet.
this protocol is too intrusive, before i looked into the advanced settings and saw that i was able to set the client to not use all ports of my machine, i hated this protocol, was a nightmare, it’s not possible to let the client with the settings they put by default, and do not share more than one file or u’re dead, imagine me with comodo that blocked more than 3600 connexions in some hours just for torrent, and on comodo logs u got the time, so i was seeing that they were flooding me several times by minutes.
sometimes i still got trying connexions after more than 24hours i closed the torrent client !!! that’s crazy…

hope your tip will work, thank you very much for the help, i was fed up with this permanent overflood.