I woke up from the sound of the firewall alert and clicked allow without thinking and allowed a connection to svchost from this ip address which I looked up http://www.ip-adress.com/ip_tracer/220.127.116.11. Now I am worried and want to undo this decision but cannot figure it out at all. Please help.
Can anyone help me? This was the event in log.
[attachment deleted by admin]
- Open CIS main GUI.
- Click “Tasks” next to the green arrow in the top right corner.
- Expand “Firewall Tasks”
- Click “Open Advanced Settings”
- Click “Application Rules” in the left menu.
- Find “svchost” in the list (you can search by pressing CTRL+F)
- Right-click the svchost entry and click “Edit”
- Find the right rule and right-click it then press “Remove”
- Apply the settings by clicking “Ok” on all windows.
Hope that helps, if you have any questions then just ask.
Thank you for responding to me, I navigated to where you said and there is only one rule there. There is no record of the decision I made. Do you know the reason for this random alert while I was sleeping? Should I be worried that I allowed it?
[attachment deleted by admin]
You seem to have the alert frequency set to a low setting which means that by pressing yes to the alert you did not only allow that one IP address in but ALL IP addresses in, I’d recommend you remove that rule you see as soon as possible as it can be a security issue.
I have changed to very high alert and I have removed all rules that were in that area (not just the svchost.exe) one. What should I do now?
You can change the alert frequency by in the left menu going to “Firewall Settings”
I recommend reading this to find a level that suits you:
The options available are:
Very High: The firewall shows separate alerts for outgoing and incoming connection requests for both TCP and UDP protocols on specific ports and for specific IP addresses, for an application. This setting provides the highest degree of visibility to inbound and outbound connection attempts but leads to a proliferation of firewall alerts. For example, using a browser to connect to your Internet home-page may generate as many as 5 separate alerts for an outgoing TCP connection alone.
High: The firewall shows separate alerts for outgoing and incoming connection requests for both TCP and UDP protocols on specific ports for an application.
Medium: The firewall shows alerts for outgoing and incoming connection requests for both TCP and UDP protocols for an application.
Low: The firewall shows alerts for outgoing and incoming connection requests for an application. This is the setting recommended by Comodo and is suitable for the majority of users.
Very Low: The firewall shows only one alert for an application.
I have selected medium for now but I would like to reset the firewall to default settings as I have made decisions in this low alert level which seems to be very unsafe even though they say it is good to use for most users. How can I do this?
Well the low alert isn’t really unsafe as long as you don’t allow things going IN since that would allow ALL things to go IN to that program.
I don’t really know how to only reset the firewall application rules, it’s either a full configuration reset or you manually remove the rules that have “Allow IP In From MAC Any To MAC Any Where Protocol Is Any” unless the program really needs it.
Full configuration reset is fine to me, I want to be safe. This just means I will have to deal with a lot of alerts again like in the beginning of using the firewall. I will have to re add applications like games to trusted application and other such things? This is fine by me.
I’m not sure about trusted applications, but all settings and rules would be reset.
To reset the configuration:
- In the left menu of Advanced settings, expand “General Settings”.
- Click “Configuration” in the left menu.
- Right-click anywhere in the area to the right and click “Import”
- Navigate to C:\Program Files\COMODO\COMODO Internet Security and choose the configuration you want to use.
- Import it and click “Ok” to everything and then start reapplying your settings.
I’d also recommend taking a look at this Article written by Chiron (a moderator on this forum) [u]High quality HDMI cables in comparison - Gizmo's Best
Thank you very much for all of your help and the link to the article. I think I am done asking questions for now.