I keep getting this, should I allow it?

Sometimes, during the times I surf the web, COMODO give this window:


either it’s svchost.exe or something else (system.exe, I think, or sometimes Firefox), anyhow, it said the application is trying to receive a connection from the internet.

Sometimes, it comes from another remote address…

FYI, I use a DSL connection which requires user name & password.

Should I allow it?

Here is a quote from GRC I would NOT ALLOW anything going by this.
Dennis.

Port 135 is certainly not a port that needs to be, or should be, exposed to the Internet. Hacker tools such as “epdump” (Endpoint Dump) are able to immediately identify every DCOM-related server/service running on the user’s hosting computer and match them up with known exploits against those services.
Any machines placed behind a NAT router (any typical residential or small business broadband IP-sharing router) will be inherently safe. And any good personal software firewall should also be able to easily block port 135 from external exposure. That’s what you want.

In addition, many security conscious ISPs are now blocking port 135 along with the notorious “NetBIOS Trio” of ports (137-139). So even without any of your own proactive security, you may find that port 135 has been blocked and stealthed on your behalf by your ISP.

Going Further: Closing port 135

The widespread exposure and insecurity of this port has generated a great deal of concern among PC gurus. This has resulted in several approaches to shutting down the Windows DCOM server and firmly closing port 135 once and for all. Although applications may be “DCOM enabled” or “DCOM aware”, very few, if any, are actually dependent upon the presence of its services. Consequently, it is usually possible (and generally desirable if you’re comfortable doing such things) to shut down DCOM and close port 135 without any ill effects. (The fewer things running in a Windows system, the fewer things to suck up RAM and slow everything else down.)

+1

Port 135 should NEVER be able to receive an inbound connection.

EVER

I would recommend that you set up a Global Policy to explicitly block inbound port 135 requests from all IPs.

If your DSL connection is via a NAT router, I have a good, hard look at how the firewall is set up, as it should have caught this before it got to CFP.

Ewen :slight_smile:

thanks for your advice. I immediately use a global policy to block incoming connection from any IPs.

CMIIW, but apparently, hackers do try to access home PC as well…

Oh, one more thing:
do you consider it’s safer and easier to use the ‘stealth port wizard’ to block all incoming connection, so I don’t have to worry about any suspicious things in the future?

Yep - recommended

Do you have a dial-up connection without a router?

oh, I have a router. May I ask why did you ask? Sorry, I’m new with firewall & network ‘world’ :stuck_out_tongue:

Well usually routers don’t forward Microsoft file & printing sharing ports from internet to the private lan.
I guess you should check you router settings too.

I just checked it, it appears that the firewall and DoS protection were disabled. I’ve enabled them.

thanks, guys :-TU