Incoming alert for "system", allow or block?

I’ve just discovered that I haven’t been getting Windows Updates for over a month. It turned out that both System and Svchost were bring blocked by Comodo (probably finger trouble a while back). After a lot of poking around I gave up and uninstalled Comodo then loaded a fresh copy; that solved the problem but now I’m at a loss as to what to allow or block. In particular, I get an alert saying “System is trying to receive a connection from the internet” (which I think is my router’s IP).
Should I permanently allow or block attempts to connect to System (and Svchost as well)? It looks to me like my computer is receiving request from my router but I don’t know if this is local traffic or actually port scanning from outside. I don’t want to inadvertently block something I shouldn’t and then find myself back at the beginning and have to do a reinstall to get things working again.

{Windows XP Home, 5.1.2600 Service Pack 2. Comodo Firewall Pro, Belkin 54g WiFi}

Thanks for any advice on this, I’m still finding my way around after having used ZA for many years.

In 3.14.276 there is a new application category called “Windows Updater Applications”. If there is not already a rule to allow TCP/UDP Out, you can add the rule by selecting “add” with WUA as the application and making a rule to allow tcp/udo out, followed by a block all and log. You can do the same thing for system. You shouldn’t need to allow inbound connections to either function-I don’t with Vista, and just did an autoupdate for Windows Defender this morning. What protocols and ports are involved in the connection attempts from your router? There is other LAN traffic (that you can usually ignore) going on all the time.

Thanks sded! Can you point me in the right direction please to add the rule to allow TCP/UDP Out, I’m a bit confused at the moment with the f/wall GUI?
System is trying to receive a remote connection on Port nbname(xxx) from - UDP.
I’ll block all inbound connection attempts for now.

Go to firewall/advanced/Network Security Policies for a list of your rulesets
See if there is one for “Windows updater applications”
If not select “add”, then select “windows updater applications” then
rule allow/TCP&UDP/out/any/any/any/any followed by rule block&log/ip/in&out/any/any/any
UDP nbname packets on port 137 are router traffic you can ignore or add a specific rule to block and not log under “system” to make them disappear

I have version 3.0.25 of Firewall pro and I am facing the same Incoming Alert asking to Block or Allow for “System”. I have the Windows Updater Applications in my application rules allowed “out” as recommended in the previous message/thread.

What do I do? Block or Allow “system”. And what does “system” do?


System is part of Windows. Make it outgoing only. Read here.

Thanks. I did that, but now I’m comfortable with the choice. I went to your thread, but couldn’t find the answer. Not important enough to lose sleep.