Please can someone answer this from a previous post:
When the firewall blocked me from connecting with other players the application that was blocked was “Windows Operating System”; this is different to “System” and svchost as they are shown as System or svchost.exe in the Firewall Events (log). What process is “Windows Operating System”? There aren’t any rules about it in the Network Security Policy.
Thanks, Ben.
I told you what to do. I sent you a link. Make it outgoing only. That is part of Windows. Read that post.
Look at my screen shot reply #253.
Application-less traffic. I use it as part of an alternative replacement to global rules because of my preference. A little info about in FAQ Threads:
[quote=Myself :P]
Advanced Ruleset To Replace Global Rules
https://forums.comodo.com/index.php/topic,18580.0.html
Like I said above, if I set them to outgoing only then ICS doesn’t work at all. I had to add rules into System after making the outgoing only rule - check the attachments.
[quote author=Soyabeaner link=topic=23391.msg165497#msg165497 date=1212158214]
Application-less traffic. I use it as part of an alternative replacement to global rules because of my preference. A little info about in FAQ Threads:
[b]Advanced Ruleset To Replace Global Rules[/b] https://forums.comodo.com/index.php/topic,18580.0.html
see next post
I don’t have that in the Network Security Policy - no “Windows Operating System”. As it isn’t there and it isn’t an application, how do I get it onto the Network Security Policy?
As its “Windows Operating System” that’s blocking me from connecting to other players when trying to play games via the PS3, and it isn’t listed in the Network security, doesn’t that mean it is one of my global rules that is blocking access? The only global rule I have blocking, is the ECHO request one - is it ok to remove this rule as it appears this is the problem?
P.S. In global rules the echo request block rule isn’t set to be logged so now I am confused…
I think I need to find a way of getting “Windows Operating System” into the Network Security Policy.
If you don’t have it then add them. Simply go to Firewall/Advanced/Network Security Policy and click on add. Add from running processes.
Thanks, I just added Windows Operating System 
I changed the rules for svchost, System and Windows Operating System to “Ask , IP in/out” - added that rule at the bottom or changed it from block to add. These rules are still being logged if fired. Then I can look at the log and permanently allow the individual IP’s of people I have tried to play with so that I won’t have the hassle of running downtsairs and clicking allow for every game; I can also tick the box to remember this answer.
I’ll just test this now on the PS3.
If somebody could come up with some rules to try that would be great. That’s rules for global, Windows Operating System, System and svchost.
Thanks, Ben.
If I look in the log it shows alot of occasions where something was asked, usually ICMP from Type 3 or 11 to code 3, 0 or 1… I wasn’t asked anything. This is before I even turned the PS3 on.
I am probably not being asked because they are ECHO requests and Comodo Firewall Pro is blocking them.
I seriously need some help on some rules (see previous post) - also check PS3 2 attachment.
I’ve copied the block ICMP echo request global rule into the Windows Operating System rules and put it above the ask rule as I don’t think that this is needed for anything - hence the global block rule.
P.S. Please can somebody check reply 19.
Thanks, Ben.
I just got another warning, like in post 19 but for System. I suppose I should just block these requests but I wasn’t certain. Nex time I get a warning like this should I block it and tick remember this answer?
(see attachment)
[attachment deleted by admin]
I’m just coming back online here, beginning my work day.
Re your post #19, and the one just before this… Yes, block these. The first was from China, 61.153.18.10 on TCP/135, and the second from the US (Texas), 75.23.75.89 on UDP/137.
These are the typical Internet junk traffic probing Netbois and Windows Networking ports, looking for unpatched and otherwise unprotected machines. These ports ( 135, 137, 138, 139, and 445, both TCP and UDP) should never ever be accessible from the Internet.
I’m catching up on the posts from last night, and will have some more in a little bit.
OK thanks, I’ll look forward to your next posts.
EDIT: Another concern/annoyance is that as soon as I close utorrent I continually get hundreds of requests with the destination port the same as utorrent. Its not really a concern just an annoyance, I suppose.
Just about to test the PS3 with new ask rules in a sec.
What port do you have uTorrent set to? Try changing your port. I told you what to do with “system”. Make it outgoing only.
I’ve made some sense of your Global Rules, as you initially posted them. I’ve not tried to follow up on changes since.
What follows is based on the appearance that the PS3 needs to be a DMZ host. If that’s not true, then the following is good for a fright, and that’s about it.
For the PS3 to appear as a DMZ host, it means there can’t be any Global Rules. All traffic has to pass, and the ICS host is providing network address translation.
This is kind of security insanity. But it seems it’s the only way for the PS3 to be contacted by direct connection from the Internet, just like a DMZ host would be accessible. And it means that you have absolutely got to lock down your ICS host, and your LAN hosts.
Because the PS3 isn’t running any kind of application on your ICS host, you’ll need CFP to have Application Rules to do the lock down of the ICS host. If you aren’t careful, then your ICS host will get compromised. Those network probes will likely find something on the next round of Microsoft patches this month or next month or whenever. It makes for a fragile security model on your ICS host, that may take a lot of continuing tinkering.
All other LAN PC’s will need to be armored, just like they’re exposed to the Internet. Because they are. The only thing the ICS host is providing, is network address translation, and maybe LAN-wide boot time DHCP services.
The alternative to this, is a router/NAT box. I’m much more comfortable with this, as it is more robust against mistakes. The LAN configuration goes like this:
Internet – bridge – router/NAT ±---- ICS host ----- other PCs
+
±-- PS3 as a DMZ host from the router
This way the ICS host is providing front end security to the other LAN PC’s and is itself protected from the Internet. CFP running on the ICS host can actually protect things in this setup.
I just tested the PS3 with the new ask rules but everything still got automatically blocked - I didn’t receive a warning box. It showed blocked in the log. :S
I also noticed some outgoing ECHO requests sent from my PC which were logged as either ASK or BLOCK but were clearly all blocked. - See attachment. Why would Windows Operating System be sending ECHO requests?
My theory is that this is to do with when I search for other players on Euro 2008 or with the rating of other people’s connection quality in the Euro 2008 lobbies.
P.S. I started posting this before your new post grue155.
[attachment deleted by admin]
I’m suspecting the outbound ICMP traffic is related to your p2p application. These use outbound ping (ICMP 8.0) to see if a remote client is still there. And outbound error conditions (ICMP 3.x) to say that something isn’t working here at the moment, and for the remote machine to try again later or to not try again at all.
Blocking these outbound ICMP 3.x (specifically the ICMP 3.3 port unreachable) is why all those remote machines keep trying to reach your p2p server after you’ve turned your server off. They don’t know it’s turned off until tehy get told the port is no longer available.
As when people try to connect to me when on the PS3 it shows the destination address as my IP and not 192.168.0.25 or My IP / 192.168.0.25 then the rules that are created for Windows Operating System appear to have to be the same, like you are saying causing the ICS host to be insecure. It would be good if Comodo Firewall Pro could detect what was aimed at the host computer and what was aimed at the PS3 / other PC’s. Then we could set rules for just the PS3 and not the PS3 and the ICS host PC. Note to Comodo- if you can differentiate between where traffic is aimed give users the option to create custom rules depending on where the traffic is aimed, e.g. which internet device in the ICS set-up. Hopefully this can be added in an update.
Ideally I wouldn’t use ICS at all and would just get a router putting everything separately into DMZ and letting Comodo Firewall Pro do the protection for each computer independently. The router that I have at the moment doesn’t seem to work with PPOE; if we can’t get ICS to work I will give it another try though; posting for help about that on the Comodo forum though probably wouldn’t yield many responses - i’ll have a look later to see if there is a section on routers - (fingers-crossed lol).
I’m just going to play around with a few rules a bit more and I think that adding a few ask rules at the top in the global rules part would yield some sort of result, causing no security vulnerabliy. I would however have to run downstairs quickly and click allow and within this time the other player may have left.
P.S. I started posting this before your new post grue155.
So should I make a rule to allow these requests (outbound only)?
Thanks for the help btw.
I’m still getting the Type(8), Code(0) requests now so they don’t seem to be related to the PS3 so you are probably right.
BTW I’m getting these outbound requests a long time after I’ve closed utorrent.