Iam new here and I have been using Comodo Firewall for a few months now and I am so happy that I found Comodo, I have even recommended i to loads of friends as well :■■■■
I recently made the upgrade to V3 and so far so good, no problems.
One things that’s puzzling me at the moment though is on the main Firewall screen the intrusion attempts keep going up and up litteraly every second. Is this normal behavior? Is there really that many people trying to acsess my pc?
Sorry to sound a bit stupid but i dont have much of an idea about the technical stuff on firewalls.
My is now counting 7929 attempts. But it is a bit misleading because most of them are not real “intrusion attempts” by other people. Especially if you have a router. (I have one) Maybe a program is constantly being blocked. If you want to know more about these “intrusion attempts” you should take a closer look to your log files. Firewall tab/ firewall events.
I have tracked some from my ISP, the telco, Microsoft, and a subscription service that I use (although it should be just emailing me). Lately there are no connection attempts. Others have tracked connection attempts that appear to be the Storm Bot worm and there are probably other malware attempts to connect. You don’t need any of them, although you may need to manually check for updates for some software. I am not going to have anyone require me to allow these connection attempts.
Maybe its too late and Im too tired but I don’t get your point. By the way, I also found strange things when I did a whois lookup using the blocked IP’s from my routers log. The most interesting founding was 5-6 different IPs originating from one Chinese college. Im living in Europe, and wasn’t even browsing. In my cpf logs there are mostly only outbound connection attempts. This is why I wrote that if one has a router then they usually wont find nothing in the cfp logs, especially not inbound attempts.
The inbound connection attempts to the System Idle Process appear to pass a router - they do so on mine. This is the reason for the Global rule to Block and Log incoming IP connections. I would be suspicious that the Chinese college connection attempts are from computers that are infected with the Storm Bot worm or another self-propagating worm. That worm uses the Windows messenging service and pops up a message that tries to convince you that an infection has been discovered on your computer by the Windows Security Center or some other safe sounding authority and offers to let you download a FREE malware removal tool, which is the worm of course. It is rampant in the chat and social networking sites, so the college source is very suspicious.
The only point of my last post is that there is no need to allow the connections and there is a real hazard potential. I do not allow SIP to make outbound connections either, since that is another potential problem if your computer is somehow infected.
ok I think I got it. System idle process afaik is not a real process, comodo is referring to unsolicited packet with it. Btw I have no such alerts in my log. All inbound entries are from other computers on my LAN. Windows messenger service is disabled here.
Me too - I have turned off about a dozen Windows services including messaging and the script interpreter. I was surprised to see incoming connection attempts from the sources I cited, even thought they may be harmless, my router firewall should have stopped them. More, if harmless connections can be made by these guys, how long will it be before the bad guys can do it?