Yes this is uPNP trying to open a port on your Router facing the internet.
I normally prefer to not use uPNP on routers to prevent dynamic port opening.
You can configure uTorrent to use a static port and make a manual forward rule for that in the Router.
The problem is that Utorrent has (as always had) a static port.
And my router(s) has (as always had) a proper configuration.
That’s why I don’t understand this alert.
In fact, the first alert, the one that started this thread, is new to me as well.
This morning I had to uninstall/reinstall CIS. Maybe something corrupted.
I’m going to reinstall again and see how it goes.
Well I personally don’t like “plug and pray” to tell my router to open the door.
I like to be in control which ports my router opens, so I would not allow it.
It’s actually quite unusual for the ‘system’ process to request upnp/ssdp. Normally these services are handled by svchost. I’m wondering if it has anything to do with lldp?
Well, what I did before these alerts started to pop-up was: uninstall CIS (wich I think didn’t go well because i made a mistake using Revo); install Online Armor (I had to confirm something); unisntall OA (wich went well); install CIS and then uninstalled it again properly; install CIS.
I think that all this install/uninstall messed up something because I did no other alterations.
Sounds like a bit of a mess :-\ But it still doesn’t explain the ‘system’ process request. If it were me, I’d try and make sure I had a clean install of the security application I wanted to use, even if that meant a reinstall of the OS. (not suggesting you do that)
Somewhere on here is a clean-up tool for CIS. A search should find it. You could do that and see if it makes any difference, I do have my doubts.
Before you do any of that, can you try a test? If you’ve blocked the request, unblock it and if possible add logging to the system process for everything. I’d like to see how often it occurs.
Yesterday night my PC started to behave funny and I did have to go for a OS reinstall (I’m still going through the updates).
I attached a snapshot of the FW logs fom the last install of CIS to the start of the recovery.
The “System” entries that say “Asked” and then “Blocked” are Utorrent related.
The ones that just say “blocked” are OS prompted (I had System set to Outgoing Only).
I hope it makes some sense to you.
Meh! UDP port 5351 is for NAT port mapping! I’d forgotten that as I never use it.
Really a bit puzzled by these. If they were for opening a port in the router, you’d see something similar to the image. But these are coming from you router, to your PC, on a strange port, yet still claiming to be UPnP/SSDP!
Would you mind is I ask the make and model of your router?
New developments: after a OS reinstall and after I install CIS (10 minutes ago) ■■■■… (see snapshot).
Utorrent is not even installed.
Now I really don’t know what to do.
I believe I know what these are, I just didn’t think it still applied to Windows 7. There again, I always disable UPnP and SSDP, so I never see these events.
Basically, the UPnP/SSDP relies on two ports, UDP on port 1900 and TCP on port 2869. I believe you’re seeing replies from your router, to probes from you PC for UPnP devices.
I’m guessing your Application rule for ‘System’ and ‘svchost’ simply allows everything out?