Hi.
I just got an alert from the FW wich I blocked (snapshot).
I found a tutorial about it https://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/how_to_disable_netbios_on_the_internet_adapter_for_windows_2000xp2003-t14469.0.html but it is from 2007.
Is it still valid?
Regards.
[attachment deleted by admin]
Yes at least up to Win7/2008srv
Thanks Ronny.
Let me take advantage of this thread and post another question (it’s still FW related).
Earlier today, when starting Utorrent, I had an alert wich was new to me. Does it make any sense to you?
Regards.
[attachment deleted by admin]
Yes this is uPNP trying to open a port on your Router facing the internet.
I normally prefer to not use uPNP on routers to prevent dynamic port opening.
You can configure uTorrent to use a static port and make a manual forward rule for that in the Router.
The problem is that Utorrent has (as always had) a static port.
And my router(s) has (as always had) a proper configuration.
That’s why I don’t understand this alert.
In fact, the first alert, the one that started this thread, is new to me as well.
This morning I had to uninstall/reinstall CIS. Maybe something corrupted.
I’m going to reinstall again and see how it goes.
Win7 will also send out these probes so it could be caused by the OS regardless of uTorrent.
Yes, this morning I had some alerts not Utorrent related. I configured System to Outgoing Only; I presume that won’t limit the process work.
I wonder what trigered this alerts only 3 weeks after I bought the PC.
I wonder as well if it would be safe to answer Allow, since the remote IP was my Router’s.
Regards.
Well I personally don’t like “plug and pray” to tell my router to open the door.
I like to be in control which ports my router opens, so I would not allow it.
It’s actually quite unusual for the ‘system’ process to request upnp/ssdp. Normally these services are handled by svchost. I’m wondering if it has anything to do with lldp?
Do you have any more details?
Hi Radaghast.
Well, what I did before these alerts started to pop-up was: uninstall CIS (wich I think didn’t go well because i made a mistake using Revo); install Online Armor (I had to confirm something); unisntall OA (wich went well); install CIS and then uninstalled it again properly; install CIS.
I think that all this install/uninstall messed up something because I did no other alterations.
Sounds like a bit of a mess :-\ But it still doesn’t explain the ‘system’ process request. If it were me, I’d try and make sure I had a clean install of the security application I wanted to use, even if that meant a reinstall of the OS. (not suggesting you do that)
Somewhere on here is a clean-up tool for CIS. A search should find it. You could do that and see if it makes any difference, I do have my doubts.
Before you do any of that, can you try a test? If you’ve blocked the request, unblock it and if possible add logging to the system process for everything. I’d like to see how often it occurs.
Sounds like a bit of a messYes, I should know better.
even if that meant a reinstall of the OSEventually I will try to go back to a Disk Image I created a weak ago.
You could do that and see if it makes any difference, I do have my doubts.You're right, I tried it.
Before you do any of that, can you try a test?Sure, I'll post back tomorrow with snapshots.
Thanks for your time.
Hi Radaghast.
Yesterday night my PC started to behave funny and I did have to go for a OS reinstall (I’m still going through the updates).
I attached a snapshot of the FW logs fom the last install of CIS to the start of the recovery.
The “System” entries that say “Asked” and then “Blocked” are Utorrent related.
The ones that just say “blocked” are OS prompted (I had System set to Outgoing Only).
I hope it makes some sense to you.
Kind regards.
[attachment deleted by admin]
They are quite strange :-\
If 192.168.1.1 is your router all of the ‘System’ events are inbound to port 2869. What’s the port number you’re using for uTorrent, is it 5351?
Utorrent’s port was 40702. Yes, 192.168.1.1 is my Router.
In more then two years with both CIS and Utorrent I had never seen those alerts.
Meh! UDP port 5351 is for NAT port mapping! I’d forgotten that as I never use it.
Really a bit puzzled by these. If they were for opening a port in the router, you’d see something similar to the image. But these are coming from you router, to your PC, on a strange port, yet still claiming to be UPnP/SSDP!
Would you mind is I ask the make and model of your router?
Edit: Just a thought, are you using XP
[attachment deleted by admin]
Windows 7 HP 64-bit
Router http://www.hitron.com.tw/en/main.php?action=prd_show&id=19 but I have for a year and never configured it (it forwards Utorrent’s port automatically).
New developments: after a OS reinstall and after I install CIS (10 minutes ago) ■■■■… (see snapshot).
Utorrent is not even installed.
Now I really don’t know what to do.
[attachment deleted by admin]
I believe I know what these are, I just didn’t think it still applied to Windows 7. There again, I always disable UPnP and SSDP, so I never see these events.
Basically, the UPnP/SSDP relies on two ports, UDP on port 1900 and TCP on port 2869. I believe you’re seeing replies from your router, to probes from you PC for UPnP devices.
I’m guessing your Application rule for ‘System’ and ‘svchost’ simply allows everything out?
I'm guessing your Application rule for 'System' and 'svchost' simply allows everything out?Yes.
I’m going to install Utorrent and see how it goes. I’ll post back in 5 minutes.
Installed and two alerts.
[attachment deleted by admin]