I installed Comodo CIS on my Windows 10 PC on the weekend. I added application rules to svchost.exe. From the beginning, I have been continuously getting blocked network intrusions. I have attached the svchost application rules and the firewall log. Does anyone have any advice on what I should do to remedy this?
Thanks for the reply aim4it. When I installed CIS, I blindly followed instructions that I found on the web for a secure setup. By blocking the svchost fron the internet, have I crippled any critical or important’ functions? The computer seems to be functioning normally so far.
svchost has many connections because it’s a “vague” rule for a lot of Windows system services. I know two of them I have are related to DNS resolution (port 53 at the destination) and clock sync (port 123 at the destination) - and those should work.
However, what I don’t know is why it connects to various ISP’s IPs at port 80 roughly every hour. I suppose it has (at least in part) something to do with checking certificates, but every hour?
The computer seems to be functioning ok so far so I think that I will leave the rules as they are for now. If I start to notice any issues, I will take JB’s advice and change the ruleset to outoing only.