I installed Comodo CIS on my Windows 10 PC on the weekend. I added application rules to svchost.exe. From the beginning, I have been continuously getting blocked network intrusions. I have attached the svchost application rules and the firewall log. Does anyone have any advice on what I should do to remedy this?
[attachment deleted by admin]
Looks like your rules block svchost from the internet. Only DNS and Local HTTP/S Traffic is allowed, so yea your going to get alot of blocked traffic logged.
Thanks for the reply aim4it. When I installed CIS, I blindly followed instructions that I found on the web for a secure setup. By blocking the svchost fron the internet, have I crippled any critical or important’ functions? The computer seems to be functioning normally so far.
svchost has many connections because it’s a “vague” rule for a lot of Windows system services. I know two of them I have are related to DNS resolution (port 53 at the destination) and clock sync (port 123 at the destination) - and those should work.
However, what I don’t know is why it connects to various ISP’s IPs at port 80 roughly every hour. I suppose it has (at least in part) something to do with checking certificates, but every hour?
Svhost could be set with the ruleset, outgoing only. This will allow your system to function correctly, while preventing outside connections from employing svhost for its own deeds.
The computer seems to be functioning ok so far so I think that I will leave the rules as they are for now. If I start to notice any issues, I will take JB’s advice and change the ruleset to outoing only.
Thank you all for the replies.