New User Question - How to view Intrustion Attempts?

These past two days my computer has been freezing bad every 2 minutes (for 2-5 minutes each time), task manager shows nothing and usage is under 10%, malware and spyware scans reveal nothing.

Anyways, I checked CIS and in the firewall category, it says it has blocked 781 (as of now, it’s +1 every ~20 seconds) intrusion attempts so I think that may be what’s freezing my computer. When I click the number I see nothing but svchost.exe blocked? How can I configure the firewall to log the blocked intrusion attempts so I can see what’s going on?

Those ‘intrusion attempts’ are already logged. The easiest way to see them is to click on ‘the firewall has blocked ___ intrusion attempts’ under network defense (to see the intrusion attempts of current session of network) and click More (after you open the ‘firewall events’ window).

You can see your weekly, monthly logs etc.

Did that, but still I only see 1 log, of svchost.exe, nothing more?

Do stealth porting

CIS>Firewall>Stealth Ports Wizard>select third option — apply

(Which mode do you use firewall… if it is ‘safe mode’ … safe programs will be given access to internet… It is better to use Custom Policy Mode).

Stealth porting will give lots of logs… mostly in the name of system, windows operating system etc… but more than the name of log the IP address logged (i.e. source ip - destination ip would mostly be yours) is more important and you can trace them using services like ARIN.

With Comodo firewall you need not worry much as the firewall is one of the best available in the market.

Yeah, I have the firewall set to ‘Safe Mode’, I’ve done as you said and tinkered with the Stealth Ports options, hopefully I will see some stuff going on now.

I’ve been using Comodo for years now, so no doubt there, but was a long time user of firewall v2 (which in my mind was a lot simpler). I remember in v2 I got a lot of logs on all incoming/outgoing allowed and blocked connections; I defined some rules to log them, but I forgot them now?

Anyways, yeah, my computer freezes a lot and I get my processing/load LED on my computer turning solid blue when it freezes (but my CPU usage is under 10% when frozen), so something is trying to do something and get out, or something is trying to force itself in I think, which is lagging me bad.

Windows Operating System.exe, System.exe and svchost.exe should all be set to “Outgoing Only” rules in Firewall>Advanced>Network Security Policy. You should also check out the Guides by Kyle on the main CIS page. The step by step tutorials there helped me a lot in setting up CIS.