Noob Question About Connections

While I’ve been a Comodo user for 6 months now, I am far from experienced at it. I think it is one of the most thorough firewalls out there, and hence the user interface is hard to navigate and does not seem to be intuitive, but again, I think that is due to it being so thorough.

My question is in the Connections area of the Activity are: Why are there so many redundant applications running with different IP addresses? I can see having 2 or 3 running, but I have IE showing up 20+ times here and I have Windows Media Player showing up about just as many. It is mostly concerning, as I am noticing outbound activity to different IP addresses.

Any thoughts? ???

Hi xcellentform, welcome to the forum :slight_smile:

Without seeing a screen shot of the detail, it’s difficult to know for sure why, you are seeing so many connections. However, there are several possible reasons:

Some browsers support the notion of ‘pre-fetching’ that is, when you load a web page, the browser automatically starts to load (in the background) links from the page. It assumes you may want to visit these pages and by ‘pre-fetching’ them it speeds the process. Normally this can be disabled.

Web page adverts/analytics. Remember, unless you filter out most advertising, each page you visit, will probably have one or more ways to capture details about your visit. These processes invariably requite a link being made to a different site.

DNS queries. Every time you need to connect to a new web page, the name of the site has to be resolved to an IP Address. If the address is not in the cache, the name has to be resolved. That’s what DNS does. just look for the entries that have port 53 associated with them.

Background mail checking. If you have your browser configured to check for mail updates, this will cause additional connections.

RSS. If you use your browser as an RSS reader, it’s likely there are automatic updates taking place in the background.

There are lots of other reasons, but this gives you a flavour.

As I don’t use WMP, I’ll have to defer to someone who does. likely some of the reasons outlined above will be the same. Also, I imagine some DRM stuff.

Hope that helps


Hi toggie,

Thanks for the detailed responce. Going through your listed items, I did have much of that going on, such as RSS and others, so that should explain some of that. I went to go get you a screen shot of the connections page and it was all magically cleaned up, with no application being mentioned more than 3 times. It wasn’t so much the IE that was bothering me as much as it was the Windows Media Player being on there so many times. I do listen to one internet radio station, and that is about all that I use the player for. I denied one outgoing request for that and my music was turned off, so for whatever reason I need to keep the outgoing requests valid. I will try to post a screenshot of a messed up page when it becomes available.

thanks again!

Your welcome :slight_smile:

I think you’ll find the reason for the connections with WMP, are due to the underlying protocols used for listening to Internet radio and streaming media. There’s not a great deal one can do about that.

Let me know if you need any more help.


If you Deny a connection popup, CFP deems that you must be compromised, and terminates the connection for any application involved in the potential violation (such as WMP being the parent of the browser, for instance). It will be for that session only, as long as you didn’t click the “Remember” box. Typically restarting the browser will reset it; sometimes the other application will need to be as well, and in extreme cases, a reboot is required.

If you open an application rule in the Application Monitor (ie, double-click to “edit”), and look at the Miscellaneous tab, you can limit the number of connections it creates. To be honest, I haven’t tried that, but it might help with some of the extraneous stuff. It doesn’t create a lifetime or session maximum; it limits the # of connects per minute from that app.


Thanks guys for the information. How would I find out what site is connecting to those applications (WMP, IE, etc.), as all I have is their IP addys. I did a reverse search on their IP’s, and of course it just traced it back to the servers, or else timed out. Both of your comments are letting me breath a little easier, it is just that you hear so much about video and audio files being corrupted these days.


I use a little utility called IPNetInfo by NirSoft, to do lookups. In conjunction with CurrPorts to show all connections (whether internal/loopback/localhost, listening, active/established). Other options could be TCPView by SysInternals, Vision by Foundstone, Port Explorer by DiamondCS (which I think is closed down, but the software’s still out there).