I’m not well versed on firewalls, and I’ve just migrated to NOD32 and Comodo after years of mainstream Symantec and Trend Micro protection suites.
I have 3 machines to set up (desktop and 2 laptops). Just started w/desktop and install seemed to go smoothly, but not sure how to evaluate some initial alerts. For now I choose to block the two that I was not clear about:
Wmpnetwk.exe - Windows media player network sharing service is trying to act as a server. Does win media player need to automatically establish an online connection (especially when not in use)? Should I permanently block, temporarily block or simply permit? And what does the alert mean about trying to be a server? (Similarly, I had an alert that my FireFox browser was trying to be a server - don’t quite understand that either.)
I have a couple alerts related to my ATI video card about (paraphrased) “CLI.exe trying to receive a connection, no parent application running.” Don’t know why my video card would be wanting to make an automatic internet connection - I doubt it’s searching for updates. Anyone have any experience with this and should I just block it permanently?
I also have 15-20 similar log entries under the medium threat “Reporter” column as Network Monitor, and description of Inbound Policy Violation (access denied [then lists the same IP address] port = nbname [or nbdgram,] (137). How do I assess these kinds of things and ultimately wouldn’t I want to take action to keep them from continuing?
I’m sure I’ll have more questions as I install on my laptops that are used on and off business and college LAN environments.
Doug
Here are a couple of links to the server issue. Browser email p2p all need to act as server. I could be reading this wrong but any progs on my system that need tcp/udp in and out always ask to act as server. You will get more alerts for firefox when a different parent app uses it eg. when you click a link in an email.
I sort of work on the premise that if I know the program then I usually allow. I used to have media player blocked from net access but nowadays I allow. Blocked did not stop it working but yours is on a network. Is it an outside or local connection.
The “act as a server” bit does not mean the application is connected, or connecting. It means it is preparing to connect, in the event that it needs to take action. You might think of it as akin to the application “listening” although I think technically it’s a bit different than that. Normally you’ll see this on the localhost/loopback (127.0.0.1). If you’re not using a proxy server, it is safe to Skip the loopback check (security/advanced/miscellaneous) for TCP and UDP. Any that you continue to see, if you know the application in question, the rule of thumb is generally that it’s safe to allow (if you don’t know it, “google” it).
nbname & nbdgram, ports 137, 138, and perhaps some others, are part of Windows NetBIOS Service. If you do not specifically need the NetBIOS Service running, you can disable it, and disable that activity entirely, thus ridding your computer of a security vulnerability. With it being blocked, provided you are not having trouble connecting to the Net (and it sounds like you are not), you are probably safe to disable the Service. Alternately, you can create a specific Network Monitor rule to block it and not log, so your logs will be kept cleaner.
Thanks guys for your helpful responses. THe CLI.exe was related to the ATI video card control center, and after some google-searching I found a resolution to safely disable it from startup.
The other errors I was receivng do seem related to netbios. But I haven’t had any today - perhaps because Comodo is recognizing the home network (basically a WI-FI router). For my own curiosity I tried disabling netbios over TCP/IP - my computer did not like it and was very slow to boot and populate my desktop icons, etc - and no internet. Since I’m not currently getting those log errors, I’m hanging in there with the netbios enabled.
When I can find the time I will continue reading through the copious FAQs and tutorial stuff about firewalls & networks.