Hello friends at Comodo,
I just got a new PC with Win XP SP2 and I want to make sure everything is right. The first thing I do after Windows boots is enable my NIC, then the Comodo alerts come up. If anyone can identify the alerts below and let me know if they are necessary or if I should be concerned about any of them I would appreciate it.
Info:
CFP version: 2.4.18.184
Internet connection: cable
Log in: Admin
Other apps: Avast AV
Disabled security apps before install: Windows Firewall
Custom rules: none
Date/Time :2007-08-17 09:32:06
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:xxx.xxx.0.11: :dhcp(68))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: xxx.xxx.0.11::dhcp(68)
Date/Time :2007-08-17 09:02:12
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: xxx.xxx.0.11
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5
Date/Time :2007-08-17 09:02:09
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: xxx.xxx.0.11::1036
Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2007-08-17 09:02:09
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: xxx.xxx.0.11::ntp(123)
Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2007-08-17 09:02:03
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 239.255.255.250::upnp-mcast(1900)
Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.
Date/Time :2007-08-17 09:02:03
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 255.255.255.255::bootp(67)
Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.