Alright, this morning while preparing to go to work, I noticed a request for an incoming connection to Firefox. Out of curiosity, I looked up the IP and it pointed to the Henan province, China, and the connection query timed out before I could hit block myself; Either way, no problem.
Then I went through my logs to see if the IP popped up anywhere else. Three weeks ago, the same IP connected through to AvastSvc,exe, and for some reason back then I allowed (I have no idea why I did this, though I think it may have coincided with when I was trying to host an old game with a friend and in frustration at our failed attempts to connect, I allowed it thinking it was him). I have no idea what this person/bot could accomplish by connecting to my antivirus; Nothing odd had happened since to alert me otherwise. No new executables, no strange outgoing connections that I’ve seen, no accounts hijacked.
Should I be worried about this? I’ve already gone through my list of firewall rules and Removed all entries to be sure, just in case I had done this before, and am now retraining COMODO in that aspect. Further, if I Allow (and Remember) a program to connect to the internet, will this allow ingoing connections, or do those generate their own distinct authorization requests? And say I were to Allow and Remember when my friend connects to my server; Will it only remember the allowed access for his IP connecting, or will any inbound connection be accepted?
EDIT - And the offending connection IP is 202.102.234.87:12200, destination port 2301.
