Not sure if I should be worried, and a question about allowing connections.

Alright, this morning while preparing to go to work, I noticed a request for an incoming connection to Firefox. Out of curiosity, I looked up the IP and it pointed to the Henan province, China, and the connection query timed out before I could hit block myself; Either way, no problem.

Then I went through my logs to see if the IP popped up anywhere else. Three weeks ago, the same IP connected through to AvastSvc,exe, and for some reason back then I allowed (I have no idea why I did this, though I think it may have coincided with when I was trying to host an old game with a friend and in frustration at our failed attempts to connect, I allowed it thinking it was him). I have no idea what this person/bot could accomplish by connecting to my antivirus; Nothing odd had happened since to alert me otherwise. No new executables, no strange outgoing connections that I’ve seen, no accounts hijacked.

Should I be worried about this? I’ve already gone through my list of firewall rules and Removed all entries to be sure, just in case I had done this before, and am now retraining COMODO in that aspect. Further, if I Allow (and Remember) a program to connect to the internet, will this allow ingoing connections, or do those generate their own distinct authorization requests? And say I were to Allow and Remember when my friend connects to my server; Will it only remember the allowed access for his IP connecting, or will any inbound connection be accepted?

EDIT - And the offending connection IP is, destination port 2301.

use the stealth port wizard “hide me from everyone” to block UNrequested ingoing attempts by default. then this can not happen again out of mistake.

if you run a game, and choose “allow game.exe OUTgoing udp+tcp” your game runs like it should. if theres a lobby then, or something like that, your friend can join that lobby, as your game makes this lobby.

you dont need INgoing rules normally. and if you need to allow one ingoing thing, then put it in a rule. just his ip, nothing else, to connect to the game exe. i would make such rules with much caution and only temporary.

with only outgoing rules, and blocking ingoing (stealth port wizard), you get everything requested, and nothing else :wink: