Outgoing Windows Operating System

Hi.

This has been for a long time but recently it shows each day. I have Comodo Firewall ONLY mode in Custom Ruleset. Nothing else.

So the Firewall asks me if Windows Operating System can make an outgoing connection. What exactly is Windows Operating System ? And what shall i do about it, since i don’t know what application is doing what.

I’m not hacked or anything. Apparently Comodo Firewall can’t tell exactly the programm and reports a generic Windows OS.

Please help me solving this, since it seems very unsecure for me.

You shouldn’t be getting these alerts unless you are using an older version of comodo firewall. However, do you have Virtualbox or VMWare installed? Do you know if you have WinPcap installed which you can find out by opening programs & features from the control panel and look for it in the list. What about VPN software do you use any? Also which Windows version do you use.

Hello.

I’m using the latest version of the software, Windows 10 64 bit, and nothing else. Pretty straight system for my business.

Thanks

Next time it happens can you take a screenshot of the alert and make sure you have killswitch installed so that you can get a list of all running processes and save it to a file. I’m very curious on how you are getting firewall alerts for windows operating system and being able to see the active processes at the time of the alert can help determine the cause.

I will try, still i’m not that good in debuging.

Also i find it very scary, a Firewall not to be able to recognize an outgoing attempt and who does what. That means that a malicious software can do that also, pretending to be something else.

Also searching google i found several other reports like mine:

https://forums.comodo.com/firewall-help-cis-b135.0/-t102392.0.html

That thread gave hints to running a browser inside sandboxie do you use sandboxie?

No, i said i use the Firewall part only. No Sandbox, no HIPS, no Viruscope.

I meant sandboxie the software: http://www.sandboxie.com/ the thread you linked to the user said they where getting these alerts whenever they were running firefox within sandboxie and I was wondering if you have sandboxie installed.

If you could, can you run comodo diagnostics by opening the main GUI and at the top click on the ? then to support > diagnostics. When it finishes click create report and once saved attach it here.

Thanks but i will not post publicly any diagnostics from my business pc.

When CIS can not see what process is requesting outgoing traffic it will log this as requested by WOS. A driver is in the way and blocking CIS’s view to say it metaphorically. Hunting down the driver by uninstalling various programs that you know have a driver that interferes with networking can be a tedicious job.

Another way of looking at it is to see to what IP address it is trying to connect and look up the IP address using a whois service like Domain Registered at Safenames . That may give away the program requesting. Or try running netstat -a -n from the command prompt and see if that brings more insight to the table.

You can safely block system PID(4) from outgoing connections. probably either BITS, multicast (some sort of discovery service), or Windows phoning home for PC/user info. It will in no way interfere with Windows Update.

These can give you some insight ran from the command prompt as admin.

netstat -tabn
netstat -aon
tasklist /FI “PID eq 4”