I upgraded from WinXP to W7 and I found a lot more internet thingies, that made me ask many many questions, but Google gives no proper answer to whether it’s a bad connection or it’s something really vital for something to function properly specifically in W7.
Maybe someone with more knowledge of W7 can help me understand all this?
Currently, I’m blocking all of them, since they did not exist on WinXP.
System > Out > IGMP > 127.0.0.1 > 224.0.0.22
System > Out > IGMP > My IP > 224.0.0.22
I think these are required? I noticed Comodo Programs Manager unable to fetch its advertisement and later, CPM refused to start overall. Sad, it was a must have program.
Svchost > Out > UDP > My IP > Port 1900 > 239.255.255.250 > Port 1900
Svchost > Out > UDP > My IP > Rnd Port > 239.255.255.250 > Port 1900
System > Out > UDP > 127.0.0.1 > Port 1900 > 127.0.0.1 > Rnd Port
UPnP, that has been disabled on WinXP due to being a serious security risk?
Svchost > Out > UDP > My IP > Rnd Port > 224.0.0.252 > Port 5355
DNS related?
System > Out > ICMP > My IP > Echo Request > Rnd IP > Echo Request
I remember seeing Behavior Blocker querying me about allowing a program to access ping.exe, BUT, ping.exe has its own rules and a log entry must be written, so, why is it still showing that specifically System has made the Echo Request?
And many gazillions of Svchost Port 80 connections to Microsoft, I guess, although I don’t even have Automatic Windows Update enabled, so it doesn’t make any sense.
These are IGMPv3 membership multicasts. Basically, they allow devices on your network (PCs, router etc.) to find out about and request membership of multicast groups. You don’t need to allow these but they also don’t pose any risk.
3. Svchost > Out > UDP > My IP > Port 1900 > 239.255.255.250 > Port 1900
4. Svchost > Out > UDP > My IP > Rnd Port > 239.255.255.250 > Port 1900
5. System > Out > UDP > 127.0.0.1 > Port 1900 > 127.0.0.1 > Rnd Port
- UPnP, that has been disabled on WinXP due to being a serious security risk?
As you’ve already noted, these are part of the UPnP/SSDP communication process. If you use UPnP enabled devices you should allow these. If you don’t, you can disallow the connections or even disable the appropriate services. As far as risk, most UPnP exploits are against routers.
6. Svchost > Out > UDP > My IP > Rnd Port > 224.0.0.252 > Port 5355
- DNS related?
These are LLMNR (Link Local Multicast Name Resolution) This is a form of local DNS (your LAN) it’s used by in various services that involve Network Discovery.
7. System > Out > ICMP > My IP > Echo Request > Rnd IP > Echo Request
- I remember seeing Behavior Blocker querying me about allowing a program to access ping.exe, BUT, ping.exe has its own rules and a log entry must be written, so, why is it still showing that specifically System has made the Echo Request?
If you’re using version 6 of CIS, the System process is now the endpoint for ICMP (ping, tracert, pathping etc.) communication. Some MS processes use this to ascertain network connectivity. It’s also used for diagnostics and troubleshooting.
8. And many gazillions of Svchost Port 80 connections to Microsoft, I guess, although I don't even have Automatic Windows Update enabled, so it doesn't make any sense.
Svchost will make various connections, for a variety of purposes, over TCP ports 80 and 443. If you start blocking these, without knowing which are which, you may cause various processes to fail.
If you're using version 6 of CIS, the System process is now the endpoint for ICMP (ping, tracert, pathping etc.) communication. Some MS processes use this to ascertain network connectivity. It's also used for diagnostics and troubleshooting.
This is bad, really bad. Is it possible to “extract” all of them from System? Otherwise I have to research and manually set those connections up or even downgrade back to 5.12 and forget about ever upgrading Comodo. As I really HATE to see sentences like “If it’s System, then it could be ANYTHING”. Might as well not even have a firewall if I can’t control the traffic.
I’m not sure what you mean by “extract all of them”? In some ways, changing the firewall to match Windows own implementation of these services, is a good idea and long overdue. I do, however, agree that it places more onus on the user to manage their connections.