I need some help… I don’t understand why a log entry keeps showing up when I do not ask for it to be logged.
The log entry is for svchost.exe, access to DNS, from my computer to DNS on dest port 53.
On the global rules, I allow all outbound access from any ip to any ip, any source port to dest port 53. A similar application rule also exists for for svchost.exe. Neither of the rules ask for the event to be logged. However, I always get that log entry?
Any idea why? Please look at the attached file.
[attachment deleted by admin]
The svchost rule for DNS queries should be:
Allow UDP OUT from ANY to (either ANY or your ISP’s servers) Port 53
That’s exactly what the rules say (App & Global)… But neither rule asks for logging. So, why does the log continue to show such entries?
Access to DNS (normally destination port 53) is also under control of Defense+ via the DNS Client Access which has no option to disable logging as far as I have found.
But if the logging is coming from Defense+, shouldn’t it be in the Defense+ log? The log entry I’m talking about shows up on the firewall log.
Yes, you are probably right but the Firewall part is geared up for IP events so it’s possible it ended up there by default. Can’t remember where any Defense+ IP orientated event I had in the past occured.
Comodo logs svchost’s outgoing connections because it is told to do so in your Application Rules. Second rule in the list - Windows Updater Applications. As you can see in Defense+ / Common Tasks / My Protected Files / Groups…, that includes svchost.exe.