Port 53

Help for v3
#1

I need some help… I don’t understand why a log entry keeps showing up when I do not ask for it to be logged.

The log entry is for svchost.exe, access to DNS, from my computer to DNS on dest port 53.

On the global rules, I allow all outbound access from any ip to any ip, any source port to dest port 53. A similar application rule also exists for for svchost.exe. Neither of the rules ask for the event to be logged. However, I always get that log entry?

Any idea why? Please look at the attached file.

[attachment deleted by admin]

#2

The svchost rule for DNS queries should be:

Allow UDP OUT from ANY to (either ANY or your ISP’s servers) Port 53

#3

Toggie,

That’s exactly what the rules say (App & Global)… But neither rule asks for logging. So, why does the log continue to show such entries?

MM

#4

Hi,

Access to DNS (normally destination port 53) is also under control of Defense+ via the DNS Client Access which has no option to disable logging as far as I have found.

Cheers,
Joe345

#5

Joe345,

But if the logging is coming from Defense+, shouldn’t it be in the Defense+ log? The log entry I’m talking about shows up on the firewall log.

MM

#6

Hi,

Yes, you are probably right but the Firewall part is geared up for IP events so it’s possible it ended up there by default. Can’t remember where any Defense+ IP orientated event I had in the past occured.

Cheers,
Joe345

#7

Comodo logs svchost’s outgoing connections because it is told to do so in your Application Rules. Second rule in the list - Windows Updater Applications. As you can see in Defense+ / Common Tasks / My Protected Files / Groups…, that includes svchost.exe.