Receiving connection from the internet

Hi,

This is a very basic question, but how should i answer this. I do not know what computer is that, right?
If it was from utorrent, or something like that i would allow it, but in this situation i am not sure.

Thanks.

[attachment deleted by admin]

block it

When in doubt it’s better to block.

Thanks EricJH and rogerbbs.

I do not understand a lot, if any about firewalls, so could you answer me this questions:

1- If it is Utorrent, limewire, skype, Messenger i can always allow?
2- In the svchost.exe, is it normal to have so many connections with diferent iPs (scrennshot of firewall events), is it malware, or could it be from utorrent (i was using it at the time)?
3- If i allow that connection and it is malware,i deduce that i will be infected, but i have router, so will the firewall of my router still protect me and prevent that connection.
4- Now i have “System trying to …” (screenshot), but i recognize that IP, it is from my router (192.168.1.2), can i allow it?

Many thanks, i just want to learn a little more about this and feel safe on what i am doing.
Once again thanks.

P.S. i use “Alert me to incoming connections and make my ports stealth on a per-case basis” and the connection is by cable.

[attachment deleted by admin]

You can allow it as it what we expect from those programs.

2- In the svchost.exe, is it normal to have so many connections with diferent iPs (scrennshot of firewall events), is it malware, or could it be from utorrent (i was using it at the time)?
Svchost.exe is in the system 32 folder. Any other program with the same name in a different folder is not the real deal and most likely malware. The firewall events show incoming traffic at port 61470. You probably have the Remote Desktop Service enabled which will open a port for incoming traffic. You can disable it under Sytem (Control Panel) in the Remote tab. See attached image.
3- If i allow that connection and it is malware,i deduce that i will be infected, but i have router, so will the firewall of my router still protect me and prevent that connection.
These connections are from svchost.exe in system32 so you are most likely not infected. In case of doubt you could check the svchost.exe file in system32 folder. The firewall of your router will not protect you as you have an open port on your router. The port was opened using Universal Plug and Play (uPnP) by the Remote Desktop Service.
4- Now i have "System trying to ..." (screenshot), but i recognize that IP, it is from my router (192.168.1.2), can i allow it?

Many thanks, i just want to learn a little more about this and feel safe on what i am doing.
Once again thanks.

P.S. i use “Alert me to incoming connections and make my ports stealth on a per-case basis” and the connection is by cable.

System handles sharing of files, folders and printers over the local network. If you want to share them allow traffic for System. Otherwise you can block it.

[attachment deleted by admin]

Thanks for all the answers EricJH.
The Remote Desktop Service has a “startup type” manual and i have not started it (can it still that be the problem?).

If i understand what you are saying is that Utorrent, etc are safe files and they are suppose to do that.
If Svchost.exe was a malicious file, that incoming connection could be a download of malware and that´s why in doubt block it, but that Svchost.exe is a safe file (it is in the white-list of comodo and that is the reason for the pop-up not being red).If i said something wrong please correct me, i want to learn.

So my question is: if that file is safe (Svchost.exe) can i simply allow it? Or that is not a normal action (incoming connection), they are not suppose to do that, and because of that i should “remember my answer” and “block”? (the Pop up keeps bugging me every day).

I must point out that i used this guide for the firewall https://forums.comodo.com/guides-cis/install-configure-firewall-50-2011-for-max-protection-min-alerts-t57944.0.html and the pop ups only starting to appear afterwards (i do not know if it was a coincidence or not).

Many thanks for your help.

[attachment deleted by admin]

If Svchost.exe was a malicious file, that incoming connection could be a download of malware and that´s why in doubt block it, but that Svchost.exe is a safe file (it is in the white-list of comodo and that is the reason for the pop-up not being red).If i said something wrong please correct me, i want to learn.
You are totally right here. In this situation nothing to worry about.
So my question is: if that file is safe (Svchost.exe) can i simply allow it? Or that is not a normal action (incoming connection), they are not suppose to do that, and because of that i should "remember my answer" and "block"? (the Pop up keeps bugging me every day).
Svchost.exe is listening for something and getting an alert. If you are not using Windows functions for remote access it is better to block it as somebody may be trying to probe your system. And since svchost is an important Windows process it is best to be very cautious and block the incoming connection.
I must point out that i used this guide for the firewall https://forums.comodo.com/guides-cis/install-configure-firewall-50-2011-for-max-protection-min-alerts-t57944.0.html and the pop ups only starting to appear afterwards (i do not know if it was a coincidence or not).

Many thanks for your help.

Can you check you settings for remote desktop? See attached image for reference. See if disabling makes the alert go away.

[attachment deleted by admin]

Thanks for all the help EricJH.
I have disabled the remote desktop (screenshot), and been using the computer all day. I then realize that the pop up only appears with utorrent (specially utorrent), it appeared too with windows live messenger, but just once or twice (it looks like that, programs that use incoming connections triggers the pop up)
Every time i open utorrent 4 or 5 seconds later i get the pop up. You can see in the firewall events, every time it asked, it was me opening utorrent (i had previously every time rebooted the computer). I do not know if this is relevant but the firewall keeps blocking intrusions after i close utorrent, when nothing is downloading or uploading from utorrent.
I then switched off ARP frames and cache and “do protocol analisys” (screenshot) , just to try something, and it did not work.

So basically is this normal?
And once again, should i “remenber” and “block” ?

Many thanks for your help.

[attachment deleted by admin]

The logs shows several ports being blocked. Which one is the one from uTorrent?

When logging off a p2p network it will take several hours before the access requests stop. That is the time it takes for all users at the network to find out your computer is off line.

Why the other ports are open I cannot tell. Does your uTorrent use the same port each time you start it? Is uTorrent set to close the used port when it is closed (not sure that is in the settings of uTorrent; it is in Azureus/Vuze)

If you don’t know why the other ports are open consider closing them. When they are opened by Universal Plug and Play (uPnP) close them using the uPnP interface of Windows (see attached image).

[attachment deleted by admin]

Hi EricJH

Sorry for not posting, but I was experimenting with something and i have news.
Well I was having the pop up´s every time I used Utorrent. I decided to use Easy VPN and two things happened :

1- Every time I rebooted the computer I got a Pop up for a new private network 169.254…
, and before I installed easyVPN I did not get this pop up (I got too the network zone of easy vpn 5.2…, which I accepted). After a few days I accepted the 169.254…

2- The pop ups of svchost.exe ended.

For a month or so I did not get any more pop ups. Then I decide to see why and removed the network zone 169.254… and still got no pop ups (svchost.exe), but I was still getting the new network detected so I accepted once again.
Then I uninstalled easyvpn and immediately got the pop ups after using Utorrent. More, then I decide to remove 169.254… and I got no more of the pop up “new private network detected”.

Does this make any sense? Do you know why the installation of easy VPN resolved the problem of the pop ups (svchost.exe), and why it let to the appearance of a new private network.

Thanks

PS- screenshot of utorrent
PS- i found a similar problem (only with Utorrent) https://forums.comodo.com/firewall-help-cis/svchostexe-trying-to-receive-a-connection-from-the-internet-t63909.0.html

[attachment deleted by admin]