[Resolved]Should Windows "System" access the internet?

Sometimes I’m a little unsure about whether a process should be accessing the internet. I’ve found that without adding system that I run into difficulties accessing network shares so I’ve set it to trusted application, is this the correct response? It’s not system.exe, doesn’t give a path, it just says “system” in the application rules section.

Also, I recently tried to access irc and was told that I had an insecure socks sever. It was quoting:

[i]You are banned from this server- You have a host listed in the DroneBL. For more information, visit dronebl.org/lookup_branded.do?ip=MYIP Please contact proxyscan[at]freenode.net with questions.

I’m using Windows XP SP3
XChat 2.8.6
Firefox 3.6
DNS Advantage
100mb LAN
Peer Block
Comodo IS 5.3.175888.1227

I hate being banned from IRC when I don’t do anything wrong.

I don’t know what a socks server is, what can I do to prevent this error please?

System / Svchost / explorer should never be set as trusted applicaiton;
System/Svchost should be set as out going only, or unless you have a network (fileshare/printshare) you should run stealth port wizard and select the top option, and then select your network zone.

"This is a synopsis of recent activity in DroneBL. DroneBL is a realtime monitor of abusable IPs, which has the goal of stopping abuse of infected machines."

Please visit the FAQ of DroneBL

Hope this helps

Jake

Thanks for the help. I’ve blocked explorer, svchost, system in the Firewall but predictably the NAS box was no longer accessible. I had to permit system to get into the nas before. So I added the following rule to allow the NAS in system:

Allow TCP or UDP In/Out from In [Our LAN] to IP 192.168.0.100 where Source Port is Any and Destination Port is Any

I was quite proud of that given I don’t know the first thing about Firewalls. So now I can connect.

Is there any way you can shed any light on why I may be seen as having an insecure socks server?

Hello;

I wouldn’t block explorer/svchost/system;

CIS > Firewall > Network Security Policy > explorer > edit > copy from > outgoing only edit the block rule uncheck log this rule if fired

Do the same for svchost; thus if explorer/svchost needs to do a connection other then the rules that are listed you’ll be notified.

For System, I would do the same thing, but after doing so; go to stealth port wizard > define a new trusted network > (Select the network zone you defined) then you should be fine :slight_smile: )

For insecure socks; it’s just letting you know your IP is listed on DroneBL please see my previous post.

Hope this all helps

Jake

Thanks Jacob, have done what you suggested. I can still connect to everything I need. Out of curiosity, why outgoing only?

About the insecure socks: I knew it was on Dronebl I was more interested in why it was happening. I assume it’s the insecure socks problem found on my system but I don’t know why that would be. Still trying to research that one.

The firewall configurations are way beyond my scope.
1.Ive set firefox as web browser.
2.ive set thunderbird as email client.

As for my other programs i have no clue.
I have a mixture of programs like ccleaner.
2.defraggler.
3.winpatrol.

I dont know what settings should be used for programs like this.
windows operating system.
explorer.exe.again no clue.

I just installed the programs and left it at that.
Pity there isnt some kind of guidelines on firewall configuration within comodo.
To be honest i dont know if my firewall configurations are correct or not.

Update: I’ve found out about the socks server problem and hence DroneBL.org listing. I’ve set up Netgear’s ReadNAS remote to test it out and it had created a Leaf Networks Adapter in Network Connections. Have disabled that so the problem will probably go away by itself. Will make this as solved now.

Not too sure I understand your reply DARREN1972, sorry If I’ve offended you in some way.

Of course not.
Sorry if ive barged in on this conversation.
Just need some help on configurations of those programs.

np

It’s ok no worries! :slight_smile:

If you are having experiences with a lot of entries being made in the firewall events dealing with Windows Operating System, then you’ll need to add it to the network security policy;
If on safe mode; You should be ok!

The Programs You have listed
ccleaner – > can be allowed on port 80 (or use Web Browser Config)
2.defraggler – > same as above
3.winpatrol – > same as above (but if you expierence problems please consult the ‘firewall events’ to make sure it’s not getting blocked, and if it is then just add the port # to the application rule set)

I dont know what settings should be used for programs like this.
windows operating system – > I would need to know your LAN environment ; also if you are experiencing huge amounts of entries in the firewall events

explorer.exe – > Out Going Only *Again if you experience a lot of entries being made in the firewall events please check the IP and then add the IP to application rule set

Hope this helps :slight_smile:

Jake

Hi jacob.
Thank you for your advice much appreciated.
Im a newbie when it comes to firewalls.

Thanks again.

Regards.

Your Welcome;

Don’t be afraid to ask questions here :slight_smile:

We all used to be new when it comes to firewall :slight_smile:

Any other questions or issues?

Jake

hi jacob.
no issues at the moment but thank you for asking.

On another note though.
Ive just seen a new video on cis 5.3 and its a very good and positive one.
Which was nice to see.

Many thanks.
Regards.
:rocks:

Welcome;

I’ll go ahead and close this thread
Reason; All Issues resolved that were presented in this thread

%lock%

Jake