I’d like to make a rule for svchost.exe not cluttering up firewall events. The 'attacks" seem harmless enough to me as the source IP and the destination IP are my router.
The rule now is: Allow TCP or UDP out from any IP to any IP where source port is any and destination port is any
I’m just starting to learn how to write rules so a little help, click by click, would be appreciated. (I can get to where I need to change the current rule)
Also, before I get ahead of myself, am I doing the right thing? Is there something in settings I can adjust?
From what I’ve read, TCP port 2869 is used for UPnP service discovery. Have no idea how exactly it is used by your router, though.
Anyway, if you want to allow those connections, add an Application Rule for svchost.exe:
Action: Allow
Protocol: TCP
Direction: In
Source Address: 192.168.1.1
Destination Address: Any
Source Port: Any
Destination Port: 2869
You may want to create the same rule in the Global Rules list. That depends on whether you allowed incoming connections during CFP installation, or not.
It’s not so much that I want to allow them (according to the existing rule it seems as though they should already be), as not having them logged (show up) in firewall events.
No idea. Tho router is probably advertising it’s services and capabilities, so that Windows can configure something automatically via UPnP, if it’s enabled. I’m just guessing.
I think it’s quite safe to allow this connection.
On the other hand, it’s being blocked now, so if everything is working fine anyway, you can keep blocking it (just without logging).
These are just chatter between your router and your NIC, harmless to allow but probably not necessary. You should only allow within your network, though. So block and see what happens is probably a good choice. Networks are surprisingly resilient, and time out and usually do the right thing if you block this kind of traffic.