Rules for windows processes?

Here are the processes that i’m not sure of:


Is it ok to set them all as outgoing only?

I would take them on a case by case basis. Malware likes to target some of these, so I’d be careful making sure it’s a valid process before giving them any rights.

OK then what rules should i set for each case? Can you list out the rules for each one? Sorry i’m noob at setting rules

system svchost wmiprvse explorer ping.exe
Maybe or maybe not.

The following files that are on YOUR list that are Blocked on my computer from going online :slight_smile:

  1. svchost.exe
  2. explorer.exe

I never tried blocking wmiprvse.exe :-\ <–I just might play around with this file in a day or two :slight_smile:

I never heard of ping.exe ???

Try at your own risk, if problems happen when adding the rule, then remove the rule. Pretty simple :slight_smile:

Svchost.exe can be set to outgoing only.
Ping.exe is a network command to test your connection to another server/IP address.

Related to Windows Update I think.

You can look stuff up here (use the search):

Svchost.exe should be covered by the rule for “Windows Updater Applications” allthough it seems extra rules for it are sometimes made!

[attachment deleted by admin]

OK, thanks for the replies. I now block all these apps except for ping.exe. If i find any connection issues then i’ll remove the rules.

But it would really help if there is a definitive answer to this. I’d really appreciate it if an expert list out all the rules for me. Any expert here who’d like to contribute?

Here’s some info about my system:

I’m connected to the internet via ADSL modem set to bridge mode, which means it basically behaves like a dial-up modem. There are no other computers connected to mine. Operating system is Windows XP servicepack 3. windows firewall is currently diabled. I use my pc mainly to play online games. That’s about it.

Sounds like a pretty simple setup. I just lack the know-how in setting specific rules for each applications (like ports, etc.). Most of the time I just let comodo prompt me and I just allow or deny. But I want to make my firewall more efficient, know what I mean?

While we’re at it, what is the stealth port wizzard for? Does it affect online gaming?

OK quick update. Since I set them to be blocked I am no longer able to connect to the internet. And there’s a warning sign on my network connection.

So I have set the following processes as “trusted application” (system, svchost, explorer). Now i’m getting lots of prompts from avast anti-virus that it has blocked DCOM exploits. And from looking at the active connections in my firewall, I noticed that there are more connections per applications now. For instance there are a few more TCP and UDP connections to system and svchost when i start up my pc. Is this dangerous?

How can I set system and svchost to access my modem only but not the internet? Is that possible? Or do they still need to access the internet?