-
svchost.exe attempts to connect to a remote IP.
-
The Firewall Alert dialog box displays just ‘svchost.exe’ and indicates that svchost.exe is a trusted application.
-
However, svchost.exe manages a number of services, one of which is rogue. The user is not aware of this, and allows svchost.exe to connect. This created a false sense of security, the user in effect allowed the rogue service to connect, and now their data is leaked.
-
A fix would display which service or DLL hosted by svchost.exe initiated the connection. This options seems to have existed in Comodo back in 2006 - see Blocking per module in svchost.exe - Comodo only? | Wilders Security Forums
-
Screenshots illustrating the bug - attached
-
Screenshots of related CIS event logs and the Defense+ Active Processes List: not necessary
-
A CIS config report or file - attached, but not necessary
-
Crash or freeze dump file: N/A
Your set-up
- Comodo Firewall 5.4.189822.1355
- a) Have you updated (without uninstall) from CIS 3 or 4: No
- a) Have you imported a config from a previous version of CIS: No
- Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
- Defense+, Sandbox, Firewall & AV security levels: D+= Clean PC Mode, Sandbox= Disabled, Firewall = Custom Policy, AV = N/A
- OS version, service pack, number of bits, UAC setting, & account type: Windows 7 Professional, SP1, 64-bit, “Notify me only when programs try to make changes to my computer”, Administrator account
- Other security and utility software installed: none
- Virtual machine used (Please do NOT use Virtual box): none
[attachment deleted by admin]