svchost.exe attempts to connect to a remote IP.
The Firewall Alert dialog box displays some numeric IP, and says that svchost.exe is a trusted application.
However, the IP turns out to belong to a rogue host, that svchost.exe had no business trying to connect to. This created a false sense of security, the user allowed svchost.exe to connect, and now their data is leaked.
A fix would reverse lookup the IP, display the domain name, and ideally display the country flag for ease of recognition. In case there are concerns with performance, this could be made an option.
Screenshots illustrating the bug - attached
Screenshots of related CIS event logs and the Defense+ Active Processes List: not necessary
A CIS config report or file - attached, but not necessary
Crash or freeze dump file: N/A
- Comodo Firewall 5.4.189822.1355
- a) Have you updated (without uninstall) from CIS 3 or 4: No
- a) Have you imported a config from a previous version of CIS: No
- Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): No
- Defense+, Sandbox, Firewall & AV security levels: D+= Clean PC Mode, Sandbox= Disabled, Firewall = Custom Policy, AV = N/A
- OS version, service pack, number of bits, UAC setting, & account type: Windows 7 Professional, SP1, 64-bit, “Notify me only when programs try to make changes to my computer”, Administrator account
- Other security and utility software installed: none
- Virtual machine used (Please do NOT use Virtual box): none
[attachment deleted by admin]