Solved: Repeated notifications from CIS FW despite existing matching NSP rules

EDIT: Never mind – these applications were in Windows Updater Applications, which had a rule above that asked about all traffic. Moving this rule below those for svchost & System resolved the problem.


Hi and thanks in advance for any help.

My system is Vista 64 Home Premium and I am running CIS 3.9.95478.509 Firewall/Defense+ only. I have created rules for svchost.exe to allow DNS:

Allow UDP Out From IP Any To IP Any Where Source Port Is Any And Destination Port is 53

and to block Microsoft’s phoning home:

Block TCP Out From IP Any To IP Any Where Source Port Is Any And Destination Port is 80

I have no conflicting rules for svchost.exe and my only Global rule is to block incoming ICMP echo requests.

I am constantly getting messages that svchost.exe is trying to contact port 53 using UDP and port 80 using TCP. I have tried clearing the rules and reregistering them manually, and also clearing them and registering them via the notification (manually changing from a single IP to “IP Any” immediately afterwards) to no effect. Is there some reason they would not be taken care of automatically by the rules noted above?

PS - This is also happening for System nbname/nbsession requests, for which I have a rule but keep getting asked by Comodo.