Been noticing something all along occasionally, but now I finally think I figured out how it happens, since so far I tended to notice long after the fact and it was hard to make a connection.
Sometimes connections remain stuck in the listing. Usually in my case it was svchost connections to the DNS, but today I think it’s the first time I also saw a few IE connections there. At one point I was able to clear them by disconnecting (shutting down LAN chipset) but last two times that didn’t work either.
Also, and if true this would be a serious security issue, it’s possible that connections may be allowed to go through without prompting when this happens, likely due to Comodo being overwhelmed in some way.
To replicate, in my case:
Settings: Firewall on custom, HIPS on safe and create rules for safe applications (no auto rule creation for firewall). Have no rules in either firewall or HIPS for the current Flash Player executable.
Action: Open speedtest.net and try to test (may not even be needed to try to test, but to make sure)
Result: A CPU core fully taken by Comodo for quite some time, also unable to open Comodo until it finishes, but the test WILL start running after a much shorter time and the prompt for allowing Flash Player to connect will appear while it’s already running, so, unless that’s done in some alternate way, Flash is connecting and transferring data before the user permits it. Then if you check you’ll likely see a couple hundred connections listed and at least some of them will NOT go away. Not after some time passes, not after you close the browser, not even days later if there’s no reboot, they’ll just be stuck there on the list.
Interestingly, the number of stuck connections seems to go in certain steps. I remember seeing 192 several times when this happened, at other times 128, now I have 216, may have had 96 at one point, probably also 112. At the very least divisible by 8 it seems, and certain values more likely.