Hello Comodo Team and Comodo Community,
I’ve come to the forums looking for assistance about svchost.exe. My question is how should me and others deal with svchost when we get alerts for connection requests from it? Is there a rule setup to help CIS users in dealing with svchost?
I’ve had a couple connection requests recently, a couple were to port 123
115.238.177.108 - China Telecom Zhejiang
http://whois.domaintools.com/115.238.177.108
185.4.227.26 -??
http://whois.domaintools.com/185.4.227.26
This one tried to connect to port 123 and 1900
184.105.139.69 - Hurricane Electric
http://whois.domaintools.com/184.105.139.69
Here’s a random IP that tried to connect…
198.20.69.98 - Singlehop
http://whois.domaintools.com/198.20.69.98