svchost.exe and System - allow outbound connection OK? Please help!

kavakava · January 10, 2009, 11:24pm

Hi,

I’m trying to switch from McAfee, which hardly ever asks any questions, to Comodo. It’s asking questions all the time, mostly about svchost.exe and System. Now, I have been reading a LOT about these, and there does not seem to be an easy solution and a straight-forward answer.

From what I gather, it is OK to allow svchost.exe and System outboud access only with Comodo. Could someone please tell me if this is OK or not?

Many thanks for your help!

(:WAV)

rhgtyink · January 10, 2009, 11:51pm

Normally this is no problem if you system is clean, it’s windows that uses these services to connect to DNS servers NTP Timeservers, check for windows updates etc.

If you would like to keep the alerts down, you could try to run the firewall and Defense+ in “training mode” for about a week or so, that will create a lot of what happens without alerting you. After that week of training switch back to the current modes and most of the alerts should be gone, and you can always review what automatic rules it created.

kavakava · January 14, 2009, 9:17pm

Hi Ronny,

Thank you very much for your reply. Is there a reason the Training mode is not the default running mode for new installations, if Comodo needs to “learn” things first? Most modern firewalls have preset rules for system services which make it easy to install for friends and older relatives etc.

Many thanks again!

Kyle142 · January 14, 2009, 10:20pm

Yeah, It’s because that not all systems are clean and training mode provides you with the least amount of protection because it allows and creates rules for those apps to be allowed in the future. This is good for your safe apps… Not so good for the nasty onees. That’s why you should only have it running in training mode when you need it.

rhgtyink · January 14, 2009, 10:23pm

The problem with Training Mode is that IF you are infected, it will train the malware also… i guess that’s the reason they don’t deliver the installer preset to Training Mode the current mode is safer, and the new version is having much less popup’s they are saying, so it will get better :-))

I know TrendMicro does a few “pre-defined” firewall rule sets, CIS does not have this yet.

…looks like Kyle beat me to it…

kavakava · January 15, 2009, 2:46pm

Hello,

Many thanks for your replies, that makes more sense now.

However, I still do not understand why rules for svchost.exe and System are not pre-defined in new installations?

Thank you!

rhgtyink · January 15, 2009, 3:12pm

These are on the wishlist, maybe they’ll make it in a newer version someday…