I have found other topics w/ similar content, so I know how to use the search function, but I’m still left with a few questions.
I receive pop-ups like this often. I’ve had comodo firewall/avast antivirus installed on my two machines for a while. When I first started receiving all of these pop-up messages, I looked up svchost.exe (not scv, and I’m pretty sure they all referred to the system32 folder) and the other system application. Everybody said they were legit programs, so I “Allowed” the connection and rarely saw any other notifications. Then I read a little further and found out that they shouldn’t be receiving connections, only sending them out. So I’ve read contradicting info about these messages, but I re-installed comodo firewall and blocked the requests. I didn’t keep a record of the ports that I allowed before, but these new requests are mostly 137,138,and a few others. The ip’s looked a lot like (maybe the same) as mine for the router. Sometimes I’ll get a similar message when I’m playing a game like call of duty (“iw4something.exe is trying to receive a connection from the internet”)… does that mean I’m hosting? Because the pings for those games would indicate otherwise.
Even when I was allowing these connections (which was several weeks if the “remember” box was checked–which I think it was), I had WEP protection (now I have WPA2) on my router, so wouldn’t that protect me from the scanners that are most likely outside of my network range? I was thinking that all these “connections from another computer” were just the other computer in my network. Is that likely? I’m still learning as much as I can about this stuff, so if any of my questions seem ignorant, it’s because I am with regard to network security.
I’ve always run weekly scans with Malwarebytes and Avast, so would that be able to detect if one of these connections that I’ve previously allowed was malicious? More recently I’ve been using a key scrambler.
Is there any way to find old logs from months ago if I’ve since re-installed comodo? I never received so many pop-ups like this with other firewalls, so does that mean they’ve probably just been blocking them w/o even bothering me with the alert? Any help you can give me would be appreciated. And I will try to find anything you need in order to make sense of my situation.
and if the router firewall was enough to keep scanners from finding me, did I ■■■■■ that up by “allowing” comodo to receive connections from the internet?
When the IP’s are very similar of that of your router then that most likely means those are computers from your local network. Traffic at ports 137-139 are for NetBIOS and are meant for sharing files, folders and printers on the local network
Sometimes I’ll get a similar message when I’m playing a game like call of duty (“iw4something.exe is trying to receive a connection from the internet”)… does that mean I’m hosting? Because the pings for those games would indicate otherwise.
The game probably used the Universal Plug and Play interface to open a port on your router for incoming traffic. Are you playing that game with multiple players online? Then I am pretty sure the port was open for such a purpose.
Even when I was allowing these connections (which was several weeks if the "remember" box was checked--which I think it was), I had WEP protection (now I have WPA2) on my router, so wouldn't that protect me from the scanners that are most likely outside of my network range? I was thinking that all these "connections from another computer" were just the other computer in my network. Is that likely?
It is very likely that these connections are from your local network. The IP's are likely in the 192.168.x.y range.
I'm still learning as much as I can about this stuff, so if any of my questions seem ignorant, it's because I am with regard to network security.
I’ve always run weekly scans with Malwarebytes and Avast, so would that be able to detect if one of these connections that I’ve previously allowed was malicious? More recently I’ve been using a key scrambler.
Is there any way to find old logs from months ago if I've since re-installed Comodo? I never received so many pop-ups like this with other firewalls, so does that mean they've probably just been blocking them w/o even bothering me with the alert? Any help you can give me would be appreciated. And I will try to find anything you need in order to make sense of my situation.
I think you used the Stealth settings in your previous installation. The default settings of CIS these days will ask for all incoming traffic. If you want to use the stealth settings again use the Stealth Ports Wizard and choose the choice at the bottom.
Eric, thank you very much for your response. I’ve been blocking everything that requests a connection (except installations) since I reinstalled Comodo. I can’t see my other computer on the network, but that’s ok–I can still access the internet from both computers. I am in stealth mode now.
If I’ve previously allowed a malicious program into my machine during the past few months, but all the current virus and malware scans are clean, can I feel safe that my machine is secure? After reading similar posts from other members, I’m getting the impression fairly easy to be found by a scanner. But if my router has always been using a firewall, would this have provided me protection, even when I was allowing system and svchost to receive connections from the internet under Comodo?
If I've previously allowed a malicious program into my machine during the past few months, but all the current virus and malware scans are clean, can I feel safe that my machine is secure? After reading similar posts from other members, I'm getting the impression fairly easy to be found by a scanner.
When multiple scanners over a couple months tell your system is clean you can safely assume it is.
But if my router has always been using a firewall, would this have provided me protection, even when I was allowing system and svchost to receive connections from the internet under Comodo?
When svchost.exe did not crash I would not be worried.