svchost.exe / system getting blocked

Comodo Internet Security - CIS Firewall Help - CIS
#1

So far,some 5 times svchost.exe was blocked through comodo.

I dont know about many process,what their functions are…

I just thought that,i can select outgoing only to many process as it is good as iam thinking.

In network policy i selected as Outgoing only for svchost.exe

svchost.exe is a good process and it should not get blocked even onetime…Is that correct ?

? rule i must use for svchost.exe

Then there is another thing getting blocked called as system

? is system and why it is getting blocked ?

How to prevent svchost.exe and system from getting blocked ?

#2

svchost.exe just need outgoing access to TCP remote Ports 80 and 443 for Windows Update. Outgoing UDP remote Port 53 for DNS Resolve. Outgoing UDP remote Port 123 for Time synchronization. If you have a router sometime outgoing TCP remote port 67 or 68 is needed(only WLAN as i know).
Incoming and Outgoing to and from 192.168.0.1-192.168.255 is recommend for LAN.
I recommend to block System except the LAN settings mentioned above.

#3

Iam not using LAN. Iam using internet from a USB modem…wireless.

You said to block System…Well,i already i mentioned that ,system is getting blocked.

But ? is system and why it is getting blocked ?

#4

I can’t define what System is.
I just know, that System is used to get NetBios and so on(Port 137-139, 445).
And that is why it should be blocked.

#5
Posted by: adioz86 I can't define what System is. I just know, that System is used to get NetBios and so on(Port 137-139, 445). And that is why it should be blocked.

Here in comodo firewall log,it shows …the system wants to get into port 445

then svchost.exe wants to get into port 135,139

and windows operating system wants to get into port 10089,1080,37009,1433… i dont want to type remaining as there r many…So it wants to get into any port as it seems.And also it is mentioned as Type(3),Type(1),Type(13)Type(0) instead of port numbers under destinations port as it wants to connect…

? is called Type

For me, these are the 3 ( Windows operating system, svchost.exe and System )blocked in comodo firewall for now.

I dont know anything about ports…

How many ports are there ?
Where are ports located in our pc ?
? are ports actually

Can you explain ?

#6

The Type is from ICMP request/answer.
Look at this: Internet Control Message Protocol – Wikipedia

There are 65636 ports from 0-65535. Ports from 0-1024 are ports with an fixed action, like HTTP is used for Hyper Text Transport and HTTPS(443) for secure Hyper Text Transport. FTP(21) for file exchange.

the other ports are dynamic and normally don’t have fixed action.

the ports are from the structure of Internet Protocol (IP). Most used is TCP/IP or UDP/IP.

You could image your computer like a house with 65536 windows, through which you can communicate with your environment. You normally just open a window, to communicate (in a house: air circulation, let sun in side). So they should just be opened, if you want that.
ICMP is like a bell for your house. If someone rings, and you don’t answer that, the other thinks, this is an empty house. Many hackers checks with ICMP if there is someone at this IP(your adress), and if there is someone, he tries to break in. So it is good to block ICMP.

Port 135 is remote procedure call(Remote Procedure Call – Wikipedia). This port was used by Worm Blaster to bufferoverflow your system so it crashes.
Port 137-139 is used for NetBIOS.(NetBIOS – Wikipedia)(or just look up the ports)
Port 445 is Server Message block. look here(Server Message Block – Wikipedia)