I read alot about svchost issues but I can’t seem to fix my problem.
Every time I start up windows (XP) I get a list of CPF security warnings.
Mostly about svchost.exe saying that the parent application (system process) refuses communication with Comodo Firewall. In this security warning window there is no option to remember my choice!
The destination adresses are :
IP Listen Port : nbsess (139) - TCP
IP : 255.255.255 Port : nbname (137) - UDP
IP : 255.255.255 Port : bootp (67) - UDP
And sometimes, I don’t know if it’s related to the above, I completely lose my internet connection?
I’m not at home at the moment but I use latest CPF version (2.3.5.62).
On windows XP Pro with NOD32 Antivirus on broadband connection.
In fact one (only one) of the security warnings mentions services.exe as parent.
If you deny svchost.exe, where the parent is services.exe, then you will break Windows Update & maybe some other things as well.
As for the other svchost.exe, where System is the parent, messages… at this point, no idea. Any chance you can post some examples from CPFs log of these errors?
It’s probably best to export your CPF log into an HTML file & cut ‘n’ paste the entries in question from there.
In addition, when Egemen asked about your Net connection type… you said you had a broadband connection. You’ll need to expand on that (ADSL modem, router, etc…). The messages you posted (nbsess, nbname & bootp) can all be generated/needed by certain types of hardware (routers, etc…). Some of the messages might be explained if your XP system is currently set-up for file-sharing.
OK, the first 2 are Clock Synchronization attempts (trying to make aure your time is correct) using NTP (Network Time Protocol) & both IPs were… Microsoft.
Details: The parent services.exe refuses communication with Comodo Firewall.
This is not so good.
The bootp (UDP 67) might be XP trying to talk to your ADSL USB modem (what’s the actual make of your modem?) or part of XP File Sharing… which given nbsess (TCP 139) is almost certainly active.
Before we go any further… I think you’re going to need to check both the Application & Component Monitors & tell me what you currently have set to blocked. This is the first step.
Erm… this is based on memory alone (I don’t have access to an XP system)… something like… Start button > Settings > Control Panel > Network/Dial-up Connections (?) > right click the connection you use & select properties. Now, there should be a Network tab, click on it & find an entry that should say something like “File & Printer Sharing for Microsoft Networks”, uncheck it. OK, yes to whatever & close. You’ll need to drop your connection for this to work. You might even want a reboot, not sure about that.
App & Comp Monitors both have nothing blocked!
OK, worry about that later (unless someone else can jump in here?). In the mean time please answer the following questions…
Did CPF ever work correctly? If so, what happened around the time it stopped working?
Have you created any Zones?
Did you ask CPF to deny (remembered) anything?
I’m currently having a problem trying to research that ASUS modem… most of the pages that I can find are not in english, which for me isn’t very useful & their google english translations are fairly awful.
CPF started given me security warnings right from the start.
At first I allowed them, later on I found out that Denying didn't affect my system.
Well, given your current situation, are you sure about that?
Also, if you did deny stuff… I wonder why you cannot see any of the remembered blocks in either the Application or Component Monitors?
I haven't created any zones and off course I have instructed CPF to remember, but don't ask me what is was ....
OK. But, what was it? (joking)
And indeed the Asus modem seems to be a rather uncommon modem :(
There is lots of stuff on them out there. But, it’s just not in english thats all. But, given the above, whilst there might be some slight configuration issues with the modem, I don’t think it’s the main cause of your woes. You’ve probably accidentally denied something important. I just don’t understand why you can’t see it in CPF.
Are you comfortable working with the registry? If not, the only other way out that I can think of is a un-install/install of CPF I’m afraid.
Or… wait until someone else on the forum has a better idea.
Some of our users reported in our Turkish forums that an unknown trojan modifying system services is causing this exact behavior. And CPF’s behavior analysis is constantly raising this alert.
They used Windows Worms Doors Cleaner 1.4.1 to verify and fix the issue. Please try to use it and let us know if your case is the same.
I did however find out that allowing one of the security warnings closes the ADSL connection window (saying that the computer will be registered in the network) that otherwise sometimes stayed open (although connection was made).
