svchost popups

When I connect to the internet I get comodo popups telling me the following (see attached screenshot):

Generic host process for Win 32 is trying to act as a server.

Application svchost.exe
remote IP 84.13.181.151 port : nbdgram(138) - UD
System process.

The parent application [system process] refuses communication with COMODO Firewall PRO. etc

I also get 3 other pop ups, the same but different remotes:

IP 207.46.130.100 Port: ntp(123) -UDP

IP 255.255.255.255 Port: bootp)67) - UDP

IP: 62.24.131.9 Port: http(80) TCP

I don’t get the choice to tick remember.

I’d like to know what they are, if they’re safe, and if they are safe, how I can get comodo firewall to remember them as allow or deny.

Help would be appreciated.

[attachment deleted by admin]

I think that this has been mentioned before and If I remember correctly there was a bug with the latest Microsoft updates and that it won’t be resolved until v.3 comes out…

7000,

I have not seen alerts like those coming from the most recent Windows updates. I have seen a lot of popups about svchost.exe and services.exe and so on (all Windows processes) but not where they are refusing to communicate with the firewall; that is a very odd situation.

The reason, though, that you have no “remember” option is because they are refusing to communicate with the FW; thus, the FW cannot “remember” rules for them, because they won’t cooperate. Best analogy I can come up with at the moment is front-end alignment on your car. When the alignment is off, the car won’t track straight on the road; it will always pull to one side. No matter how many times you straighten the steering wheel, it will still pull away when you relax your grip. The fix is that you have to have the alignment adjusted underneath the car.

My suggestion for a “fix” in this case would be to reboot into SafeMode (so that nothing is running except core services).
Uninstall CFP by going to Start/All Programs/Comodo/Firewall/Uninstall.
Reboot into SafeMode, and clean out the registry of any leftover entries (you can use a free utility like ccleaner or regseeker, but whatever method you use, be sure to create a backup prior to deletion of any entries).
Reboot into SafeMode, and reinstall the FW. Use Automatic install mode (as opposed to the “Advanced” or manual mode).
Reboot normally. Open the FW GUI, and do the Scan for Known Applicaitons (security/tasks). Make sure you keep the Comodo Safelist enabled (security/advanced/miscellaneous/do not show alerts for applications certified by Comodo).

Hope that helps,

LM

I had the same problem and solved it by stopping the service “NetBT”.
I do not know if this is the correct solution but it worked for me.

Tnx for that info, dogstar.

I’m gathering that’s some NetBIOS-related service; would you post a screenshot of that in the Services list? That way we’ll have as much info as possible.

Tnx,

LM

PS: You can attach the screenshot image file (jpg, png, or gif) by clicking the bold red “Additional Options” visible while you’re posting (just below the textbox).

amendment to my previous post, I made a mistake it is a driver not a service.

Little Mac I have attached some screenshots.

I hope this is helpful.

[attachment deleted by admin]

Tnx, dogstar. That helps clarify; hopefully that will help others. This is the driver for the NetBIOS service. For those not aware, NetBIOS is a Windows service that allows applications on networked computers to communicate with one another.

If you are not on a network, and/or do not need to connect with other computers for file/print-sharing, you are safe to disable this Service and Driver. Most security-conscious users would say you absolutely should disable them, as they represent a system vulnerability for exploitation.

dogstar has used a free application called Serviwin by NirSoft to do this. This can also be accomplished through Device Manager (View/Show Hidden Devices/Non PlugNPlay Drivers/NetBios over TCPIP) and Services - Local (TCP/IP NetBIOS Helper).

LM