Hi. Sometimes in the Comodo traffic panel it shows System is using 70-80%. Should I be worried about this? Why is it using this much? Could it be virus or malware activity?
Thanks.
Well I’ve got a load of medium severity reports. Mainly inbound policy violation (access denied, protocol = IGMP) Destination 224.0.0.1. Nothing red though. Should I be worried?
See the attached screenshot… are you referring to the area I’ve circled?
If so, and you probably have version 2.3.6.81… this version monitors internal/system traffic and listening ports; thus, it will show quite a bit of usage of the bandwidth for System (based on current activity). Not unusual at all, and nothing to worry about. That’s just what percentage of the activity that holds at that point in time. If you open your browser and email, and connect with them, check it again; you’ll see they’re taking part of that, and the “System” amount has decreased, or even gone away.
Regarding the IGMP warnings in your logs… You’re probably going to see a lot of those, if you’re on a network (LAN); a lot of times the routers are configured to use IGMP to communicate across the network. By default, CPF blocks those (since they’re not specifically allowed In by the Network Monitor rules). If you’re working fine without that connection, and don’t want to see it in the logs any more, create a new rule in the Network Monitor, like this:
Block. IP. In. Source will be Any (or the offending IP if you have one consistently in the logs). Destination Any. IGMP. Ok.
Do not check the box at the top, “Create an alert if this rule is fired.”
Move the rule above the bottom Block & Log rule.
Reboot your computer to clear the memory and set the new rule.
That way, IGMP will be explicitly stopped before it reaches that bottom Block & Log rule. Then, by not having it set to log the alert, you shouldn’t see that in your Activity Log any more.
Hope that helps,
LM
[attachment deleted by admin]
Hey thanks Little Mac, just the response I was looking for. Go get yourself a ■■■■ :■■■■
Regarding the Log - I’m not on a network (I don’t think) but I do connect to the internet via a router which goes into my computer via an Ethernet port. Would it be this combination thats causing all the medium severity reports? Its not affecting my internet usage so I’ll probably leave creating a new network rule.
Cool Firewall by the way, just wish I was a bit more computer savvy to understand and use it better. (R)
Thanks.
No problem, UK Dude ~
Yes, it would probably be your router doing the IGMP; it’s not uncommon. You’re only technically a “network” or LAN if more than one computer is hooked to the router (in order to share files/drives, or a single internet access).
You can confirm this by matching the IP address in the Logs to the IP address of your router. Go to Start/Run and type “cmd”. At the prompt, type “ipconfig /all”. The router IP address will show as the “Default Gateway.”
I highly recommend starting your firewall experience here: https://forums.comodo.com/index.php/topic,894.0.html
It’s a compiled list of resources regarding common FAQs, divided out by topic. There’s great stuff there.
Happy hunting, and ask questions as you need…
LM