udp traffic, cpu usage too high

Help for v2
1

Hello!

I am a newbie user of Comodo Firewall and so far I was very satisfied with it. But I can’t stop thinking about one issue.
I’m using right now the University Network, and I get the following internal traffic all the time:

Date/Time :2007-03-28 21:24:50
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 134.245.167.108, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 134.245.167.108:nbdgram(138)
Destination: 134.245.255.255:nbdgram(138)
Reason: Network Control Rule ID = 5

Date/Time :2007-03-28 21:24:50
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 134.245.167.108, Port = nbname(137))
Protocol: UDP Incoming
Source: 134.245.167.108:nbname(137)
Destination: 134.245.255.255:nbname(137)
Reason: Network Control Rule ID = 5

Date/Time :2007-03-28 21:24:45
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 134.245.165.97, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 134.245.165.97:nbdgram(138)
Destination: 134.245.255.255:nbdgram(138)
Reason: Network Control Rule ID = 5

Date/Time :2007-03-28 21:24:45
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 134.245.167.132, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 134.245.167.132:nbdgram(138)
Destination: 134.245.255.255:nbdgram(138)
Reason: Network Control Rule ID = 5

Date/Time :2007-03-28 21:24:45
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 134.245.167.108, Port = nbname(137))
Protocol: UDP Incoming
Source: 134.245.167.108:nbname(137)
Destination: 134.245.255.255:nbname(137)
Reason: Network Control Rule ID = 5

Date/Time :2007-03-28 21:24:45
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 134.245.167.184, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 134.245.167.184:nbdgram(138)
Destination: 134.245.255.255:nbdgram(138)
Reason: Network Control Rule ID = 5

Date/Time :2007-03-28 21:24:45
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 134.245.167.132, Port = nbname(137))
Protocol: UDP Incoming
Source: 134.245.167.132:nbname(137)
Destination: 134.245.255.255:nbname(137)
Reason: Network Control Rule ID = 5

It generally doesn’t cause much problems, but the activity of NOD32 was really abnormal. It was scanning logs.log all the time…
This is the activity of Comodo during this udp traffic. http://tmpimg.googlepages.com/activity.JPG
Is there any way how can I fix this problem ?

2

Welcome to the forum, djatel.

Your log indicates that incoming connection attempts to Netbios were blocked. Since I’m not connected to a network, other experienced members will be able provide more info.

As for the NOD32 issue, it’s because AMON (no, I don’t mean the Egyptian god) constantly scans the logs.log file, which is the firewall’s actual log that constantly changes in size due to the increasing alerts. There are several options, but the best is to exclude logs.log from AMON. https://forums.comodo.com/index.php/topic,6233.0.html

3

Soya
Thank you for quick response.
First half of the problem is solved! Now the Egyptian god AMON has more time to relax.

But these udp traffic is still causing high cpu usage of COMODO.
My computer gets incoming udp packets “in portions”: every 2-3 sec ~10 packets. And these consume 20-30% of the cpu (peaks).
When the event logging is switched off, then cpf.exe doesn’t consume cpu at all :smiley: But it’s not secure to live without logs.

4

It’s unfortunate that this had to be in the ** FAQs/Threads - Read Me First **:

Version 2.4 - cpf.exe and high CPU
https://forums.comodo.com/index.php/topic,6819.0.html
https://forums.comodo.com/index.php/topic,6933.0.html
https://forums.comodo.com/index.php/topic,6943.0.html

I think the best workaround is to set logs.log to read-only. This way, you still receive the benefit of logging to work, but just have to remember to export the log to HTML before exiting CFP only if you need it as a back up.

5

Thank you for your help.
It’s seems to be a good idea, i’ll give it a try.