I’m getting some unusual entries in my firewall log (see attachment). Lookup on Whois shows these to be servers in the UK and Comodo! Why is Comodo trying to hack my computer? (:WIN)
[attachment deleted by admin]
Haven’t seen a complete explanation for all this stuff-some of mine came from visited sites, lots came from unknown sites (probably associated with the visited sites). Maybe just to show that Comodo is blocking lots of intrusions? 
. In any case, if you make a rule in Firewall/Advanced/Network Security Policy/System to “Block TCP from HTTP Ports”
Block (do not alert/log or the intrusion counter will keep rolling)
TCP
In
Source IP Any
Destination IP Any
Source Port HTTP Ports
Destination Port Any
your intrusion counter should stop rolling (reset it by turning CFP off and on) and you will be able to read your log without sorting through the clutter. AFAIK, no one has discovered a problem with leaving all this stuff blocked. And there are reasonable explanations for some of it as various trafic from the visited servers, other is ?
There are any number of illicit connection sources. The post on the bottom of this page:https://forums.comodo.com/help_for_v3/syetem_idle_processes_being_blocked_help-t15032.0.html#bot
shows some messenging connection attempts that appear to have been generated by the Storm Bot Net worm. There are other connection attempts that appear to be some kind of attempt to use the unwary as bandwidth providers - a sort of involuntary torrent client. There is a lot of malware in circulation and now you can see some of it knocking on your firewall.
Thank you very much for your quick replies and useful information. (:AGL) Since I run Comodo v3 behind a NAT router (belt and suspenders) very little gets logged on the Comodo firewall. IP: 85.91.228.132 is by far the most common. This is the IP address for Comodo’s Trust Toolbar site, a site I’ve never visited before. Is Comodo being spoofed? Or is it “from unknown sites (probably associated with the visited sites)”? Thanks
Beats me. When you click on a site, you are ususally redirected to a lot of other servers. Everything from where the real hosting is done to advertisers gets a piece of the action. Unless some of them are infected with malware, you don’t normally get all this ■■■■ through a NAT router unless it is a legitimate response to your http request. Even if you don’t understand it. But blocking seems to be a no penalty thing to do, just like a lot of other stuff on the internet, so seems reasonable to do it. Just in case they are infected with malware. Remember the basic firewall rule for things like Windows Firewall: “Allow all out, Block all in” which then gets tweaked a bit for other purposes. I’m too lazy to research it myself, but maybe the Comodo Internet Guru will chime in with a reference to a more detailed explanation. (:AGL)
I get these aswell (85.91.228.132) they only happen after I close my browser if you set a rule to log port 443 of your browser these address match the previous outbound connections prior to closing your browser.
Dennis
EDIT I have posted screenshot manged to get what I posted above not the same address though.
[attachment deleted by admin]
Thanks sded, Anotherone and Dennis2 for your replies. It’s good to know that someone else is getting the same thing, probably means it’s normal . Also that I can end this logging if I choose to. It’s a wild guess, but I’ll bet I’m getting stuff from the Trust Toolbar site (85.91.228.132) because Comodo’s other servers are busy. (:NRD)
Thanks again
Ralph