Various Help Needed (Alert's, Log's etc)

Hi, I have just received an alert from the firewall, but it has confused me a bit as it has different information than the program making the alert. I have made a screenshot of this & it’s posted below.

Also since adding rules for eMule & uTorrent I’ve seen in my logs “Outbound Policy Violation”. I’ve also made a screenshot of the logs & it’s posted below.

And the final thing I’ve noticed is that since also making the above rules for eMule & uTorrent, I’ve been getting blocked ip adresses in PeerGuardian. The blocked address are on the port I have set for uTorrent, which is 32148. I’m a bit stumped on that. I have also saved the Comodo firewall log for around the time of the alert I got, should anyone need to take a further look. If someone could shed some light on the subject I would be greatufl. Screenshot posted below. Thank you for any help that a may receive.

Hi djp2k7

1st image. Not a problem, you’ve have either just updated K-Lite or ran it for the first time, K-Lite messes with file associations & so on. CFP is just warning you.

2nd image. Yep, I get those as well. But, not in those volumes. Must be because of the P2P stuff you’re running. Mine go to the DNS, where are your going? I can’t see the destination IP on the image.

3rd image. Yes, that is part of what PG2 does, it blocks bad known P2P users. There are all sorts out there… zombies, bots, hackers spreading trojans, worms, virus, Pirates, etc… maybe even porn (I don’t know). PG2 is just protecting you. Of course, you don’t have to agree with PG2. It allows you to over-ride that by creating exclusions. But, its nothing to do with CFP.

Ok, thanks for the quick reply. For the 1st image, if it shows a program that I know I’m using, but the security condideration is totally different, like in the image, then it’s ok? For the 2nd image, they are going to many various ip addresses, it’s as if i was running the p2p programs at the same time, but I’m not. If you would like, I could upload the saved html log I saved at the same time as I got the alert in the 1st image? Finally in the 3rd image I know PG2 is supposed to block them, but what i was saying was that it is only showing these blocks since I had added the rules I mentioned in my previous post, the opening of the port for eMule & uTorrent. It’s only showing them from the uTorrent port, 32148, even though it is completely closed :-\

  1. I’m not sure, I follow you. You either recently installed the K-Lite Codec Pack something or you didn’t. If you didn’t, then be concerned, prevent the operation (not remembered) & investigate with haste.

  2. OK. So, it must be feature of eMule and/or uTorrent. You should probably check the corresponding p2p applications web sites, to see which one is generating the outbound ICMP PORT UNREACHABLE packet and if it is required or not. Then you can create a rule to allow or block the packets silently to avoid flooding CFP Log.

  3. Maybe they were previously being blocked by CFP and PG2 never got to see them until the rule you created allowed them through. Or perhaps opening one port causes the eMule and/or uTorrent network to respond on another port or even on a number of ports. Basically, you may have been made visible to other network users of those applications. After all, thats what a p2p network does.

  1. No worries about that. I understood what you mean’t about the 1st image, but didn’t think about it enough ::slight_smile:

  2. I will check the websites out now & will get back to you if I continue to have the log generations.

  3. I’m going to go with that the firewall was blocking them before opening the ports with the rules.

Thanks for the help, I will check out point #2 & get back to you if there’s anymore problems :slight_smile: