What is the Default Rule for System?.

Hi, my OS is Windows 7 64bit and I am using the latest version of Comodo CIS which updated to the latest version yesterday. Since then I have had several BSOD’s and am trying to find out what is causing them. While looking through my Network Security Listings under the Comodo Firewall header I noticed that the rule for System looked odd and came here to ask what it should be as I am not sure. At present the rule for System has a circle with a red cross and the Following text: “Block and LOg IP in From MAC Any to MAC Any where Protocol is Any” Is this correct or should it be something else?.

The system process is trusted and falls under the Windows System Applications group in D+ and likewise in the firewall. If you’ve changed the default settings, for example using Custom policy Mode in the firewall with alerts on a higher level than low, you will probably get a system rule in the firewall.

Typically, the system process handles such things a NetBIOS and IGMP and in certain circumstances it’s handles some rules for vpns.

thanks for the reply Radaghast, does that mean that the wording of the rule as it is in the post above is correct or has it somehow been altered in the last update as I have never changed it myself and I should change it to a trusted policy?.

If you haven’t changed the defaults, what you’re seeing is incorrect. Did you accidentally block the process via an alert?

I haven’t altered anything, just clicked on the relevant boxes to install yesterdays update. Would it be ok if I just edit it and make it into a Trusted Application?.

No because the rule for trusted application allows all outbound but also inbound connections. Then the best thing to do is rewrite the default rule ie " Allow Ip out from MAC Any any to MAC Any where protocol is any".

There are a couple of things to consider. if you’re on a LAN and have a need for file and printer sharing, you can use the stealth ports wizard to create a new trusted network. This will create two rules for the system process that allows IP in and out on the LAN. You can then remove any other rules for this process.

If you don’t have a need for file and printer sharing, you can disable NetBIOS on your network adapter (see image) This will prevent the system process form generating NetBIOS traffic.

For most people, depending on your firewall settings, as I said earlier, you may receive prompts for IGMP. These you can choose to allow or not.

You may also find the information in the thread of use Re: CIS ver5: System(4) Listening port on: 445 question

[attachment deleted by admin]

Thanks guys for your help. At present I have altered the System rule to comply with Boris 3’s advice and when I get a bit of time I will have a read through Radaghast’ link and set the System and Svchost rules accordingly.