What's this firewall alert?

I’ve got this alert, twice, maybe in one month. It’s very rare. I don’t understand what it is, can anyone tell? I chose block, although allow was the default option (unlike the recommendation of the alert).


[attachment deleted by admin]

Hi La,this is apperantly an IP from Sweden,beyond that its hard to tell.Its going for port 445 which is probably open on most systems,doesn`t look good though.


I got that same alert and it was part of Windows so I allowed it.

It’s bad, especially when you’re not networked to others PC’s. Since my XP services are kept minimum, and yours is even lower, I’m a little surprised you receive that alert.



[attachment deleted by admin]

My pc is clean and with all versions of Comodo 3.0 I got that message.

The question isn’t a matter of a clean system or not. The basic answer is to deny that alert. The only possible use for port 445 is if you’re networked to other PC’s.

Ok I just changed my system entry to “block” since I am not networked. :BNC

Hm, should I be worried then? I don’t know exactly what you mean by network. In some way I guess I am in a network, provided by my student residence host. However, I’m not directly connected to some other computer. Maybe I should try the “block” thing you discuss above.

By the way, today I got a similar alert again. Three times in a month.


LA :-\

Always block things like this and see if anything stops working. :slight_smile:

Hi LA,
If you’re not sharing files over the LAN with someone from Sweden, having an account on your PC, don’t even THINK not to block those alerts. Soya is 110% right.
I mean, cmon, “win system apps” and “win updater apps” should be blocked – you can allow your browser to do DNS queries if not worried to stress your DNS server too much, and you can update Win manually. (or allowed to LAN only)
But your message is: “System is trying to receive” … can this be that you’re broadcasting anything?
Try the blocks I’ve told you – add also explorer and anything you can find running in “win sys apps” group to gain some time – and then check CFP logs, to see if you have some services not properly disabled.

Regards, Gabi

I downloaded the little program Soya linked to, and voila, I disabled everything that was possible to disable. Except for the messenger thing, I think I removed it with nLite. :slight_smile:

I thought my system was safe, I thought CFP Firewall part did it all. Obviously not, but at least it warned me, which is sufficient. Now the system should be even safer thanks to the little Windows Worms Doors Cleaner…?


Gabi, thanks for your reply. I do live in Sweden and I sometimes share on my network, but only through DC++, which has not been running when I got these alerts.

I have disabled logging in CFP so we can’t see anything there. I’ve also disabled many services, but not “DCOM Server Process Launcher”, “DHCP Client” and “Remote Procedure Call (RPC)”. I don’t remember exactly how it works but I’ve only kept what’s necessary (meaning, internet wouldn’t work without those services).


Yep, you should be more safe now – depending on how much you’ve disclosed until running WWDC.
Don’t touch “DCOM Server Process Launcher” / you’re fine with these processes, maybe they’ve just tried your FW.
Edit: - I meant : Block and log in apps rules;

  • For DHCP, you shouldn’t block those, but allow them to access your DHCP server only

OK, I think everything is configured properly now. I use the default settings of CFP, seems to work fine (passes the ShieldsUp test fine). Maybe I’ll test some additional blocking rules, but according to what alerts (including the alert this topic was about - which shouldn’t come back thanks to WWDC) I get (=none), it shouldn’t be necessary.

I’ll mark this as resolved, although it might be a good idea to keep the topic open for a while.

Thanks all,

Hm, a new alert today. Why is this happening? A month ago, and before that, I never got any popups like these.


[attachment deleted by admin]

Network stuff really isn’t my thing, but I tried to set up some new global rules, hoping they will be more effective than the default setting’s only rule.


[attachment deleted by admin]

IP includes TCP, UDP, ICMP and some other less common protocols. You can remove the last 2 rules.

Are you sure your University isn’t out to get you now that you’re almost finished?

Maybe someone is trying to hack your system using a hidden authorization connection? or malware ?

That makes sense when I think about it. The IP rule contain “where protocol is any”.

They will have the chance for the following 12-18 months, as I’ll try to stay in my student residence, on this connection… how can I give up my 100 MBit/s! It’s a crazy speed, which I’ve had for four years now.

I have no idea, and I don’t understand why this happens now.