Why are hundreds of actions blocked?

When I look at 'Firewall events" it shows Comodo has blocked hundreds of actions. Each blocked action looks similar but has slightly different numbers in it’s line. Following is one of them.

APPLICATION:windows operating system, ACTION: blocked, PROTOCAL: TCP, SOURCE IP: 118.123.5.96, SOURCE PORT: 6000, DESTINATION IP: 24.25.37.8, DESTINATION PORT: 2967.

Should hundeds of these be blocked, ot am I missing a bunch of legal actions?
I don’t have time to inspect each of such actions for legality.
Why is a program such a Comodo such a demandingly complex thing to use?

I just now received a message saying an attempt is being made to link mu computer to a new network, but tells me nothing about who or what it is, or what I should do.

I also have many of this events. To be trully - thousands of them (2000-4000 each day)
But I don’t have any Rule with Log option checked.
Also I’ve checked to block fragmented packets, so I think that’s the reason of this events. Firewall logs each fragmented network packet.
If it is not really reason - then I don’t know what it can be else.

can you post a screen shot of the “event” windows ?

There are many post(s) of the same issue all over the forum,

CG

Screenshot of Events
79.111.32.168 - My Internet IP

[attachment deleted by admin]

Ok,
can you post your Global Rules?

As Well, https://forums.comodo.com/help_for_v3/windows_operating_system_system_idle_process_in_logs_merged_threads-t14948.255.html

There are solutions in that thread.

Welcome to the forums, trailguy!

Doing a little bit of checking, based on your sample blocked action report, I’d say you are getting a port probe from folks looking for a Symantec opening. Dshield.org reports that port 2967/tcp is used by Symantec System Center. There was an attack notice published not too long ago on that product.

Since your sample report says “Windows Operating System”, which is normal for packets coming in that don’t have any application expecting them, I take it that you’re not running a Symantec product.

And the destination IP address, being a real Internet address rather than a private LAN address, tells me that you’re conneting to a cable modem, without a NAT/router. Is that correct?

Since Comodo is blocking the inbound packets, you’re safe. You’re just seeing the usual amount of junk that is on the Internet these days. The thing to look for in the Comodo logs is inbound traffic, and the destination port number. You can check the port number at dshield.org to see what might be an attack or not, but if you are not running the exposed application, then any inbound packets can’t do anything.

...Since your sample report says "Windows Operating System", which is normal for packets coming in that don't have any application expecting them...

So, If someone tries to connect to me (“inbound connection” for me) and I don’t have any application, listening on that port, I will see “Windows Operation System” in fired events?
Have I understood correctly your words?

And if I have no one rule with “Log” checked in it - still I will receive such events in Logs?
For me now - I have no one blocking rule in Global Rules. Also I have no one Rule with “Block and Log” - only “Block”. But still receive hundreds, or even thousands events in Log each day (all events - incoming to me from Internet)

Yes, that’s correct.

There has to be a rule with a “log this” checkbox marked. If not in the global rules, then in the application rules. Several of the default application settings, including Windows Operating System, have “block and log” rules.

They had … But I edit them specialy for testing why there are so many events =)