Why is asking for permission when it is already in trusted zone?


I have just finished reading the entire Comodo v6 manual and setting up my firewall.
There are two problems/questions for which I kindly ask your help

  1. I have setup my network trusted zone as
    Should I set it instead as Does this make an important difference or not?

  2. Even though the trusted zone is, I am occasionally getting an alert that svchost is trying to receive an incoming connection from remote computer Why the heck is considered a remote computer since it is already in the trusted zone? For the record, I have tried both “block incoming connections” and “alert incoming connections” options in the stealth ports option.

Any help greatly appreciated


I am not sure what you mean by trusted zone, I haven’t heard that term in my time with CIS, perhaps you can link the manual page in question?

The way I have it set up is a network zone called “Home” with the IP address /, I then have a global rule on the top that states "Allow IP In/Out From In [Home] To In [Home] Where Protocol Is Any.

[attachment deleted by admin]

Sorry, I meant network zone.
To clarify, here are the pics where you can see my problem
The network zone

The rules for the network zone (automatically set by Comodo)

The alert I am getting

Honestly I’m not sure, I’ve noticed that CIS doesn’t play 100% nice when using subnets but I wasn’t sure if that was only for me or not (because I am fairly certain my configuration is somewhat corrupted) For example when using with the subnet mask of that should detail to but instead CIS alerted me for pretty much every connection on these IP addresses, changing it to what I detailed in my other post fixed it for me.

I guess it could be a specific ask rule for svchost.exe that does this, you could try checking that but I’m not sure an application ask rule would have a higher priority than a global allow rule…

still can’t figure it out…

Sorry but I’m not really sure what the issue could be then. :-\ Have you tried using an IP range instead of subnet?

Yes, tried it. Also tried defining in the network zone the single IP No success in both cases. The alert still comes up.

To get rid of the alert I added the following rule (see pic).
I hope it is not putting me in any serious danger, but I am not sure.

Unless anyone malicious is on the IP-addresses you’ve specified (I don’t really know enough about IPv6 to tell if that is a private or public address) i.e infiltrated your network, then there should be no issues… I think.

You’ll have to bear with me because as nothing on my PC requires incoming connections, I just block all incoming connections.

Through my eyes, it seems to be working as it should. You have a rule set in the ‘Global Rules’ to allow incoming requests from your router (, which it is doing. Then the alert that comes up is an ‘Application Rule’ alert for svchost.exe asking if you want to allow the incoming request. If you look at the diagram at the following link, you can see how the traffic flows for incoming and outgoing requests (I.E. Incoming connections go through ‘Global Rules’ first, then ‘Application Rules’):

If the global rule was set to not allow incoming requests, then svchost would be none the wiser, as the connection request would be blocked by Comodo before it reached it and so you wouldn’t receive the alert. So from what I can see, the rules are doing what they’re set to do, but what you need to decide is whether you want to allow incoming connections and what for, then set the application rules for svchost accordingly.

If there is nothing that needs to make an incoming connection to your computer (such as for file sharing, etc.), then I’d personally block all incoming connections. When you set ‘Stealth Ports’ to “Block Incoming Connections” it should change the global rules so that it blocks all incoming connections (except Fragmentation Needed & Time Exceeded ICMP messages). However, as you said that it still happens when you done this, try it again and then look at the global rules to see what stealth ports sets it to. In the below screenshot are my global rules after setting Stealth Ports wizard to “Block Incoming Connections”.

Also, in answer to your first question, whether you use or with the subnet mask of, it shouldn’t make a difference.

[attachment deleted by admin]

Thank you Sanya IV Litvyak and Anabna for your answers.

Anabna the way you explained it now makes sense to me.
I do not want to disable incoming connections as I have file sharing and other communications setup between my lan computers so I need them to accept incoming connections.

The question then becomes what rules to give to svchost. I am hoping the rule I gave it will be ok as long as I dont have any infections in my LAN. From what I read in other posts in this forum, setting up correct permission for svchost is a big problem for many people.


i have to same error please help me :embarassed: