I just got a message from Comodo firewall saying Windows Operating System is trying to access the internet. It wanted me to tell it what to do. I have no idea. It showed 184.154.100.218-TCP port80. The one that said TCP was the second alert. I didn’t do anything about it, because I was not sure how to answer that. I’ve never seen this alert before, and I don’t know what to do. Please give advise.
I can’t tell you why Windows O/S is trying to connect to the Internet. I have seen the same alert a few times to different addresses. I have always blocked it without apparent ill effects. I would suggest that any internet connection request that appears to be unrelated to your current activity should be blocked. If in doubt you can use a utility such as ipnetinfo (from NirSoft) to find out the owner of the IP address before blocking or allowing it.
Thank you. I was afraid if I blocked it, that it would not update, or shut down the internet. I could not find anything on this. I looked at unknown files, and there are quite a few I am going to have to figure out. I don’t see a log, or history of actions. I am just using the firewall program only, not the CIS system. It was too complicated for me to use correctly. I could have been out of the room, or outside when this happened, and would have never known.
You will get this type of alert when a driver of another programs is metaphorically speaking blocking view. The firewall then can’t see what application is trying to connect. It may be a total legit request for internet access.
If you don’t answer the alert the connection attempt will be blocked. So when it comes when you’re not in the room you’re safe.
Thank you very much. That is a relief. 
In my experience way too many things try to use an internet connection. Sometimes I’ve got guesses as to what they’re doing, sometimes I don’t. But always, always, always I Just Say No. And if something doesn’t work because of that, then I might allow it, or I might switch to other software. You’ll never hurt anything by not allowing it an internet connection - otherwise you’d be in trouble if your connection ever went down or a cat chewed up any important wire
It’s actually been really rare that I ran across software that wouldn’t work without an internet connection, other than software that I really want to access the inetnet - web browsers, email clients, etc.
Thank you for your thoughts. I guess I was afraid if I didn’t allow it, my connection would be lost, then I would have a hard time trying to get it to work. I have blocked it when I have seen it. It has come up maybe 3 times total. If I see it again, I will block it. It can be aggravating when you get an alert, and you have no idea what to do. What you said makes sense, and I thank you.
When you tell Comodo to block a connection, just don’t check “remember my response”.
In some situations Comodo actually does remember your response for a little while, but at worst a reboot will clear that up.
(Comodo remembers for a little while even if you don’t tell it to b/c frequently a program that can’t make a connection will try again many times and Comodo just remembers that first response you made instead of hitting you with 100 pop ups. I think actually ending the program and starting it back up will always make Comodo prompt again, which is why I say a reboot will always clear that up.)
Comments well taken. I did not tick the remember my response. Still, it would be nice to know what exactly Windows OS was trying to do. Thank you again.
True, if you do not have “Remember my response” ticked in, CIS will still remember your answer for the rest of the programs session, hence restarting a program will “reset” the rules (unless you ticked in to remember the response)
I think that’s an interesting question - exactly what was “Windows Operating System” trying to do?
In my mind the first question is: What is Windows Operating System?
In Comodo 5 I have an empty rule for it. It’s something special - no “.exe” associated with it. According to Comodo’s process list, it’s PID 0.
According to the excellent Process Explorer (from Sysinternals.com), PID 0 is “System Idle Process”. Is this the same process? Or is it subtly different from what Comodo Firewall calls “Windows Operating System”?
Process Explorer also shows some network connections being made by this process - turns out they were all from a Virtual Box VM I had running.
You can make some guesses by finding out who owns the IP# it was trying to connect to. I don’t have a sure-fire way of doing this; it seems like every time I think I’d found a 100% good WhoIs service, it breaks or goes away.
Here’s my current list. Plug the IP# where I have “<<IP#>>” in these URLs and you might find who it belongs to (or just go to the site and you might find a place to type it in):
WHOIS Service<<IP#>>
" - Wolfram|Alpha<<IP#>>%22
https://www.networksolutions.com/whois/results.jsp?domain=<<IP#>>
IP WHOIS Lookup
http://whois.arin.net/rest/nets;q=<<IP#>>?showDetails=true&showARIN=true
Thank you Sanya! ;D
Windows Operating System is how the Firewall tells it sees no program that is waiting for incoming traffic or that is sending traffic. It is not the same as System Idle Process. It is confusing that it has the same PID as System Idle Process.