Windows Operating System requests? Is it safe or not to allow?

I don’t know what to make of these requests, let me know? I usually block them, but don’t know if I should or not? Or select Always Block?

Date 	Application 	Action 	Direction 	Protocol 	Source IP 	Source Port 	Destination IP 	Destination Port
2016-04-08 06:22:57  	Windows Operating System  	Asked  	Out  	TCP  	192.168.1.107  	50464  	104.99.238.130  	80 
2016-04-08 06:25:00  	Windows Operating System  	Blocked  	Out  	TCP  	192.168.1.107  	50464  	104.99.238.130  	80 
2016-04-08 06:25:00  	Windows Operating System  	Asked  	Out  	TCP  	192.168.1.107  	50464  	104.99.238.130  	80 
2016-04-08 06:25:06  	Windows Operating System  	Blocked  	Out  	TCP  	192.168.1.107  	50464  	104.99.238.130  	80  
2016-04-09 21:24:13  	Windows Operating System  	Asked  	Out  	TCP  	192.168.1.107  	50464  	52.10.195.247  	443 
2016-04-09 21:24:52  	Windows Operating System  	Asked  	Out  	TCP  	192.168.1.107  	50464  	52.10.195.247  	443 
2016-04-09 21:24:54  	Windows Operating System  	Asked  	Out  	TCP  	192.168.1.107  	50464  	52.10.195.247  	443  

Hello!
This application of the “Amazon” shop goes online.

Use Google to find a WhoIs service (there are many) and see who owns the destination IP addresses. That will help you make a judgement on whether they are safe to allow.

You can check these posts and make some FW rules for Windows Operating System

https://forums.comodo.com/firewall-help-cis/rules-to-protect-the-system-from-udp-attacks-t104904.0.html;msg763569#msg763569

https://forums.comodo.com/firewall-help-cis/windows-operating-system-trying-to-connect-to-the-internet-is-it-safe-t103656.0.html;msg763144#msg763144

It’s really up to you, with default settings you should not have any alerts.

I always did use the maxim, block everything [including svchost :slight_smile: ]that does not need access to the internet unless problems occur.

That was when I did use Windows.

Dennis

Windows Operating System is an umbrella process that essentially refers to your PC and particular resources thereon. The Active Process List shows it as PID 0, which in task manager it is referenced as System Idle Process.

It is incongruous to assume that the System Idle Process is doing anything, and should be viewed with suspicision that it needs network connections to anything. It is convenient to assume that it is the gatekeeper of the system itself, i.e., all inbound connections to resources on the system that are otherwise un-handled explicitly are implicitly fielded by Windows Operating System.

Inbound resource access attempts are first challenged by whatever global rules are in-place. Anything that is not explictely permitted inbound is blocked by Windows Operating System process. Anything that’s permitted inbound access will then make a resource request of some sort, e.g., connection necessary for gaming that is handled by some DLL or EXE or other file. This network connection attempt may be an explicit image file or by Windows Operating System depending on the network protocol implemented.

My Windows Operating System rules consist of the following:

Allow UDP in from in [DNS] to in [NIC] source port 53 destination port ANY
Allow UDP in from in [208_115_FortressITX - cmdagent (TCP/UDP] to in [NIC] where source port is [4447 / 4448] destination port ANY
Allow ICMP in from ANY to in [NIC] source port ANY ICMP message ANY
Allow ICMP out from in [NIC] destination ANY were ICMP message is ANY
Allow UDP in from in [TC_WordenBros] to in [NIC] were source port ANY destination port 8200

My global rules handle the specific details of inbound / outbound ICMP. All the specific allowable ICMP in or out are defined. ANY ICMP not specifically allowed is blocked and logged. All of these blocked & logged entries are described as being initiated by Windows Operating System, i.e., the GateKeeper.