I don’t know what to make of these requests, let me know? I usually block them, but don’t know if I should or not? Or select Always Block?
Date Application Action Direction Protocol Source IP Source Port Destination IP Destination Port
2016-04-08 06:22:57 Windows Operating System Asked Out TCP 192.168.1.107 50464 188.8.131.52 80
2016-04-08 06:25:00 Windows Operating System Blocked Out TCP 192.168.1.107 50464 184.108.40.206 80
2016-04-08 06:25:00 Windows Operating System Asked Out TCP 192.168.1.107 50464 220.127.116.11 80
2016-04-08 06:25:06 Windows Operating System Blocked Out TCP 192.168.1.107 50464 18.104.22.168 80
2016-04-09 21:24:13 Windows Operating System Asked Out TCP 192.168.1.107 50464 22.214.171.124 443
2016-04-09 21:24:52 Windows Operating System Asked Out TCP 192.168.1.107 50464 126.96.36.199 443
2016-04-09 21:24:54 Windows Operating System Asked Out TCP 192.168.1.107 50464 188.8.131.52 443
This application of the “Amazon” shop goes online.
Use Google to find a WhoIs service (there are many) and see who owns the destination IP addresses. That will help you make a judgement on whether they are safe to allow.
It’s really up to you, with default settings you should not have any alerts.
I always did use the maxim, block everything [including svchost ]that does not need access to the internet unless problems occur.
That was when I did use Windows.
Windows Operating System is an umbrella process that essentially refers to your PC and particular resources thereon. The Active Process List shows it as PID 0, which in task manager it is referenced as System Idle Process.
It is incongruous to assume that the System Idle Process is doing anything, and should be viewed with suspicision that it needs network connections to anything. It is convenient to assume that it is the gatekeeper of the system itself, i.e., all inbound connections to resources on the system that are otherwise un-handled explicitly are implicitly fielded by Windows Operating System.
Inbound resource access attempts are first challenged by whatever global rules are in-place. Anything that is not explictely permitted inbound is blocked by Windows Operating System process. Anything that’s permitted inbound access will then make a resource request of some sort, e.g., connection necessary for gaming that is handled by some DLL or EXE or other file. This network connection attempt may be an explicit image file or by Windows Operating System depending on the network protocol implemented.
My Windows Operating System rules consist of the following:
Allow UDP in from in [DNS] to in [NIC] source port 53 destination port ANY
Allow UDP in from in [208_115_FortressITX - cmdagent (TCP/UDP] to in [NIC] where source port is [4447 / 4448] destination port ANY
Allow ICMP in from ANY to in [NIC] source port ANY ICMP message ANY
Allow ICMP out from in [NIC] destination ANY were ICMP message is ANY
Allow UDP in from in [TC_WordenBros] to in [NIC] were source port ANY destination port 8200
My global rules handle the specific details of inbound / outbound ICMP. All the specific allowable ICMP in or out are defined. ANY ICMP not specifically allowed is blocked and logged. All of these blocked & logged entries are described as being initiated by Windows Operating System, i.e., the GateKeeper.