Windows operating system trying to connect to the internet? Is it safe?

I’m not sure how a screen shot would offer more information than given here. To take screenshots of every rule would end up being 50+ screenshots.

If anyone needs help or clarification, by all means I’ll respond back to clarify or walk someone through whatever they’re having issues with, but posting screenshots is not only a lack of efficacy, it’s time wasting for both myself and the end user since it would require them to view all the screenshots than look at the text. It’s simply inefficient for this specific application.

???

1. Go to Advanced Settings - Firewall - Network Zones 2. Right Click and select Add - New Network Zone and Name it "Loopback Zone" 3. Right click on Loopback Zone, Add - New Address - IPv4 Subnet Mask IP:127.0.0.1 MASK: 255.0.0.0 then click okay. 4. Repeat Step 2 and Name it "Link-Local" 5. Right Click on Link-Local and select Add - New Address - Type - IPv4 Address Range and type in 169.254.0.0 - [s]169.254.255.255[/s]

It everything is created at the first connection. (inquiry of a network) -------------------------------------------------------------------------------------------- I don't understand it for what?

7. Right Click on Microsoft Update and select Add - New Address - Type - Host Name and add the following addresses by repeating Step 7 for each one:....

??? How your opinion what is described in this subject? https://forums.comodo.com/firewall-help-cis/cis-ver5-system4-listening-port-on-445-question-t67464.30.html Thanks. [b]Edit:[/b] Or you suggest to create all these rules only for process: "Windows Operating System" ??? I think: The simple user won't be able to make all this.

In order to fix what Comodo forgot

:-\ I want to hear opinion of the advanced users.

Please spell check before posting, as I’m unsure of the meaning of a few sentences, such as:

“It everything is created at the first connection. (inquiry of a network)”
I’m unsure what your meaning is by this. If you’re saying that everything is created at the first connection to a network, you’re entirely incorrect. There are rules that are created, however, they’re extremely lenient and almost always allow access to all 65,535 ports, and I explained in detail why this is a horrible idea. If you allow access to all 65,535 ports, instead of just the specific ports the application needs access to, you’re giving hackers 65,535 doors to access your computer and network from… and any user that offers this vulnerability up on a silver platter is not only asking to be hacked, they almost surely will be at some point. Th generic, lenient rules will also allow in/out access from Any to Any, and if the application or file only needs access to the link-local address range on ports 137 - 138, why would you allow it unfettered access to ports and IPs it not only doesn’t need, it will never need access to anything other.

ICMPv4 and v6 should also always be blocked, unless a user uses their computer on an enterprise network which uses ICMP. ICMP is not secure in the slightest and is used too often in attacks to gain access to systems and networks

“I don’t understand it for what?”
Are you asking why you need to create a Network Zone for Loopback (127.0.0.1)? If so, it’s simpler and more efficient as almost every program on a computer will require access to the Loopback IP (if anyone needs clarification why, please google it or look it up on WikiPedia).

How your opinion what is described in this subject?
https://forums.comodo.com/firewall-help-cis/cis-ver5-system4-listening-port-on-445-question-t67464.30.html
Thanks.
Edit: Or you suggest to create all these rules only for process:
“Windows Operating System” ???
I think:
The simple user won’t be able to make all this.

First, and most importantly, I was addressing the issue of this thread, which is no one seems to understand what the CIS classification of “Windows Operating System” is and why it’s requesting access to the network and/or internet… So the answer would be, yes, I am suggesting the specified rules above as only for the “Windows Operating System” category, as this is what this thread is about (which it appears you failed to read). [There are global rules at the bottom of the page, and if a person needs to ask why those should be global rules, please do your due diligence and research why.] Many seem to think it’s due to malware, viruses, and P2P sharing software like uTorrent, which is entirely inaccurate and incorrect.

Second, these rules aren’t difficult to understand… please don’t classify everyone else as being unable to understand, when the issue here is you aren’t able to understand them. That’s okay if you don’t understand them, I’m more than happy to help you, however it appears what you wish to do is argue about this and I won’t indulge that.

I’m also not sure why you crossed out the Link-Local IP range of 169.254.0.0 - 169.254.255.255… if you don’t understand what the Link-Local IP address range is for, please do your due diligence and google it or look it up on WikiPedia. Link-local communication is vital to many programs.

You reference that I wrote “In order to fix what Comodo forgot” and then responded to it as “I want to hear opinion of the advanced users”. I’m a bit perplexed at this… First, let’s review the facts…

1. “Windows Operating System” is a category of processes and files within the Windows OS.
2. There is no information from Comodo as to what files or processes are contained with the category of “Windows Operating System”.
3. The category “Windows Operating System” is not malware or a result of any third party program.
4. Due to Comodo not addressing the category “Windows Operating System”, users are confused about what exactly it is, with many telling other users it’s due to malware, viruses, and P2P clients… all of which is entirely incorrect.

So, unless I’m mistaken, it is a factual statement to say “In order to fix what Comodo forgot”, as Comodo forgot to add this category classification to their default rules and is not found under Firewall, Internet, or Proactive configurations. If you wish to wait for “more advanced users” to comment, that’s your prerogative, however I’m not going to indulge your confrontational attitude and give you the argument you appear to really want for one reason or another. I posted not only the rules that should be under the category “Windows Operating System”, I even included a link to download my configuration file for import. I was attempting to help those who were incorrectly informed about what “Windows Operating System” is and if you don’t care to take the help offered, that’s your choice… but don’t sit there and attempt to start an argument due to the time I devoted to the above post to help others… simply move on and disregard if you don’t want the help.

Suggestions in terms of rules I think are welcome.
Some rules you mentioned are valid and important, others can be simplified or based.

It is also important to clarify that the Torrent or P2P services significantly increase the risk of attacks.

I think there should be some pre-defined rules for critical processes and certain profiles as Torrents/P2P.
Another idea is to keep a topic for them.

Note: For those who want more details about ports can check here:

jmonroe0914
Thanks.
This your offer only for new versions?

It is not important on this thread to clarify that P2P services significant;y increase the risk of attacks, as this has nothing to do with this thread and is entirely off topic. The issue of this thread is what is “Windows Operating System” and why is it requesting access to the network and internet. There are a gazillion threads dedicated to P2P services, however this is not one of them. Even more importantly, there is not a single network connection requested under the category “Windows Operating System” that has anything to do with P2P services.

I also made it very clear in the first paragraphs of my post that I’m extremely diligent in what I allow in and out of my computer… so yes, you could generalize a few rules (simplify in your wording), however, as I’ve also explained, simplifying rules to generics is extremely unwise and there are a gazillion articles from every Network Administrator possible warning to never use simplified and generic rules as they are a blatant security risk. This is not my opinion, it’s a fact. If anyone believes I’m wrong, a simple experiment would show the facts…

Use one of Comodo’s predefined rules for a week and then check your rules at the end of that week… almost every rule will allow unfettered access to all ports, even though there are only a minute number of system files that require that level of unfettered access. It’s a security risk, plain and simple. If you want to make it easier for your device and network to be compromised, then keep doing what your doing and allowing generic rules to run your firewall. It’s a personal choice that has fairly hefty consequences when you consider almost all of use store confidential information on our devices and within our networks.

I would assume that anyone with a valid subscription would have the most recent version of CIS, as the program updates itself automatically to the newest version. If you don’t have a category of “Windows Operating System” under your firewall rules and your seeing in the log that “Windows Operating System” is accessing the network, then I would assume this thread would apply.

jmonroe0914
Thanks for useful information.
My Regards. :-TU
See PM. Thanks for PM.

When I refer to “simplify” the fact is that for a specific case I can not take all the steps that you suggest as “absolute rule.”
I can customize, use other criteria in building rules for applications or global rules.
There is no single way, but standards and specifications must be met. :-TU

Perhaps my mention of P2P services as may have been mistaken, but do not understand the imposition of certain statements …

Thanks

Care to elaborate why the rules I list for “Windows Operating System” should not be used?

There is no global rule or a specific software rule than can be created for “Windows Operating System” and is why a category rule must be created. This is because there is no way to determine what files and applications are being included within the “Windows Operating System” category and is why this thread was created to begin with.

If you believe differently, I would suggest you refer back to CIS and how it’s algorithms control how CIS operates. This is not my opinion, this is a fact and facts matter.

From your previous post on page 1 and posts on page 2, it appears you simply are either wholly misinformed or simply have no clue what you’re talking about. I prefer to believe it’s the former and not the latter…

Furthermore, you’ve repeatedly spoken about issues that are completely off topic and have nothing whatsoever to do with the “Windows Operating System” category, and what it is. You’re telling people it’s being controlled by malware and P2P clients and you’re flat our wrong and massively misinforming every other user. Individuals like you, who pass off incorrect information or misinformed opinions as fact are what cause massive issues and prevent users on the internet from finding a correct answer.

What happens when a user blocks Windows Operating System from accessing the network or internet due to your erroneous information… do you even know or care?

After misrepresenting points and directing baseless criticism, I have nothing more to add, the topic that you simply “commands”.

Whenever it is time to revise something, but I always suspect of the absolute truth.

Your post is a bit garbled…

I didn’t misinterpret your points, nor did I direct baseless criticism… I read the posts you made and commented accordingly. Yes, users should take care and be vigilant with P2P software, and yes malware can take control of system files and programs, both of which have absolutely nothing to do with this thread. It’s the equivalent of going to a windows 8 forum and talking about Windows Vista or Leopard OS.

I will confront and counter any individual’s post that is misleading or offering incorrect information as it’s not fair to other users looking for a correct answer to whatever issue they’re having problems with. Every post you made prior to my tutorial was about P2P clients and malware, which have zero basis for anything in this thread. If you can’t understand this. then I would encourage you to research what the “Windows Operating System” category refers to, as even though it’s self explanatory, you chose to imply to other users who didn’t know what it was or why it was accessing the network and internet that it was being used by malware and was a result of P2P sharing clients… which it isn’t, plain and simple.

I also didn’t “command” anyone to do anything. I wrote a tutorial on how to add the “Windows Operating System” category and which rules should be placed under said category. Simply because you were flat out wrong and misinforming users about what the Windows Operating System category is and does, you seem to have a need to counter my tutorial on how to help essentially anyone using the most current version of CIS as Comodo forgot to add the “Windows Operating System” as a category.

EDIT: It should also be stated that unless a user adds “Windows Operating System” as a category under Application Rules, they will repeatedly be asked for permission for anything Windows Operating System tries to do and it will never be added as an Application Rule because CIS does not add categories to the Application Rule list… users must add categories manually. There is no “Windows Operating System” application.

Friends.
:■■■■
.
We here do one common serious work.

At first I had interpreted the question involving the Torrent, so I ended up posting it, but then I noticed that it was only on Windows Operation System. A thousand pardons …
Then I made the observation about the rules that you mentioned, I found useful and serve as a help.
I’m no expert, so I commented on the rules in general. And you thought I was referring to on these specific.

Anyway I’m sorry and go ahead.

I owe you an apology then as I obviously misinterpreted your posts and I’m sorry.

Windows Operating System is what CIS logs when it cannot see a process listening (in case of incoming traffic) or see what process is trying to connect to the web (in case of outgoing traffic). The latter is caused by another program’s driver blocking view metaphorically speaking.

"Windows Operating System" is just like any other windows process and should be locked down and monitored. What is frustrating, at least to me as an end user, is Comodo giving no explanation as to what they changed in between this version of CIS Pro and the previous version (probably 2012, possibly 2013, edition) that eliminated the software's ability to distinguish and name exactly which part of Windows "Windows Operating System" applies to. You can see this with other processes by looking at the bottom of the Application Rules under Firewall and you will see file groups (Windows Updater Applications, Windows System Applications, Metro Apps, System, and 1 from Comodo, Comodo Internet Security).

My thought is they did this to streamline and make the firewall interface more user friendly by grouping a plethora of Windows processes into their own unique groups within the internal algorithms that govern how CIS operates. I was as perplexed and worried as most whom posted on this thread were, however all the information given thus far in this thread is entirely inaccurate and incorrect.

WOS is not a group like Windows Updater Applications. It has been around since CPF 3, as far as my memory serves me, and its function has not changed. It simply is a “pseudo process” like System idle process in Windows Task Manager.

Do you by chance know why CIS is not able to view what process or application is requesting network access or why Comodo classifies a “System” and “Windows System Applications” category but does not specify “Windows Operating System” as a default category? Is there by chance a link that could answer the fundamentals in detail, as it makes no sense to me why Comodo would create other groups, but not add a group for WOS. I, for example, did not start getting Windows Operating System alerts that it was being blocked or was asking for use until after the early 2013 CIS version.

If I’m interpreting your response correctly, and if I’m not please correct me, adding the group “Windows Operating System” with the rules provided is not a problem.

This topic is the first result in my search engine for “windows operating system trying to connect”, so here I am.
I’ve been having that strange detection since yesterday. Can’t think of anything particular that happened, apart from the fact that I updated Comodo (and no P2P going on)
I didn’t write down all the IPs it detected, I remember the second one was somewhere in Austria, the third one was 199.168.174.111:443, attributed to “Richardson Armor Defense Inc”, which sounds a bit creepy :s, and the last one, which popped up as I was typing this, was 37.9.170.221:80, attributed to canubia.vps.websupport.sk

For those who had those detections in the past: how did the situation evolve? Any advice on how to deal with it? (just block and be done with it?). I did a full antivirus scan, nothing

Such drama for a single question, unless, Just allow it fully. Somebody wrote to me long ago that it’s actually and pseudo-process to interface with applications, programmer know stuff like this, so stop the drama. Just define your local zones, 192.168.1.0-192.168.1.255 and so on, block the rest , allow all outgoing global traffic, if your PC is clean you don’t need to be asked for every app that wants to get out the Interenet, or if you don’t get asked, it will be blocked, like a web browser, and you’ll find it strange and illogical, if you file share open what you need specially ICMP, close privileged ports and you’ll be fine. I use to be paranoid like the guy giving a wall of text about the firewall, never got hacked or something like it