Windows Operating System .... uhh

Comodo Internet Security - CIS Firewall Help - CIS
#1

Hello, as of today I’ve received many blocked connection attempts from an application Windows Operating System. Here is a picture:

http://u.bonbonbon.org/uploads/gui085dj.jpg

Could you tell me if I am in danger of any kind? I have a custom policy set, with Firefox set as web browser, system and svchost as outgoing only.

#2

Welcome. :slight_smile:

Are you behind a hardware firewalled router?
And what is your Stealth Port set to? (Firewall > Stealth Port Wizard)

#3

This occurs sometimes when using a router and when you used some kind of file sharing program and did not defined the correct rules for it…

#4

Um, I set it to Alert me to incoming connections stealth my ports on per-case basis
I am using Avast!, I’m also pretty sure Windows Firewall is activated, though I’m not sure if my router itself has a firewall. I have PeerGuardian running as well if that makes any difference.

#5

Never run more than 1 software firewall at a time. The results could be severe.

#6

Okay, I’ve disabled Windows Firewall, Avast isn’t a firewall and neither is PG so I should be fine?

#7

Hi,
I have been having the same problem. I do not have a router and Comodo is my only firewall. Any other ideas?

thanks

#8

AFAIK, you get this when Stealth Ports Wizard is set to Block All Incoming Connections.

I get this as well, and it’s not a problem. You’re not under attack, and it has no negative effect on the PC :slight_smile:

#9

Most of the time, it’s just Internet “chatter”. Port scans/probes and things like that from the net trying to see who is out there. The reason it is called “Windows Operating System”, is because these intrusions are not targeting a certain program, just WOS in general.

#10

Looking at TimeVampire’s original post, the log is showing ICMP 3.1 and 3.3 entries. These are error messages form the remote machines saying “host unreachable” (3.1) or “port unreachable” (3.3). Due to the volume of ICMP entries, and the variety of addresses for the remote machines, I have to ask if the machine TimeVampire is running, is running p2p or other filesharing services. If so, then all those remote machines were likely also fileshare machines, and no longer are running their p2p servers.