Windows OS Being blocked by comodo

* CPU 64 bit
* Vista
* Avast, Spybot, and Comodo
* I have searched for some info to figuring this out with no avail 

Comodo has been blocking some part of windows operating system for me.



Should these be unblocked, if so how would i do that?

Also svchost is being blocked whenever i use utorrent, is that okay?

Any help would be great, thanks! ;D

Don’t worry, these are intrusion attempts. Firewall is just blocking the inbound connection attempts to your OS i.e. protecting you in simple terms.

Thank you for the help, I think i see what its doing now… ;D

I’m getting a similar report in the firewall. Windows OS is being blocked/TCP/source IP shows my router IP/source port 36…/destination IP is my CPU IP/destination port 56…/

I think this is a problem since the IPs involved are listed in my trusted network.

What do you think?

The Windows Operating System process is not a real process, It’s analogous to the system idle process in Windows. Essentially, it just handles connections for which a real process is no longer available. You may choose to either allow or block, it won’t make a difference to your other processes ability to connect.

Did you use the Stealth Ports Wizard to make your local network to be a trusted network? Can you show me a screenshot of your Global Rules?

Traffic on port 56 is for XNS Authentification:

The Xerox Network Systems (XNS) architecture[1] includes all of the security features found in today’s most popular protocol suites. In addition, XNS provides strong authentication at the beginning of each conversation. Authentication is the verification that both entities in a conversation are the ones claimed.[2] The Authentication Protocol[3] provides authentication in such a way that no passwords are ever transmitted on the network.
Src:

Thanks for the reply…the block action is shown in the Firewall Events window, but it does not allow me to unblock it from that window. I’ve looked elsewhere, but can find the block action in the network policy window.

I forgot to add, the ports involved are in my trusted network…I used the stealth ports wizard. Not sure how to do/send a screen shot.

CIS will say WOS blocked incoming traffic when there is no application listening to it. WOS is not a process.

How to post a screenshot?

To copy a screenshot of the active window push alt+print screen to copy the active window to the clipboard (pushing print screen will copy the complete window to the clipboard not just the active window). The window is now copied to the clipboard. Paste the image in any image editing program, Paint, Paint.net, the Gimp etc. Use the “crop” function to resize the canvas to size of the image. Now save the file as 32 bits png image.

At the forum push the reply button. Or when using the Quick reply type some text and push the preview button.

Underneath the text box click on Additional options. Push the Choose button and navigate to the file and select it. When you want to post more images click on the more attachments link.

When done typing push the Post or Preview button.

I assume 192.168.1.254 is his router. IGMP is multicast broadcasting.

Looks like he has something connected to the router that is trying to stream something to his PC?

That is true for the question from the original topic starter. Somebody else continued; we are waiting for his screenshot.

Here is the screen shot of global rules.

[attachment deleted by admin]

Here’s a shot of the firewall events log…depicts how my router is being blocked.

[attachment deleted by admin]

Can you tell me how you defined your Network Zones Local Area Network #1 and Local Area Network #2?

A screenshot of the network zones would greatly help.

Here are the zones.

[attachment deleted by admin]

I see what may be going on. The Global Rules show two networks that are not defined. I am not sure how CIS reacts to that.

You home network shows 192.168.2.11/255.255.255.0. This covers the range from 192.168.2.0-192.168.2.255. That encompasses the other range from 192.168.2.1-192.168.2.20.

First thing is to decide how big you want your Home Network to be; delete one of the two ranges.

Next step is to remove the four rules in Global Rules that point to the two unused network zones.

Then use the Stealth Ports Wizard to make your Home Network a trusted network. Choose the first option:Define a New Trusted Network and Make my Ports Stealth for Everyone Else.

That should do the trick. Let us know how things work out.

What about the first post screen shot? Appears that he has a network in the 192.168.1.1 - 192.168.1.255 range that isn’t defined?

Oops - different poster! Hate this cross posting …

What screenshot are you referring to?

First poster was named Suffice. Not same person as tseyahsed.