I have just been trying out Comodo f/w. Looking through the rules it set I noticed that Windows service had been set to 138. I always thought that these ports should be blocked in and out. Should this port be used?
What windows service? Ports 137-139 are NetBios ports which are used for file and printer sharing across a LAN. So if you are behind a router, trust your network, and need to share files or printers, then they should be open. However, these ports are exploited by several malwares, and also if open can allow a cracker access to your pc and files I need to know what service though and tell me what environment your computer is in to determine whether or not the ports should be used. Cheers, Alphalutra1
I don't think services.exe needs internet access, but I may be wrong here. If you are behind a router, keep the rule. Otherwise, try deleting it and seeing if any popup happens. If so, post back. Others may have some more info here. Cheers, Alphalutra1
That's curious. I am sure I was told or read that Services needs access to the net, yet I have denied it totally in Kerio and am still able to connect. Maybe it was for auto updating of Windows. This is what I am not sure about in Comodo and probably others in that it allows what it considers safe to connect permission without reference to the user. As far as I am concerned the less that are allowed free range the better.
SVCHOST.exe is used for windows update, I think you can block it without any problems. Services.exe is only used for starting and stopping services so I think it doesn't need internet access. Cheers, Alphalutra1
SVCHOST.exe, the Microsoft Generic Host Process for Win32 Services, may need the following rules: 1. Inbound local bootps rule Direction: inbound Port: UDP port 67 {bootps} Action: Permit 2. Outbound remote bootpc rule Direction: outbound Port: UDP port 68 {bootpc} Action: Permit I had to add those to my default NIS rules, and they work just fine. But your mileage may vary, if you don't need to add any permissions for the Generic Host then that is the safest way to go. To use ZoneAlarm terminology, SVCHOST on some systems may need local {not global} server rights. Hope that helps.