another learning thread about Comodo Firewall ver. 3

Discussion in 'other firewalls' started by fce, Feb 8, 2009.

Thread Status:
Not open for further replies.
  1. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    below pics, what do you mean by percentage of ekrn.exe 71.6%, YahooMessenger 28.1% and svchost.exe 0.3% ? does it mean that my ESET Nod32 AV is accessing the internet?

    second question, at Proactive Defense it says "93files are waiting for your review" i review it and purge but still 93 files remain on the list (initially it was 100++ files)....what should i do with this?

    more to come....thanks in advance and sorry for newbie question!
     

    Attached Files:

  2. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    It means that from all the internet traffic generated, 71,6% was from ekrn.exe (have no idea what it is), 28.1% from Yahoo Msgs, etc. I presume ekrn.exe is a process of ESET NOD32? Then, means that NOD32 was accessing interent. (updating for example?)

    If you "purge" and the files disappear, and later reappear, means the files are re-generated for some reason. Antivirus updates can do that. If you "purge" but the files don't disappear, means the files are present on your hard disk and can't be purged. You need to either send them to "safe files" or "remove".

    To avoid these "pending files", switch to "safe mode".
     
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Eset NOD32 v3 proxy over port 30606 for applications checked in NOD to use proxy which is usually the browsers, so most traffic will be attributable to the ekrn service rather than named applications such as IE, Firefox, Opera and others. Updating? Yes, also by ekrn service, but that's just every so often :)
    If this firewall permits, then a rule permitting proxy to specific applications (and no others) can be logged and watched. Perhaps then the Traffic picture will reflect the actual applications going out and applications that force themselves into the proxy can be watched/disallowed.
     
  4. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    i used my laptop at the airport. While i'm connected to free wireless internet offer by airport Comodo give me some pop up that a system (with IP number and Port information) want to connect to my PC. I blocked it and it pop up again for the second and i blocked it again.

    below picture shows a System with Listening 139 and 145....does it mean that they still access my PC?

    also if you will check my picture, it shows that NOD32 scanning all my internet (with lots of IP #)? so comodo just "log it" and Nod32 do the security for web access?
     

    Attached Files:

  5. agagouga

    agagouga Registered Member

    Joined:
    May 21, 2008
    Posts:
    26
    @fce
    I suppose that you don't need netbios support, especially in the airport wireless ;)
    Go to windows at network connection -> properties -> tcp/ip -> properties -> advanced -> wins, and disable netbios
    Also go to services and stop & disable the service "TCP/IP Netbios Helper"

    So your system will not listen to these ports (waitin for connections).:thumb:
     
    Last edited: Feb 14, 2009
  6. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758

    what is netbios support and why should i disable it?
     
  7. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    anybody can explain me the above post please?

    Also i have rollback rx, whenever i restore my previous snapshot what happen to the new application i blocked before i restore my old snapshot?
     
Loading...
Thread Status:
Not open for further replies.