Hi, this is my first post to this forum. Today I installed a 3rd party firewall (COMODO Internet Security) on my laptop and HTPC, that coexists with the VISTA firewall on both. Both machines have Vista SP2. Both are behaving perfectly. After the first reboot on the HTPC, I noticed 203 intrusion detections. Further inspection showed a remote IP address 188.8.131.52:1051 hammering my port 56420 every 2 seconds. Seven other remote machines tried the same thing within the same 203 attempts but with ports above 51000 and only once each (e.g. 184.108.40.206:59791). I was alarmed and searched for my 56420 port, which led me to SVCHOST and a PID. Using PROCESS EXPLORER (I guess you could use task manager) I found out that several services could be using this port, so I started disabling each one, until the port was no longer available in PORT EXPLORER (i guess you could use netstat -ano). This led me to discover that port 56420 was used by BFE or "Base Filtering Engine" (and not to its dependents). 1. Was 220.127.116.11:1051 probing/attacking me? 2. Was 18.104.22.168:59791 probing/attacking me or is there something else going on with this one? Anyway the intrusion counter soon stopped and I then installed the same firewall on my laptop. To my amazement intrusion alerts started poping up and their source was my HTPC with port 56420! The logger showed: HTPC:56420 -> LAPTOP:57312 and also MYPUBLICIP:56420 -> LAPTOP:57312 Running my usual tests on port 57312 on the laptop I soon discovered that this port corresponded to BFE or "Base Filtering Engine" (and not to its dependents). DEJAVU? What is going on here? Why is this happening? The HTPC and laptop BFEs like talking once every time I reboot! 3. Can someone please explain to me why the "Base Filtering Engine" on each of my LAN machines feels the need to communicate and make small-talk? 4. And can someone please explain to me why the "Base Filtering Engine" on my HTPC feels the need to communicate and make small-talk long distance (could this be what it was doing with those 7 remote IPs)? 5 And what does my MYPUBLICIP:56420 have to do with everything? Anyway I am confused. Is this normal? Any ideas please?