Comodo blocking services.exe from modifing registry key

Discussion in 'other firewalls' started by hoakman, Nov 13, 2009.

Thread Status:
Not open for further replies.
  1. hoakman

    hoakman Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    4
    Hi, does anybody have any idea as to why services.exe would want to do this. On a fresh install of Windows 7 Comodo firewall is blocking services.exe from modifing registry key HKLM\SYSTEM\ControlSet001\services\BITS\Start.
    This appeares every 10 minute.
     
    hoakman, Nov 13, 2009
    #1
  2. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    Welcome to Wilders Security Forums hoakman.....


    SERVICES.EXE

    services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping of services.

    services.exe also deals with the automatic starting of services during the computers boot up, and the stopping of services during the computers shutdown.



    BITS

    BITS in regards to the Microsoft Windows Registry stands for: 'Background Intelligent Transfer Service'

    BITS is an LegacyDriver Service and the ServiceDll is: 'gmgr.dll' located in C:\Windows\System32\

    BITS transfers data between clients and servers in the background using the unused bandwidth. If BITS is disabled, features such as Windows Update will not work correctly.

    BITS is dependent on the "RpcSs Service" 'Remote Procedure Call Service (RPC)' and the ImagePath leads to scvhost.exe


    Background Intelligent Transfer Service:
    http://en.wikipedia.org/wiki/Background_Intelligent_Transfer_Service

    About BITS:
    http://msdn.microsoft.com/en-us/library/aa362708(VS.85).aspx


    services.exe wants to modify the Registry Key: HKLM\SYSTEM\ControlSet001\Services\BITS\ /Start because services.exe is trying to start or stop an BITS data transfer.
    This BITS data Transfer is most likely Microsoft Windows Automatic Updates. (as an test only, try disabling Microsoft Windows Automatic Updates to see if the blocking stops, do not reboot)

    If COMODO still reports blocking of the \BITS\ /Start Registry Key every ten minutes, then there is another application requesting an BITS file transfer, there is nothing wrong with this.
    BITS never severs an file transfer when the Network connection is lost, it only suspends the connection in an queued state until the Network connection is available again.
    BITS always uses the idle, or unused bandwidth of an Network connection, giving access to applications in an first come first served approach.


    The Firewall MUST ALLOW services.exe to change the Registry Setting for \BITS\ /Start.


    HKEY1952
     
    HKEY1952, Nov 13, 2009
    #2
Loading...
Similar Threads
  1. mekelek

    Comodo firewall ignoring exclusions

    mekelek, Aug 21, 2018
    Replies:
    12
    Views:
    813
    mekelek
    Aug 22, 2018
  2. Newb888_1

    Outgoing connections not being blocked with an exception

    Newb888_1, Aug 6, 2018
    Replies:
    1
    Views:
    396
    moredhelfinland
    Aug 8, 2018
  3. __Nikopol

    Can't get Comodo Firewall to start. "bad_module_info"

    __Nikopol, Jul 19, 2018
    Replies:
    7
    Views:
    718
    __Nikopol
    Jul 22, 2018
  4. mantra

    why can't a firewall block all the connection of a program?

    mantra, Jun 20, 2018
    Replies:
    28
    Views:
    2,248
    TairikuOkami
    Jul 15, 2018
  5. bellgamin

    Private Firewall's mystery (to me block)

    bellgamin, May 21, 2018
    Replies:
    4
    Views:
    1,286
    act8192
    May 29, 2018
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...