I just installed comodo pro firewall. I have never really used a firewall before and I have a question. I keep getting inbound policy violation entries in the log every few minutes all from the same ip address. Can someone explain this?
Something like Comodo is not FW technology. Comodo is a personal packet filter or machine level packet filter, and it's not FW technology.
You can start with the links.
It was denied the personal packet filter is doing its job of stopping unsolicited inbound traffic. What you need to worry about is the inbound traffic that's is coming through the packet filter and is not being denied. A connection is made due to some program running on the computer behind the FW or packet filter that has made a solicitation for traffic to a remote/Internet IP, because the program sent outbound traffic to the site, and inbound traffic is coming back -- the solicitation.
There a two types of traffic a FW or a packet filter is going to deal with and is kind of a default. 1) Solicited inbound traffic. Traffic is coming inbound due to a program running behind the FW or packet filter has sent outbound traffic or the contract was initiated by the program behind the FW or packet filter. The FW or packet filter is going to let that type of inbound traffic pass. The traffic can or cannot be legit. It could be a legit program or a malware program that is doing the solicitation.
2) Unsolicited inbound traffic is just the opposite. No program running behind the FW or packet filter has made a solicitation for inbound traffic. That type for inbound traffic is blocked or denied.
I suspect that's not the case. Unsolicited inbound traffic which was what the packet filter was blocking is just everyday noise or traffic on the Internet. The booting of the computer is not going to clear it up, unless Comodo was doing false reporting, which can happen with any PFW/personal packet filter. But most likely, the unsolicited was stopped from whatever on the other end, because it couldn't get through, and it moved on.
If you don't have sufficient knowledge about networks and protocols, why do you even run a host-based packet filter and even further believe that you could actually achieve any level of security through it?
The above is a simple multicast subscription initiated upon your very own request.
I had picked up a few trojans and decided to install a firewall. Comodo was supposed to be good so I installed it. It was blocking repeated connections from somewhere and I wondered why. It was recommended so I installed it.
iirc 224.x.x.x is a multicast adress it seems to me wmp is trying to become part of the multicast group which could be normal behaviour iirc wmp could try this to accept multicast packets for information like MSN today, wmp loads things from the internet like advertisement, new bbc clips, ...
i myself wouldn't allow this, but i myself will never use WMP.
Ok...Thanks. I didn't have problems until I let active x and scripting through on internet explorer. Almost every page wants to use active x and i gave in and let the browser use it. When I did I started to get loaded with adware and viruses.
Firewalls can't protect against trojan horses, and in fact nothing but education can. Even further, if you picked up some trojan horses, then you installed them intentionally and it's solely your very own fault - how should dumb software prevent you from doing what you want, and why would you not enforce your own stupid ideas against such software?
If you had informed yourself properly, then you'd understand that Comodo is anything but good. It hooks into various kernel functions for no good, or better said: no serious reason, and thus adds a huge amount of complexity - and complexity is exactly the contrary of security.
Don't worry, we also wonder why it does what it does. Since it has no actual goal, it seems like it acts particularly random / non-deterministic.
Normal Micro$oft NetBIOS over TCP/IP traffic from a private network. If you connect to a network with other computers (like a private wireless network) you will normally see this traffic because M$ turns on NetBIOS over TCP/IP by default on all network interfaces. I recommend that people turn off this setting unless they have a need to reference computers on their network by NetBIOS name.
I read your other post about picking up some Trojans. The machine has been compromised. You should consider what is in the link.
It's up to you to practice safe hex, like not using IE, if it's a problem for you. Only use IE when a site calls for the use of IE and not using OE or Outlook find alternatives to these solutions that are less susceptible to attack, in your case.
FireFox for the browser and Thunderbird for the email client are (free). FF has the touch and feel of IE but doesn't use ActiveX controls and is a little tighter in its vulnerabilities.
But you should know this. None of this stuff and I mean *NONE* of this stuff is bullet proof. I don't care what O/S, like MS, Linux, Apple, whatever or what applications are running on the platforms as all of it is venerable to attack.
On the MS platform such as XP or other NT classed MS O/S(s), you have to go look from time to time for yourself with other tools. You cannot think that any one solution is providing stop all protection and notification. They cannot do it.
You should harden or tighten the O/S to attack as much as possible, like if Client for MS Networks and MS File & Print Sharing are enabled on the Network Interface Card or dial-up connection and it's a computer that is connected to the modem, which is a direct connection to the Internet, then those services or features should be removed. The computer has no business or should have no possibility of being in any networking situation while connected to the Internet in this manner - none.
The buck starts with you, the buck stops with you, and what you are or are not doing to protect your situation, with the knowledge you have to do it.
I say it's based upon who is sitting be wheel and is doing the driving.