Expert: Brian Benosky - 4/15/2008

Question
QUESTION: Hello Brian, this is Fernando again.

I wanted to thank you for your help with the malware issue. I also wanted to ask you something else that isn't related to security & viruses. I'm asking you and not another expert because I thought you knew your stuff, and you were very clear with your answers.

Like I told you, I don't know exactly what Lenovo laptop I have because I bought it in China last year and it is not very clear what name it has. I find, among other things "lenovo sunrise notebook computer" printed on the instructions booklet, but underneath it says something in Chinese (probably the name, but above the english words it has the name in Chinese also) with 420 in it, and v2.0. Also, in an instalation disc, it says "lenovo xuri notebook computer" and above it, in chinese, it's name but with 420m v2.0 in it.

So the problem is I can't change anything in the "power schemes" tab in the "power options" properties. Nothing is available to me, and I do not want my computer to go into sleep mode after 30 minutes of not using it.

I read windows help here: http://support.microsoft.com/kb/913622

Tried method 1 but it didn't work (I have service pack 2).

Oh, and:

- If I am using Comodo Firewall should I switch Windows' Firewall off?
- When Comodo tells me that another computer is trying to access my pc through "known files", what can this mean? I mean, is it safe? I have always declined but sometimes I feel it slows down my Internet connection.

Many thanks,
Fernando


ANSWER: Hi Fernando

You're most welcome for the assistance.  You have a Lenovo Sunrise 420m laptop.  I'm not sure if you're running Chinese or English language XP, but I believe the following fix should work for either.  Please go to Kelly's Korner website:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Scroll down to item 204.  In the right column, do a right-click on Restore Power Schemes/Configurations.  Choose Save Target As...  When the box pops up, just click Save.  Find the file on your computer and double-click it, press Run, then Yes to enter this file into the registry.  Reboot and you should have your power options back.

Yes, you need to turn Windows Firewall off when you are running Comodo.   I'm not sure about your second question.  It would depend on what the "known files" are.  Take down the exact message and I'll try to determine if it is safe or not.

Brian


---------- FOLLOW-UP ----------

QUESTION: Hi Brian, sorry for the delay but this was an oddly busy week: all of a sudden I have work!
About the power scheme options, I was poking about planning on doing what you told me but all of a sudden I realized that I do have them available, but they appear as a system tray icon by the name of EnergyCut (a Lenovo thing). Thanks for the info anyhow.

As for the computer trying to connect to my pc. I took down a couple of incidents over the past few days.

1. While I was using an online Chinese dictionary to study. (www.yellowbridge.com) this Comodo popup appeared:

firefox.exe is trying to receive a connection from the Internet. What would you like to do?

Application: firefox.exe
Remote: 78.97.37.117 - TCP
Port: 4011

Security Considerations

firefox.exe is a safe application. However, you are about to receive a connection from another computer. If you are not sure about what to do, you should block this request.

While I was copying the information, the popup disappeared. Did the connection attempt from the "other computer" stop? What happens when I click the close box in the popup (or wait until it disappears by itself, as it happened)? What does Comodo do (allow or block)?

2. While I was downloading a BitTorrent file from piratebay.org with Opera and checking my emails. I blocked the attempt, and every other attempt.

System is trying to receive a connection from the Internet. What would you like to do?

Application: System
Remote: 192.168.1.101 - UDP
Port: nbdgram(138)

System is a safe application. However, you are about...

3. An hour later, the everything the same as the previous one except:

Remote: 192.168.1.100 - TCP
Port: nbsess(139)

4. Next morning while checking some words in wordreference.com, System again, blocked it and Internet was (very) slow.

System...
Remote: 192.168.1.100 - UDP
Port: nbdgram(138)

5. And about an hour later,
Remote: 192.168.1.100 - TCP
Port: nbsess(139)

This happens about two or three times per day. It also happens when I use MSN messenger, is this normal? Why would it ever be normal (i.e. when should I allow the connection) for a different computer other than my own to access my computer?

Oh well, this is about it.

Oh, and, do you think Spybot S&D and AVG's free edition are good free options for an antimalware and antivurs?

Again, many thanks.

Fernando

ANSWER: Hi Fernando

Sorry for the response lag...Easter weekend was rather busy this year.  I'm glad you found your power schemes.  As for the open ports, it's normal while running applications such as torrent software and instant messaging.  You can unblock those ports safely.  I am not sure about the Firefox activity, however.  My general rule is that if you're not sure, just block it.  If things are not working right after blocking, you can simply go into Comodo's rules and unblock the port.

Both programs you mentioned are excellent free programs to keep you safe and are highly recommended.  I also like Avast antivirus and and Lavasoft's Ad-aware as alternatives:

http://www.avast.com/eng/download-avast-home.html
http://www.lavasoftusa.com/products/ad_aware_free.php

Let me know if you have any further questions.  Cheers!

Brian

---------- FOLLOW-UP ----------

QUESTION: Hi Brian,

Long time no write. I just saw the allexperts mail in my mailbox and wondered if I had replied (I was sure I did, but not that sure) and while rereading the question and answers I thought about asking another one for old time's sake. I haven't received a "you are trying to receive a connection from another computer" message in a long while, perhaps two or three weeks. I just thought about this and am, not paranoid, but wondering if maybe another computer is fully accesing my pc without me knowing it. Maybe I hit "remember answer" and accepted a connection once or maybe, well I don't know. It just feels odd. I remember I asked you if you knew what Comodo did when you simply ignored a popup notification (if it blocked or accepted the connection)? Perhaps it accepted all of them. Oh well.

Saludos,
Fernando

Answer
Hi Fernando

I believe the default value is set to block connections.  If you accidentally accepted it, you can change the value by opening up the program, clicking on the Firewall tab and looking through your View Firewall Events.  You can check the FAQ's and ask specific Comodo questions on their forum site here:
http://forums.comodo.com/comodo_firewall-b50.0/
Personally, I think that whatever was trying to access your computer has found that you are now secure and has given up.  Anyway, good to hear from you again!  Cheers!

Brian