Posted 27 January 2008 - 09:20 PM
The simple answer to your question is yes this is usual behaviour for the firewall, the reason this didn't happen with your old one would probably be because it focused on one connection for example pandascan and allowed it and every subsequent packet from panda through and did not monitor the system unlike comodo. Security.dll is part of windows, if it has been infected it may triger an alert.
If you have downloaded the latest comodo, it contains a new feature called defence, the defence feature is really quite good as it will monitor areas in windows that can be used maliciously. The first time you use the firewall and a browser such as IE, you will be swamped by alerts saying its trying to modify something and is trying to connect to the internet, most of these are harmless although some can be legitimate threats.
The system is quite robust as it has two layers of protection, the first is a firewall monitoring inbound and outboud traffic, if anything gets past the firewall and starts to install or modify something, you will be alerted to it. Again, if you are installing something then you will be alerted and can be quite annoying, however its better safe than sorry.
The security.dll file I believe comes with windows, however it may have been infected and you may want to submit it to them for analysis