CFP creating rules - "Allow" what exactly?

Firewall Alert: svchost.exe … DNS request
My answer: Allow/Remember
New rule in Network Security Polisy: svchost.exe - Allow IP Out Any/Any/Any/Any/

The question is: why “IP Any” if DNS needed TCP/UDP port 53 only?

I checked this behavior another way - atomic clock synchronisation:

  1. Firewall Alert: request out, single destination address; single port…
  2. Answer: Allow/Remember (NOT “treat as”!)
  3. Resulting rule: IP Out Any/Any/Any/Any/ - do what you want darling ???

What I miss?

you miss the alert level :-))) on low alert level DNS request is a internet connection attempt :-)) if you allow it - you allow every internet connection attempt :-))) if you set to high level - you will be prompted for every single IP, port and protocol an app is trying to use :-)))

Yesss! :slight_smile: Thank you Burillo! Now they will see who is master :wink: