Blocked Apps
The Blocked Apps shown in the list are not actually blockable, it can be said that they are displayed for informational purposes only. When executing an application, e.g. unrecognized, alerts will appear and the application will also be added to this list with information for the user which module (be it HIPS, firewall or sandbox) caused this event with the possibility of unblocking this application and adding it to the rules, e.g. HIPS as a custom rule and in Sandbox rules as ignored.
Regarding the Windows Operating System
When it comes to that unfortunate Windows Operating System, it’s already hands down. If you’re using a Desktop or Laptop computer and don’t use them to connect to public networks, you can turn off this setting (Enable ARP spoofing protection) without worry.
As for the Windows Operating System that is shown on the list as blocked, it is therefore visible because the Windows TCP/IP network stack handles all network packets in the kernel and is labeled by comodo as a Windows operating system. When you see blocked events coming to the Windows operating system, it means that the packet has been blocked from reaching the Windows kernel to be processed by the Windows network stack.
It also happens that if cfw can’t determine the process establishing the connection, it assigns it to the Windows Operating System, that’s the whole philosophy and unnecessary further topics on this subject.