Question again!
Look:
If I use “custom policy mode” in what cases alert will be for “Windows Operating System” and for “System”?
And another one question: CIS DNS servers does not work (through vpn-servers). Could it be caused by restricitions of internet-provider?
The first question is still actual
im sorry, it isnt an answer. Its even !ot! i suppose
i want the truth 
N0ormally for UPnP or Netbios access alerts for Windows operation system and System appears.
Just block this by a rule, and everything is fine.
oh my god. VPN connection needs some rules for “W.O.S.” and “system”/ I want to get the difference between “w.o.s.” and “system”
what answer should be?
renaebayos, actually I dont understand what you said and it seem like you are wrong.
Users of this forum loves to give bad advices, as I have observed. This is funny business ;D
https://forums.comodo.com/empty-t37836.0.html - This is for VPN server
By the way, VPN needs:
WOS: Allow IP Out From IP Any To IP Any Where Protocol Is 47 (GRE)
System:
Allow TCP Out From Ip Any To Ip Any Where Source Port Is Any And Destination Port is 1723
So, renaebayos, this looks like total poo what you said :-TD You will be very vulnerable for direct os attacks if you will do such a rule like on your screenshot, will not you?
I always thought, that incoming connections (not in loopback zone) are useful only for network servers and I cant understand how the hell It could be useful for WOS or system
I think that blocking ICMP is a security improvement.
I have extremely good p2p speed without your rules. I have limited it. Also I affraid of flooding and, for example “smurf” attacks. And I dont want to takes part in flooding :a0
OK, tell me what for I need incoming icmp traffic. And why the hell you have adwiced me to allow incoming connections for W.O.S.? In what is p2p? P2P client must work with all p2p traffic