Firewall blocking connections despite setting program to "allow all connections"

I just recently downloaded CIS and I’m loving it so far, but I have a problem. When I try to connect to starcraft, it blocks all inbound traffic. I can connect to battle.net and join games, but I can’t host them since no one can connect to me. I’ve tried setting the program to trusted/allow all connections, but incoming UDP connections still get blocked and fill my log up with millions of “blocked” messages. I’ve also tried deleting the game from my firewall and Defense+ policies and turning everything to training mode, but the automatic policies it sets still don’t allow incoming traffic.

Any suggestions on how I can allow incoming UDP traffic?

I seem to have solved the problem myself after learning some useful functions in the utorrent thread. For anyone else who might search this topic in the future, this is what I did:

Firewall > Advanced > Network Security Policy > Application Rules > Right click on Starcraft and add new rule

Rule 1
Action: allow
Protocol : UDP/TCP
Direction: Out
Everything else: Any

Rule 2
Action: allow
Protocol : UDP
Direction: In
Source Address: Any
Destination Address: -your MAC address-
Source port: 6112
Destination port: 6112

Rule 3
Action: block
Protocol : IP
Direction: In/Out
Everything else: Any

Now go to global policies and click add

Rule 4
Action: Allow
Protocol : UDP
Direction: In
Description: Starcraft
Source Address: Any
Destination Address: -your MAC address-
Source port: 6112
Destination port: 6112

And that’s it, should work after that. Note that port 6112 seems to be the only necessary port for Starcraft. I noticed before that almost all my blocked connections were coming from and going to that port, with a few exceptions which probably won’t make a difference beyond a small few people not being able to join a game you hosted.

As I already mentioned I’m pretty new to Comodo, so I don’t guarantee that this is the best, most secure or most efficient way of doing this. If anyone sees anything wrong, overly complex or any major security vulnerabilities, say something! Also, can someone with a little more knowledge please explain to me why it’s necessary to create a global rule for this to work properly? Shouldn’t the initial rules just for Starcraft be enough?

Your making it all to hard. You can simply add your game exe’s to the firewall and D+ as trusted which is what I do for all my 100 games or so. Or…simply switch the firewall and D+ to “training mode” and then play your game for a minute or two and let Comodo learn the game. Then switch back to your previous modes. Its that easy. I play WOW all the time.

I tried it the way you described at first and like I said, I wasn’t able to receive inbound traffic. I could play the game online fine as long as I wasn’t the one hosting. It’s really just a minor annoyance, but I don’t like seeing my log filled up with hundreds of blocked connections when there shouldn’t be.

It’s kind of the same concept as with uTorrent. It works alright even if you disallow all inbound traffic, but that’s not the best way to do things.

WoW and most other games would be different because you’re initiating all communication to the host server; there’s no need for inbound traffic. In Starcraft (or WC3 or whatever) when you host a game, they need to be able to see you and connect to you first. It’s like hosting a mini server.

Please change the source port in Rule #2 and #4 to Any. People may send from others ports to port 6112.

Using Training Mode is a convenient way of getting the rules of games learned as CIS will just learn whatever happens without popping up. Only to be done on a clean system of course.

Please change the source port in Rule #2 and #4 to Any. People may send from others ports to port 6112.
I don't think it's necessary. When I checked my firewall log before I solved the problem, 95% of the blocked connections were trying to come in through port 6112. Would allowing the other 5% be worth the extra security risk? Things already seem to be working properly.
Using Training Mode is a convenient way of getting the rules of games learned as CIS will just learn whatever happens without popping up. Only to be done on a clean system of course.
I already pointed out (twice) that training mode didn't solve the problem. I had to create the global rule myself.

Global rules are used to mostly filter out UDP/TCP traffic and are independent of the application rules.

From what i`m aware the global rules are consulted first and if there is a rule like yours above then the packets are allowed through to application rules(for whichever application is listening).

If there is no rule in place the packet is discarded and not forwarded to application rules.