All I have checked are Block Fragmented IP and Do Protocol Analysis. You may run into trouble having Protect Arp Cache checked (this is for advanced setups). Run the Stealth Ports Wizard and choose Block all incoming connections and make my ports stealth for everyone. You can check your ports here:
My uTorrent settings: I allow it in the Sandbox as Trusted and in my Network Security Policy I have 2 custom rules:
Allow TCP Out From Mac Any to Mac Any Where Source Port Is Any And Destination Port Is Any
Allow UDP Out From Mac Any to Mac Any Where Source Port Is Any And Destination Port Is Any
uTorrent works fine with these settings on my system. In uTorrent under Connection, choose Randomize Port Each Start. You can open uTorrent and see which port it’s using and then check that port at Shields UP! You should find that it is stealthed.
Why Sandbox uTorrent? i don’t know if theres anything that will make uTorrent misbehave, it doesn’t update sometimes?
you say i may run into troube enabling Protect Arp Cache, what may happen?
if i enable randomize ports on utorrent say, if he used por X on my last session and now he is going to use Y does he close port X?
sometimes i get alerts that says that my system is trying to receive a connection from the internet like the one on the attached screenshot, is that normal behavior (windows checking for update or something) ?
I don’t Sandbox uTorrent, I have it as a trusted file.
Comodo ForumJust type in ARP Cache. You can try this setting if you want. Previously, there were many complaints when the average user had this checked. I think I remember that it’s not necessary unless you are networking.
From CIS Help:
“It should be noted, that a successful ARP attack is almost always dependent on the hacker having physical access to your network or direct control of a machine on your network - therefore this setting is of more relevance to network administrators than home users.”
However a useful test it is old in the sense of that it is made to test a HIPS only solution. The sandbox will skew results. You may want to read Getting Accurate Leak Test Results to learn more how to test with sandbox enabled.
the guides you refer poin to blocking out…your sixth rule for blocking is In and Out, why?
EDIT: Should i also disable “Do Protocol analysis” while torrenting?
EDIT2: On your TCP out rule, the destination port is a port set, why not only use port 80? should i also create a global rule?
when you put the firewall on custom policy to only allow the traffic you want do you customize each application rule? lets say App A wants access (TCP/UDP… etc) to the Internet, i choose allow and mark remember my answer then do i need to edit the rule on network policy?