Instead of granting a application full access to the Internet, you can use this:
Create a new port set and add these ports:
80 (HTTP)
443 (HTTPS)
I’ve named it Browser Ports, but you might use something else. You can also add FTP access (port 21 I think).
Now here’s the application rules:
[b]Allow TCP OR UDP Out From [Your MAC or static IP if you use router] To IP Any Where Source Port Is Any And Destination Port Is In [Browser Ports]
Allow TCP OR UDP Out From [Your MAC or static IP if you use router] To IP [Your DNS server] Where Source Port Is Any And Destination Port Is 53
Block And Log IP In/Out From IP Any To IP Any Where Protocol Is Any[/b]
This works fine for most programs (except for IM’s, P2P clients and some others). Also, I don’t know why you’ve allowed explorer.exe to access the Internet?
Check this post for how to configure uTorrent with CFP3.
Thank you very much for your insight. I am not that computer savvy and have only been using Comodo for approximately 2 weeks. The program is a lot more interactive than the one (Zone Alarm) I am used to. Just a few questions. Do I create the new port set in the global rules section? Lastly, do I delete all the other application rules once I created the ones you suggested?
Firewall->Common Tasks->My Port Sets, then Add->A New Port Set… and name it Browser Ports or something. Then right-click it and select Add… Now add the ports I mentioned above.
You should delete all rules for an application before you create the new ones. Keep the current ones for:
COMODO Firewall Pro
Windows Updater Applications
System
Outlook
Alg
msimn
svchost
uTorrent
They use other ports than 21, 53, 80 and 443.
You might want to remove Internet Access for:
explorer.exe (it doesn’t need Internet Access)
wmplayer.exe (if you don’t need it to have Internet Access, block it. Might also use VLC Player instead)
winword.exe (why do a text program need Internet Access?)
setup_wm.exe (piece of sh*t, block it)
winzip32.exe (I don’t get it why it would need Internet Access, btw, you should get 7-zip instead)