Yesterday, I updated Cfp 30.14.276 to 30.15.277, after that I have found these blocked entries in my FW log after I breiefly used utorrent. Please see the screenshot.
What do these mean and do I have to do anything about them.
Win XP Pro SP2
Nod 32 Av 2.7
[attachment deleted by admin]
Those ICMP codes can be sorted out using the attached file. For instance, an ICMP connection with a type 3 and code 3 block means Destination Unreachable/Port Unreachable. From that you would have to determine whether the port is blocked by your firewall rules or the destination. It seems that most of those entries are for WOS rejecting an outside connection attempt. I have disallowed any outside connections for WOS either In or Out and I have not had any problems as a result and I now get no connection attempts for WOS (after a month or two of use).
The uTorrent connection attempts are from the outside aimed at the torrent exe (I assume - can’t quite see all of the path). I don’t know whether you want to allow those or whether you have blocked the use of your computer while not connected to the torrent sites (I would not want to leave those ports open when not in use).
[attachment deleted by admin]
Per your comment I have blocked ALL in/out connections to WOS with logging turned off.
Under my Global Rules I have permitted incoming TCP connections for destination port 32545, the port that my utorrent listens on.
Two questions arise
1- Do I have to allow incoming UDP and ICMP connections too on this port (32545) for utorrent ?
2- How do I block incoming connections on my utorrent port (32545) while I am not connected to torrent sites and allow them when I am connected ?
Best edit that image and hid your IP!
The firewall log show only UDP connections for the uTorrent connections, so add both TCP and UDP, or possibly only UDP instead of TCP - I’m not sure, but the log will show blocked connections. You should not need ICMP connections that are not already allowed.
To block that port when not in use, you can click and drag the rule down the list until it is below a block rule that prevents that port specifically. You would have to write the block rule on the Global Rules page making it exactly like the Allow rule but with the Block option selected. The use of Application rules that have a block rule at the bottom might make this redundant, but I don’t know enough to say that this would be adequate and make the dragging of rules unnecessary.
Wow!!! roflol just messing…
If every of your programs in application rules have block&log/ip/in&out/any/any/any as the last rule in the list and you have no global rules at all, you may allow port 32545 for utorrent in application rules only.
In this case 32545 is opened when utorrent is running and is closed when utorrent is not running.
Application rules allowing the port to be open work if there is not a conflicting Global rule that prevents it first. Review your Global rules and if the connection In is not blocked there, the Application rule should be fine.