Hey all,
The purpose here is to Manually create a fully working, all scenario uTorrent + CIS 4 Firewall Rule set.
There are other approaches, and levels of paranoia.
But I know these rules work, and I use them.
So gentlemen if nothing else a safe baseline.
First in uTorrent…
- Open uTorrent > Options > Preferences > Connection
- Deselect - Randomize port each start
- Enter a high Listening Port = Port used for incoming connections 49152 in example. pic1
- Select > OK Leave uTorrent running (minimized if you like)
I personally recommend to use a port number between 49152 - 65535
note 65535 is the highest allowed.
In the pic1. and for the rest of this “how to” I will use port 49152 as an example.
And IP 192.168.0.199 as this PC’s NIC address.
Next in CIS 4…
Open GUI > Firewall > Advanced > Network Security Policy > Application Rules tab.
Look for a uTorrent.exe entry.
Depending on other CIS settings and choices made so far, there should be one.
If there is a uTorrent.exe entry…
Highlight it and select Edit.
Now you’re looking at the Application Network Access Control window.
From here, you can either…
- Start with a clean slate by highlighting and selecting to remove the existing rules, and then carry on below from Application
- Read along and check and edit your existing rules. So that in the end you have the same rule set, no more - no less. Starting at Application
If there is not a uTorrent.exe entry in the Application Rules tab. Make one…
- Application Rules > Add
- Application Network Access Control > Select > Running Processes
- (highlight) uTorrent.exe > Select
In the Application Network Access Control window > Use a Custom Policy > Add
In the Network Control Rule window
- Action = Allow Do not check the box to “Log as a firewall event…”
- Protocol = TCP or UDP
- Direction = In
- Description: (leave blank)
- Source Address > Any
- Destination Address > 192.168.0.199 as per example (your NIC’s IP or MAC address)
- Source Port > Any
- Destination Port > A Single Port = 49152 as per example (your own choice preferred)
Click Apply
In the Application Network Access Control window > Add
In the Network Control Rule window
- Action = Allow Do not check the box to “Log as a firewall event…”
- Protocol = TCP or UDP
- Direction = Out
- Description: (leave blank)
- Source Address > 192.168.0.199 as per example (your NIC’s IP or MAC address)
- Destination Address > Any
- Source Port > Any
- Destination Port > Any
Click Apply
Your Application Network Access Control window should now look like pic3.
Click Apply
Your Application Rules tab uTorrent rules should appear as in pic2.
Now Get connectible
Open the Global Rules tab > Add
In the Network Control Rule window
- Action = Allow Do not check the box to “Log as a firewall event…”
- Protocol = TCP or UDP
- Direction = IN
- Description: “Allow uTorrent port 49152 In” as per example (your preference)
- Source Address > Any
- Destination Address > 192.168.0.199 as per example (your NIC’s IP or MAC address)
- Source Port > Any
- Destination Port > A Single Port = 49152 as per example (your own choice preferred)
Click Apply.
Move the new uTorrent rule up or down as necessary to be just above the default Block rule as in pic4.
Finally Click OK to close the Network Security Policy window, which will apply all these new settings.
uTorrent will now work and be connectible as far as CIS 4 is concerned.
If you are for some reason Not connectible.
Double check that your uTorrent,CIS and Router (port forwarding)settings are uniform.
If you are behind a router you may need to forward the same uTorrent port, if you or UPnP haven’t already done so.
For Router Port Forwarding Help see http://www.portforward.com/ a very handy resource.
If you see that when you close the uTorrent app, your Firewall log blows up with Blocks all directed to your uTorrent port, but logged as Windows Operating System.
It is because with no running application “listening” on the “open” port the still incoming peer traffic/packets are dropped/blocked and logged as the WOS pseudo process.
For more about this and How To stop this logging if it bothers you see
https://forums.comodo.com/install-setup-configuration-help-cis/how-to-stop-logging-blocked-torrent-port-when-client-is-closed-t51399.0.html;msg366946#msg366946
Bad
If you have any questions or comments please start a thread and refer to here, Thanks.
[attachment deleted by admin]