W10 Famille - 21H1 - 19043.2130 / CFW : 18.104.22.16812
In my global rules settings, I have the following rules for a very long time:
Allow – TCP – Out – To port= 4448 - To @ IP= 199.066.201.016
Allow – UDP – Out – To port= 4447 - To @ IP= 199.066.201.016
These @ IP and ports are used by CIS.
I never had FW blocking on these 2 ports until now.
Since Friday 21, I have blocking on these ports to @ IP 22.214.171.124 (this would correspond to fls.security.comodo.com).
I don’t remember making a change in the FW settings.
CFW has of course not been updated; why all of a sudden, these accesses?
Your global rules don’t have an allow rule for that IP address that is being blocked. Instead you have allow rules for the 199 address and blocking rule for all other requests. You need to change the allow rules destination address to any to allow all outgoing to those ports.
I know perfectly well that the rules allow the use of ports 4447 and 4448 only for the @ IP 199.066.201.016 and not for the @ IP 126.96.36.199.
As I wrote in my first post these rules have been in place for a long time, more than a year, and there was never a block on these ports before October 21.
I am trying to understand why suddenly since October 21 there are access attempts on these ports and a priori by FLS which is a function of CIS knowing that CIS has still not been updated.