open ports ?

i have configured xp to not listen on ports 135 and 445. netstat only shows my computer listening on port 30606=Eset nod32,this is ok. my concern is that after running a port scan it shows ports are open.what can i do to completely block these ports.thanks for your time . im attaching a couple of pics.

[attachment deleted by admin]

Did you use an on line port scan and are you behind a router? Then you are probing your router and not Comodo.

To test Comodo when behind a router you need to expose your computer to the web. On routers that is usually called Demilitarized Zone (DMZ) or Exposed Host. I have no experience on setting this up so I couldn’t help with it.

no i did not use a online scanner, and i dont have a router, only my dsl modem.i used a program called local port scanner. but i have tested with GRC shields up and the test failed. here are the results also im attatching my global rules. thank you for your help i have searched for days with google and can not figure out how to achieve true stealth. also comodo is figured with stealth ports wizard to block all incoming. thanks again

[attachment deleted by admin]

First of all move all block rules under the allow rules. Does that change anything for you?

A better way to go may be to try the Stealth Ports Wizard (Firewall → Common Tasks) to stealth your computer. Choose “Block all incoming connections and stealth my ports to everyone”. After this you can use the Wizard again and add trusted Network zone (first option in the Wizard start screen).

Attached my Global Rules as an example. May be you need to clean up some of your Global Rules after following my tips?

[attachment deleted by admin]

What brand/model is your modem? Most DSL modems have a router built in.

my modem is a zyxel p-600 series, is it possible to configure this thing somehow? and as far as stealth ports wizard goes it does not stealth all ports. i have another post pending concerning stealth ports. thanks for you help sorry about the late reply,been away. global rules have been cleaned up.

[attachment deleted by admin]

The Zyxel P-600 Series Comes Up With A ADSL2 Modem + Router. You Can Check With The Official Zyxel Linl For Verification.

If it has a router, you’ll need to check the routers control panel (your users manual or the manufacturers site should tell you the address) to see if you can make firewall adjustments. If you want to test the firewall in CIS instead of your router, you’ll need to put your router in DMZ mode.

You need to adjust your global rules so your block rules are below your allow rules. Allow on top, block on the bottom.

thanks for your replies. i am going to check on the modem settings. on a side note i uninstalled comodo and tried outpost and online armor and i have got to say that comodo is by far the best especially as far as control over how the firewall responds and control over what gets to connect to the net and what does not. best described in two words COMODO RULES!!! thanks again for your time.

Use the guides from to help you with opening ports on your router: Port Forwarding Your Router to Get Open Ports .