Is it normal that firewall events show more events that it is blocking when you use this stealth port option?
Yes it will now start to log all traffic that was previously dropped by the Windows OS.
Because this setting does not allow any traffic that was initiated from the internet to your PC.
In the previous setting it would drop all traffic that has nothing listening for those ports and would have asked you if you had an application listening for it.
Can you explain that a bit more about what you mean by “listening for ports”?
A listening port is for example TCP port 80 on a system that hosts a webserver.
So a listening port listens for incoming traffic from a client that connects to it and if it receives a connection from a client it passes the traffic to the application that opened this port.
A default windows system has a few ports “open/listening” you can find them by typing
netstat -an|find /i “LISTEN”
in a command-box.
A few examples:
TCP version 4 RPC port 135 listening on all interfaces (0.0.0.0)
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP version 4 EasyVPN port 5800 listening ONLY on loopback interface (127.0.0.1)
TCP 127.0.0.1:5800 0.0.0.0:0 LISTENING
TCP version 6 port 135 listening on all v6 interfaces[nobbc] (::)[/nobbc]
TCP [::]:135 [::]:0 LISTENING