I just installed CIS .427 and while I’m still getting used to the various options, all appears to be okay. However, I ran the Common Ports test at GRC/ShieldsUp! and found 4 ports open, the rest existing but closed. So I went in to Firewall>Common Tasks>Stealth Port Wizard and chose the 3rd option “Block all…” and clicked Finish. Configuration was confirmed, then I re-ran the ShieldsUp test again, with no change. I’m in Custom Policy Mode and Defense+ is in Paranoid mode. I have no access to our DSL modem, but when I’ve previously done this with Zone Alarm, the ports were all Stealth @ ShieldsUp, so I doubt its the modem.
I’ve been reading the various posts here and found only one other ShieldsUp posting, but I don’t think there’s enough there for my situation, OR I’m not fully understanding it.
Also, for testing purposes, how would I block just ONE port, say 23, just to make sure it works?
I’ve tried the LeakTest and only got 150/340, so I’ve still got a ways to go here.
Welcome. 
Make sure your configuration is set to ‘Proactive Security’ when running the Leak Test.
Miscellaneous > Manage my Configurations > Select
Hi,
You can create a global block rule specifying destination or source port you need to block.
You need to choose Proactive Defense configuration for maximum protection when testing with Leaktests
Concerning stealth port wizard - have you got the global rule set like shown on the attached screen-shot?
[attachment deleted by admin]