What benefit do I get from the Predefined Policy "Web Browser" ?

I appreciate that allowing a hacker access to my Port 139 is inviting disaster,
but how am I at risk if I send a message to a remote destination Port 139 ?
What risk does “Web Browser” avert by prohibiting most “Priviledged Port” destinations ?

Since TCP Out is allowed to ALL Ports above 1023,
why is UDP Out excluded from absolutely all destinations other than Port 53 ?
Is it a more dangerous protocol ?

If I revert from “Web Browser” to “Allow IP Out Any/Any/Any”, am I :-
Permitting leakage of data captured by keyloggers, Credit Card Sniffers, etc ?
Permitting ingress of malware via the reply path of an IP Out ?
Allowing any on-board worm/Trojan/Zombie to further damage the Internet Community ?

Originally, when I first launched Firefox, I answered a pop-up with “Remember + Allow”, and Comodo automatically created a “Custom” Rule
“Allow IP Out From Ip Any To Ip Any Where Protocol Is Any”
This custom rule was always good to me. It even works with http://www.auditmypc.com

Recently I followed a recommendation to replace “Custom” with “Web Browser”, and so far this works,
apart from http://www.auditmypc.com at IP which not only uses TCP Out to Port 85,
but also for its speed test uses UDP Out to their Port 8600 or 8601.

My present solution is a Custom rule based upon “Web Browser”,
plus the addition of allowing TCP or UDP Out From Any to IP Any Any

I anticipate an ultimate solution of adding 85 to the HTTP Ports,
and adding UDP to the TCP Out that is permitted for all Ports above 1023,
but I want to first of all make sure I understand what I am meddling with


The Predefined Firewall Policies are just an attempt by CFP to define what a Web Browser normally does, and alert you if it tries to do something different. You can generate a custom policy instead by dealing with the popups as they happen, but many users find that a nuisance. The way to get focused custom rules, rather than allow alls, is to change the Firewall Behavior Alert settings to High, but the allow all out will work also. Just provides any level of control you are comfortable with.

Thank you for setting my fears at rest.

I will admit that auditmypc is the only site at which Firefox has used UDP, so I accept that Comodo is giving a valid warning that something is unusual.

It is now approaching my bed time, and a chance to dream about fire-walls !!!
Tomorrow I will decide whether to generally allow UDP above Port 1023, or whether to prefer a pop-up

Two minor criticisms of the Web Browser policy :-

  1. The “Email Client” is much more friendly, it concludes with “Ask”. I will now change “Web Browser” to the same conclusion;

  2. When auditmypc failed to work I inspected the Log and saw what was logged, BUT the log FAILS to distinguish between a Block and Log in the Global Rules and a Block and Log in the Application Rules - I wasted a lot of time trying to adjust the Global rules because I am accustomed to Application rules that do NOT terminate with Block and Log, so any item in the log has always indicated a need to adjust the Global Rules. It would be nice if the log could show exactly where the Block was invoked.

Any way - Many thanks for your replies