The destination port is the last column in your image.
I include an updated firewall log snapshot.
I really have no idea why you’re seeing so many connections to Comodo. Usually, I have all updates/cloud look-ups/TVL updates etc. disabled and the processes responsible for making the connections blocked in the firewall. However, as an exercise, I re-enabled these settings and removed the firewall rules. After 4 hours of continuous use, I’ve only see three requests. One of these was to update the TVL:
Source: 192.168.1.208 (192.168.1.208)
Destination: 91.199.212.171 (91.199.212.171)
Transmission Control Protocol, Src Port: 49387 (49387), Dst Port: http (80), Seq: 1, Ack: 1, Len: 108
Source port: 49387 (49387)
Destination port: http (80)
[Stream index: 156]
Sequence number: 1 (relative sequence number)
[Next sequence number: 109 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgement: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value: 16611
[Calculated window size: 66444]
[Window size scaling factor: 4]
Checksum: 0xf371 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Bytes in flight: 108]
Hypertext Transfer Protocol
GET /av/tvl/deletedvendors.txt HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET /av/tvl/deletedvendors.txt HTTP/1.1\r\n]
[Message: GET /av/tvl/deletedvendors.txt HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /av/tvl/deletedvendors.txt
Request Version: HTTP/1.1
Accept: */*\r\n
Host: download.comodo.com\r\n
Cache-Control: no-cache\r\n
\r\n
[Full request URI: http://download.comodo.com/av/tvl/deletedvendors.txt]
0000 e0 cb 4e a8 6e f3 08 00 27 0e db 64 08 00 45 00 ..N.n...'..d..E.
0010 00 94 0a 6b 40 00 80 06 00 00 c0 a8 01 d0 5b c7 ...k@.........[.
0020 d4 ab c0 eb 00 50 0f c6 90 8f 1c 71 c1 15 50 18 .....P.....q..P.
0030 40 e3 f3 71 00 00 47 45 54 20 2f 61 76 2f 74 76 @..q..GET /av/tv
0040 6c 2f 64 65 6c 65 74 65 64 76 65 6e 64 6f 72 73 l/deletedvendors
0050 2e 74 78 74 20 48 54 54 50 2f 31 2e 31 0d 0a 41 .txt HTTP/1.1..A
0060 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 48 6f 73 74 ccept: */*..Host
0070 3a 20 64 6f 77 6e 6c 6f 61 64 2e 63 6f 6d 6f 64 : download.comod
0080 6f 2e 63 6f 6d 0d 0a 43 61 63 68 65 2d 43 6f 6e o.com..Cache-Con
0090 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a trol: no-cache..
00a0 0d 0a ..
and the other a cloud check.
Source: 192.168.1.208 (192.168.1.208)
Destination: 91.209.196.27 (91.209.196.27)
User Datagram Protocol, Src Port: 53817 (53817), Dst Port: n1-rmgmt (4447)
Source port: 53817 (53817)
Destination port: n1-rmgmt (4447)
Length: 54
Checksum: 0xe2ac [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Data (46 bytes)
Data: 042a470000010004003ecbf89990c4ba6d8aae8c856d54ba...
[Length: 46]
0000 e0 cb 4e a8 6e f3 08 00 27 0e db 64 08 00 45 00 ..N.n...'..d..E.
0010 00 4a 08 28 00 00 80 11 00 00 c0 a8 01 d0 5b d1 .J.(..........[.
0020 c4 1b d2 39 11 5f 00 36 e2 ac 04 2a 47 00 00 01 ...9._.6...*G...
0030 00 04 00 3e cb f8 99 90 c4 ba 6d 8a ae 8c 85 6d ...>......m....m
0040 54 ba 7c 02 8b 58 dc d4 28 75 9d 36 33 a1 4b cf T.|..X..(u.63.K.
0050 c6 2a 8c b6 de b6 6d e5 .*....m.
If I recall, you said you’ve disabled update checks and cloud requests, and yet you’re still seeing these. It may suggest you have a problem with your installation. The first thing to do, is make sure you really have disabled everything. For this, you need to check several locations: (see images)
More/Preferences/General
More/Preferences/Update
Defence+ Settings/Execution Control settings
As mentioned before, you can also block the connections in the firewall
[attachment deleted by admin]