Should I be concerned about this?
When CIS does not see an application for traffic it will log that as traffic for WOS. In case of incoming traffic it means the traffic is blocked. That is one of the things a firewall is supposed to do: blocked unsolicited incoming traffic.
For outgoing traffic there is a driver “blocking view”,metaphorically speaking, so it cannot tell what process is sending the outgoing traffic.
My guess that the blocked UDP is probably coming from Comodo servers.
Here are my WINDOWS OPERATING SYSTEM rules:
Allow ICMP in from in [modem] to in [NIC] where ICMP message equals ECHO REQUEST
Allow ICMP in from MAC any to in [NIC] where ICMP message equals TIME EXCEEDED
Allow ICMP in from MAC any to in [NIC] where ICMP message equals 11.1
Allow ICMP in from MAC any to in [NIC] where ICMP message equals FRAGMENTATION NEEDED
Allow UDP in from in [FortressITX - CIS agent (TCP/UDP)] to in [NIC] where source port is in [4447/4448] destination port is ANY
Allow ICMP out from in [NIC] to in [modem] where ICMP message equals ECHO REPLY
Allow ICMP out from in [NIC] to in [modem] where ICMP message equals PORT UNREACHABLE
Allow ICMP out from in [NIC] to in [DNS] where ICMP message equals PORT UNREACHABLE
Allow ICMP out from in [NIC] to in [FortressITX - CIS agent (TCP/UDP)] where ICMP message equals PORT UNREACHABLE
Allow ICMP out from in [NIC] to in [co.uk - CIS agent (TCP / UDP) ] where ICMP message equals PORT UNREACHABLE
Allow ICMP out from in [NIC] to in [comodo.com - CIS agent (TCP / UDP) ] where ICMP message equals PORT UNREACHABLE
For SYSTEM (only rule):
Allow UDP in from in [modem] to in [NIC] source port is in [137] and destination port is in [137]
For the DNS file-group:
Allow UDP out from in [NIC] to in [DNS] where source port is any and destination port is in [53]
With the aforementioned rules CIS blocks no UDP ever.
Wxman, please don’t jump to conclusions before having received more information.