This one has me a bit concerned as to the security of NIS 2011 General firewall rules.

I originally created a General firewall rule to handle Win Updates in WIN XP Pro SP3. I did this since I did not want TCP external access using svchost.exe.

In all the below instances, the Win Updates connection worked sucessfully.

The original rule created was allow all TCP/UDP in/out to Microsoft Win Update domain names. I set log creation on to monitor the rule's activity. I was somewhat shocked to see alg.exe and ccsvchost.exe using this rule to establish their TCP localhost connection.

Next I modified the General rule to only allow TCP oubound only. Same result; alg,exe and ccsvchost.exe connections to localhost.

Finally, I restricted the TCP oubound rule to only ports 80 and 443 and that worked. No connections to alg.exe and ccsvchost.exe to localhost via this General rule.

So at this point I am questioning the effectiveness of the General rules w/o specific port assignment. Is the issue that the General rules are not capable of handling domain name only connections w/o specific port assignment?