I am running a fully patched WIN XP SP3 PC. All IS 2011 rules and options set to automatic and default initially.

Ever since I installed IS 2011, I have had problems. For starters, I have been infected with two Trojans in my System Restore area that IS 2011 did not detect.. But by far the worst was I had IP's from Bejiing, China hacking into my PC. The worst was 221.192.199.48. Google that IP address and you will see all kinds of nasty stuff about it.

I detected it by observing all kinds of weird connections from my Netopia 3347 router logs. One showed what appeared to be a uTorrent setup with over 30 connections from one IP. I don't use fileshares period. Next I observerd consistent connections through port 445. I eventually added a block rule to IS 2011's general rules for that IP. Low and behold at every boot, this turkey IP was attempting connect to port 135, 445, and tampering with localhost 127.0.0.1 startups of alg.exe and ccSvcHst to name a few.

This was driving me nuts until I noticed that I had no inbound or outbound localhost rules present in the default general rules for IS? So I added two rules, inbound and outbound with monitoring enabled for 127.0.0.1 and moved down my block rule for 221.191.199.48. Low and behold that did the trick. I have been monitoring all my logs and active connections with TCPView and that IP has been stopped in it's tracks. Of course, that IP is pinging away at the router but he is getting nowhere.

I best as I can determine, the defaults IS 2011 has for localhost 127.0.0.0 don't work on my PC.

I am about ready to pitch IS 2011 and go back to Comodo's firewall which I used previously for a year and was 100% bullet proof ones you set up your rules correctly.