HJLBX,
You mentioned "Block incoming connections is not the same as Stealth Ports. Stealth Ports is a port scanning countermeasure. You must enable Stealth Ports on Firewall - Tasks pane...".
Stealth Ports in the GUI has 2 options "Block Incoming Connections" & "Alert for Incoming Connections".
Doesn't "Block Incoming Connections" here means Stealth Ports?
I have to get definitive answer from Comodo, but I think that setting does both = Stealth Ports and Blocks Incoming Connections (BIC = if source port is from outside of your system AND the connection is not permitted by any firewall rules [e.g. an application assigned the Allowed Application firewall rule. In CIS an Allowed Application is permitted all connections - both Inbound and Outbound.]).
In other words, Comodo firewall will not block an Allowed Application from receiving a connection from a source port outside the system (e.g. soft vendor server calls the application installed on your system) even if user has enabled "Stealth Ports."
Safest firewall rule for apps is Outgoing Only; this rule does not allow incoming connections - even from safe sources. As a side note, very, very few soft vendors, in my experience, will "call" a user's system. Typically, it is always the application the contacts the server (initiates the connection) and sometimes (rarely) there will be an inbound connection. And typically, that inbound connection will use a different internet protocol (e.g. UDP instead of TCP), but not always.
Inbound connection does not = downloading, video streaming, phone\video calls, etc - if the connection was initiated by an application installed on your system.
Inbound\Outbound is determined by source port that initiates connection (your system initiates connection versus another system initiates connection with yours - e.g. server, hacker's system, system that can connect to yours via LAN, etc).