Your logs seem to indicate that your "firewall" has blocked some packets from other machines destined for your machines port 137. Just like your build-in packet filter (the XP firewall) would have done.
And I'm trying to point you in a direction to learn that you don't need a "personal firewall". Since you seem unable (or reluctant) to answer why you installed one in the first place I assume I'm right.
For the record, although PC Tools says they do not offer "support" for the firewall they do offer bug fixes (they are working on an update at the moment for a problem with version 220.127.116.11). They also have a public, moderated forum where you can post questions and have them answered by other knowledgeable users. The advantage over an NG (which is not moderated) is that rude and otherwise inappropriate posts are deleted.
.invalid still doesn't make a valid mailbox. As by RFC definition, a mailbox is an SMTP-reachable mail account that receives mail. And the purpose is obviously that you don't create any errors for those who are trying to send you mail.
Ports 137/udp and 138/udp are most likely NetBIOS traffic. However, that's a mere guess, because the logs lack significant information (including at least IP addresses, interface and direction), which makes them pretty much worthless.
I ran into problems with PCTools because something they're doing is provoking AV software (NOD and AVG), even their newest version. I decided I really didn't want something that was so buggy because I couldn't trust it. I read the forums on their site and decided to wait quite a while before going near it.
So I tried Kerio 2.1.5 which is light and "to the point". I added the rules you suggested about port blocking and all is running beautifully and taking minimal resources. I also found a site that gave tips on setting rules for kerio and, for whatever they are worth, I'm passing the Shields UP tests on both my desktop and my portable.
This seems questionable as to just what are you trying to accomplish.
So, it's to be assumed that the two machines that are connected to your router, the LAN or Local Area Network, are never to share resources or network between the two, which are the ports you're blocking below with the PFW.
Ports 137-139 are your NetBios ports, which, unless you are on a local area network, probably should be blocked. Most firewalls have NetBios
If the machine is never to network, then simply remove MS File & Print Sharing and Client for MS Network off of the NIC (Network Interface Card) and those ports you have blocked including port TCP 445(NT based O/S such as XP) are not open *period*. You don't need to set any rules with a PFW for those ports as they are not open.
Why are you blocking the Windows Networking Ports while your machines are setting behind a NAT router and those ports are closed to the WAN/Wide Area Network - the Internet, by default?
No computer from the Internet can get to your machines on those ports and network with a machine, because they are behind the router.
That's unless *you* configured the router to open those ports. If you didn't do that, then it's a moot point of you setting rules with the PFW running on the computer to block the ports.
It only makes sense to set PFW rules to close those ports if the machine had a direct connection to the modem and therefore to the Internet. You don't want the machine in that networking situation -- that's bad.
The other reason would be that your laptop was on a LAN wireless or wired and it was not your LAN. It would be another reason you would want to set rules to close 137-139 UDP and 445 TCP with a PFW or remove the services off of the NIC to close the ports so that the machine couldn't network.
I may be very confused - but I'm not sure where my confusion is and perhaps someone could explain it.
My laptop and desktop are not networked and do not share files and/or printers. I don't want to remove this capacity (by removing files), as I might want to network them at some point in the future, but right now they are not networked and I don't want them to be.
I sometimes use my laptop on other wireless connections that are open and available either in other locations, or even in my own house if I'm doing a lot of uploading with my desktop. I also use it at friend's houses - they frequently haven't secured their networks. In other words, there are times when I hook into someone else' network - someone who has left their network unsecured. So, I certainly want my ports blocked at those times, don't I? My laptop travels many places and finds signals when possible.
Why is Kerio such a questionable product? My impression was that it was more reliable than Sygate, clearly doesn't transmit the virus that PC Tools seems to be transmitting and does not drain resources the way Sunbelt/Kerio or Outpost do. I regret being unable to use Comodo but it conflicted with both WinFaxPro and also with the spam filter I use with OUtlook.
So, could you please explain what I'm confused about so that I can learn? I thought I'd done a good job :-)
You're not removing files. All you're doing is removing the services off of the NIC, unbinding them off of the NIC, so no networking with the machine is possible. If you do want to network the machine at a later time, then you simply bind the services/protocols back on the NIC.
If you unbind the networking services off of the NIC, the machine cannot network. The networking ports are not open, period, because the services that would open the networking ports to allow networking are not on the NIC and are not active.
This has nothing to do with the PFW, but rather, your ability to understand, control and protect the O/S, which removing the networking services off of the NIC protects the O/S, since you have no intention of the a machine ever being in a networking situation -- not even on your LAN.
You remove the services off of the NIC, the machine cannot network no matter what you connect the machine to in a LAN situation or the machine is directly connected to a modem and the Internet/no router between the modem and the computer. It flat-out cannot network when the services are not there.
You go to the O/S and configure it/harden it to attack, not the PFW. You understand and learn how to control and protect the O/S.
This link may help you understand. You un-check Client for MS Network and MS File&Print sharing and the machine *cannot* network *period*.
Known and unfixed vulnerabilities that are not going to be fixed, because the product is out of support.
Aside from Sygate having a serious design flaw: the same applies to any software that isn't supported by its vendor anymore.
My experience with personal firewalls as well as what I hear from users of personal firewalls is that many of them will sometimes fsck up the network connection(s) for no apparent reason.
It's not a bad thing per se. However, Steve Gibson doesn't really have a clue when it comes to network and computer security, so his conclusions and recommendations usually are misleading, to say the least. "Shields UP" is okay if you can distinguish between fact and superstition. However, in that case you'd probably be using something else (like nmap) anyway.