I have seen and used earlier versions of this firewall, and was going to wait until a final release, but due to PM`s, and the open release (although not final) I will make a post.

First lets look at the settings.

Standard mode

From default installation the firewall is set at "Standard mode"
~screenshot taken during installation~
188546

from this, if we check the firewall options
188547

At the top there is the option "Automatically allow Trusted programs to access the internet". This of course does as it states, and will allow applications that are trusted to be allow internet access, and any rules for that application will be automatically created.
Below this are the logging options, then the "Content control", the later being how the firewall will check the applications, by ethier Hash(checksum), or by Hash and Path.
The "Notify me when programs are autotrusted" will make the firewall give a popup when an application is first (automatically) allowed internet access.

The "uninstall Firewall" is there if you are installing, and already have a firewall installed, or simply do not want to install this firewall.

All applications that have been allowed internet access, and the rules created for these can be reviewed at any time.

Select Firewall:- "Program access" tab for the programs allowed internet access
188548

the "Rules" tab, which will show the rules created
188549

Advanced Mode

Now, this is the setting I personally would use. The mode of the firewall can be changed at any time, by going to "Options"
188550

If we then go to the "Firewall" tab, there are a couple of extra options

188551

Again, at the top there is the "Automatically allow Trusted programs to access the internet, but with an extra option below "Autoconfigure trusted programs". Depending on how you have these selected, you could for instance, uncheck the "Automatically allow Trusted...." so that you are given the warning popup, but once a trusted program is allowed internet access, then any rules required will be made automatically. Or of course, you can uncheck both, and create rules from popups, or manually enter them (we will look at that a little later)
The other option to note is the "Intercept Loopback interface". Now this will intercept comms on the localhost, this is needed particularly if you are using a loclhost proxy such as "Proxomitron"

The main difference can be seen between "Standard" and "Advanced" mode when we go back to to the "firewall" settings/option.

188554

First, the ICMP tab, this, as you may of guessed, is for the ICMP settings

188555

We then have the "Restricted Ports" tab. This will block ports from being available to the internet. These can be added to, edited or deleted, depending on need.

188556

"Restrictions / Blacklists" tabs.

I left these until now, as these options are also within the "program rules"

Under the tabs shown, these are global rules, and can be added to a programs rules which I will show a little later, first,

Restrictions.
This allows you to set what country, or single/range IP(s) are allowed or disallowed to be connected to. As you can see from the options:-

188557

Blacklists,

This enables you to load a "blacklist". I personally download my blacklists using the "Blocklist Manager" (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=30). This will download the selected blacklists, the lists do not need to be converted, they can simply be loaded into OA. They can then, if needed, be edited. I dont normally have so many lists installed, I added these as I wanted to see how OA would handle large lists.

188558

Program rules

As mentioned, all program rules can be found: Firewall / rules / rules tab.
To edit the rule, either double left click the rule, or select and press "Edit Rule":-

188564

An example of a program rule: this is for firefox HTTP (remote port 80)

188565

Now, I was a little concerned with this at first, as there is no "local port(s)" entry. But as there is the inclusion of the "restricted ports" I can see possibly why this was not included.

You will note the other tabs on this rule,
Endpoint Restrictions.
Here you can leave as "Global Restrictions" (as you may of entered) or, you can use restrictions per rule, an example could be for DNS lookups, where you want to allow only comms to your DNS servers

188561

Then the Blacklists tab,
Again, you can leave as global, or you can select just certain lists, or have none, depending on the application

188562

I have probably missed some settings (and will add if/when found), but I must move on.

Now before I continue, I must say, that I am set up on W2K. I know from the release shown that OA2 is not compatible due to bugs/conflict with this OS, but, there as been a release (build 160) to resolve this issue, which I currently have installed, and running without issue, so,...

Memory usage.
I have had OA2 installed for around 18 hrs, the memory usage as varied. There are 2 processes running:-
oasrv.exe: 8,000k - 10,000k
oaui.exe 8,000k - 9,500k

So on average, below 20mb

I did expect a large increase in memory usage when I loaded the blacklists, as these between them are approx 12.8mb (txt files). There was a quick increase in memory usage of about 5mb when I loaded these, but this then went back down to normal.

Surfing speed,.. no noticeable decrease in browsing, even with the blacklists (I shown) loaded.

Now, kills/leaks

I would of prefered to test this on full release, and certainly not on W2K (due to possible bugs still present). But, I did some basics,

APT4
I ran the basic 12 kills againts oaui.exe, OA passed all that I could run (kill 10 would not run on my seup (terminal service))

SPT
Again I ran the basics (16 tests)
OA failed on:-
KILL 4 (terminate process by instruction pointer (IP) modification)

Stopped, but with auto restart notification on KILL 16

I still prefer to run these againts OA on XP, or when final.
Leaks,

I did/do not have time to run the full batch of leaktests, but did a quick test with leaktest 1.2 (just to check hash checking) which it passed. Out of interest, I did run the PCFlankleaktest, which it did intercept (I was a little surprised,.. and I will need to find time to check out the rest of the protection)

I hope this answers the questions I have been asked. Please do post to thread any findings you find yourself, or if you have other questions.

Stem

I´ll keep an eye on this firewall, it seems to get better each day :o
Questions:
- I also expect the local range to be included.
- How to add remote IPs per app (mail servers, HTTPS, DNS servers).
- How are handled DNS lookups (per app or global setting for svchost) and DHCP?
Thanks Stem for your tests.

-{ Quote: "- I also expect the local range to be included." }-Yes, as I mentioned, I would prefer for local ports to be included in rules. The restricted ports does give some compensation to this.
-{ Quote: "- How to add remote IPs per app (mail servers, HTTPS, DNS servers).
- How are handled DNS lookups (per app or global setting for svchost) and DHCP?" }-Endpoint restrictions, check post 5. I can/will post examples if wanted (I know I should of given more detail, but spare time was/is short, sorry)
-{ Quote: "Thanks Stem for your tests." }-No problem,..

Stem

So, "Endpoint restrictions" always refer to remote IPs? Sounds like the "Custom addresses" of Kerio 2.1.5.
Thanks again Stem.

Stem, thanks for your excellent overview of this new FW (and HIPS?). Would you please let us know how much memory OA's processes use? ~pv

-{ Quote: "Would you please let us know how much memory OA's processes use? ~pv" }-Post #6-{ Quote: "Memory usage.
I have had OA2 installed for around 18 hrs, the memory usage as varied. There are 2 processes running:-
oasrv.exe: 8,000k - 10,000k
oaui.exe 8,000k - 9,500k

So on average, below 20mb" }-

Thank you for your trialing and evaluating this firewall, Stem. ;D

Regarding this:

-{ Quote: "
Leaks,

I did/do not have time to run the full batch of leaktests, but did a quick test with leaktest 1.2 (just to check hash checking) which it passed. Out of interest, I did run the PCFlankleaktest, which it did intercept (I was a little surprised,.. and I will need to find time to check out the rest of the protection)

Stem" }-

I'm looking forward (as I'm sure others are as well) to hearing your results once you've had time to put it through all the tests. Hopefully you'll be able to keep it around for a while afterward and put it through even more extensive testing, and keep readers like myself up-to-date on any developments as well as your opinion of it from your experiences (either positively or negatively).

Thanks again :thumb:

Hi JR,
I did intend to setup and perform full leaktest "tests" ASAP, but as I have been informed that OA does block these,.. how can I not fully test. I will "pull`n`test"(so to say) tomorrow, with results as I find (both on W2k and XP)

very nice review Stem :thumb:

also would you mind testing OA FW with online games or p2p. I want to see how it well it handles the connections and what not.

I want to ask, can u use just the firewall without use of OA HIPS?

Also one Q from MikeNash, is there any future plan of FW alone without HIPS?

Thanks

-{ Quote: "I want to ask, can u use just the firewall without use of OA HIPS?

Also one Q from MikeNash, is there any future plan of FW alone without HIPS?

Thanks" }-

Hi Aigle,

Yes, you can disable the HIPS features selectively if desired - lots of configuration options. However, without some of the HIPS features enabled (for example, process tampering detection) then the firewall would fail the leaktests (if you care about such things).

With OA2 it is possible to get rid of most of the HIPS things without sacrificing these features. For example, you can deselect "alert when an unknown program tries to run" which will still give you the other facilities but will not prompt on unknown EXE.

Similarly, you can turn off the webshield popups (silently block) or turn off webshield all together.

I'm not sure it would be worthwhile releasing a standalone firewall for the reasons I mention above.


Mike

Thanks Mike!

You are right that disbling HIPS will let the FW fail against leak tests.
But I am concerned from marketing point of view. Many users might not like a full HIPS-like popups but will still like to use OA with less pop ups( related to anti-leak test functionality).
I think there should be a one click option that will diasble all HIPS functionality which is not related to FW and leaktsets while at the same time keeping FW and part of HIPS which are necessary for leak tests enabled.

I hope I am able to make my point clear.

-{ Quote: "Thanks Mike!

You are right that disbling HIPS will let the FW fail against leak tests.
But I am concerned from marketing point of view. Many users might not like a full HIPS-like popups but will still like to use OA with less pop ups( related to anti-leak test functionality).
I think there should be a one click option that will diasble all HIPS functionality which is not related to FW and leaktsets while at the same time keeping FW and part of HIPS which are necessary for leak tests enabled.

I hope I am able to make my point clear." }-

Hi Aigle,

I agree it's a nice idea - but on this release, I must draw a line somewhere. For the last 8 months I've been adding "one more feature" to OA. We were ready long before Christmas with the firewall, but then I had to go and make it Kernel Mode... and now its March :)

So for this release - no more feature changes are going in. The slate is wide open for later versions of OA, of course.


Mike

Ofcourse I am not suggesting for now, just a suggestion for future versions.

Thanks

Hi WSFuser,
-{ Quote: "also would you mind testing OA FW with online games or p2p. I want to see how it well it handles the connections and what not." }-I can set up for a torrent client, and will download one of the large linux(or whichever) iso files. I do want to see performance and memory usage of OA with many connections, but also with the large blacklist in place.
I will do this after running through the leaktests (which I am setting up for now)

I appreciate it Stem.

leaktest1.2 ...........pass

PCFlankLeaktest .......pass

Wallbreaker v4.0
1 .....................pass
2 .....................pass
3 .....................Wallbreaker error "cannot create file"
4 .....................Wallbreaker error "cannot create file"

Tooleaky ..............pass

Surfer ................pass

pcaudit ...............Failed
pcaudit2 ..............Failed
(PCAudit uses DLL injection to inject it's code (as a DLL) into authorized application instead of launching it's aim directly.)

GHOST .................pass

jumper ................pass

firehole ..............pass

thermite ..............pass

dnstester .............pass

Up to now, OA fails only on blocking dll injection. I can find no settings for this.

Thanks Stem, nice work again. :thumb:

Hi Stem, thanks for testing and providing the results of your findings (below):

-{ Quote: "

*leaktest1.2 ...........pass
*PCFlankLeaktest .......pass
*Wallbreaker v4.0
1 .....................pass
2 .....................pass
3 .....................Wallbreaker error "cannot create file"
4 .....................Wallbreaker error "cannot create file"
*Tooleaky .........pass
*Surfer .............pass
*pcaudit ...........Failed
*pcaudit2 .........Failed
(PCAudit uses DLL injection to inject it's code (as a DLL) into authorized application instead of launching it's aim directly.)
*GHOST ............pass
*jumper ............pass
*firehole ...........pass
*thermite ..........pass
*dnstester ........pass

Up to now, OA fails only on blocking dll injection. I can find no settings for this." }-

Very much appreciated. Thanks again, Stem :thumb:

Interestingly enough.....your test results are a little different from the test results that Mike Nash posted at the Tall Emu/Online Armor forums (I hope Mike doesn't mind, and that this doesn't "breach" some sort of "cross-forum posting/referrencing" rules):

-{ Quote: "

Online Armor 2 - Current Leaktest performance

As part of our testing of the Online Armor firewall, I downloaded the various leaktest programs from http://www.firewallleaktester.com/

The following table shows the tests by name, and result. This is my brief personal testing, done on an informal basis (ie quick click and run at home). Thus, if the guys over at firewall leak tester repeat these tests they might have a different perspective. All tests were done on XP SP2;

Retested on 10 Mar 07 - Default config of Online Armor (Build 158) running in Standard mode. No other security software.

Of course, we'll be working to pass the remaining tests, prior to release :D

LeakTest 1 - Leaktest (Passed 30 Dec 06)
Leaktest 2 - Tooleaky (Passed 10 Mar 07* )
Leaktest 3 - Firehole (Passed 30 Dec 06)
Leaktest 4 - Yalta (Passed 30 Dec 06)
Leaktest 5 - Outbound - test did not function on my system
Leaktest 6 - PC Audit - (Passed 10 Mar 07)
Leaktest 7 - AWFT - (Passed 30 Dec 06 - 10/10 tests)
Leaktest 8 - Thermite - (Passed 30 Dec 06)
Leaktest 9 - Copycat - (Passed 30 Dec 06)
Leaktest 10 - MBTest - test did not function on my system
Leaktest 11 - WallBreaker - (failed)
Leaktest 12 - PC Audit 2 - (Passed 10 Mar 07)
Leaktest 13 - Ghost - (Passed 10 Mar 07 *)
Leaktest 14 - DNSTester - (Passed 10 Mar 07)
Leaktest 15 - Surfer - (Passed 10 Mar 07*)
Leaktest 16 - Breakout - (failed)
Leaktest 17 - Jumper - (Passed 30 Dec 06)
Leaktest 18 - CPIL - (Passed 30 Dec 06)
Leaktest 19 - PCFlank - (Passed 10 Mar 07)

AKLT
We do not protect against screen grabs. Get XXX Keystate and DirectX keylogging is protected (10 Mar 07)


Matousec leaktests

COAT - (Passed 1 Jan 07)
CPIL Suite - (Test 1 - Passed 1 Jan 07). Test 2 & 3 Failed.
Breakout 2 - (failed)

Note: We will be run other leaktests once OAFW protects against those attack vectors.

(*) - I consider it a pass since OA will protect against/alert applications launching other applications" }-

In Mike's testing, PC Audit passed...but with your's it didn't. But yet in Mike's testing, Wallbreaker failed but in your testing it passed (well, passed on 2 attempts, couldn't execute on the other 2). While Mike admits that his "personal" testing is done on an informal basis....each of you have very similar results with just a couple of discrepancies. I notice that you didn't include "Breakout" in your test results, Stem....just wanted to mention that because that is one test that had not "passed" previously for Mike. Otherwise, it's looking pretty good right now :thumb:

I hope that both you and Mike will please keep up the good work....;D

* And IF....the above post of Mike Nash is in violation of some sort of forum T.O.S., I hope that both Mike and Wilders Forums will accept my apologies in advance.....

-{ Quote: "
pcaudit ...............Failed
pcaudit2 ..............Failed
(PCAudit uses DLL injection to inject it's code (as a DLL) into authorized application instead of launching it's aim directly.)

Up to now, OA fails only on blocking dll injection. I can find no settings for this." }-

Hi Stem,

Maybe we have a different version of pcAudit? I donwloaded mine from firewall leaktester a few months ago.

When I run the test here, OA gives me a set global hook warning, and then error 0 on step 5. When I look in avdnaced options in program guard I see that set global hooks is not allowed by OA - I'd be interested to see (offline/via PM) what you have seen.

@JR - I have no problems with people copying an pasting comments I've made from the public areas of our site.

-{ Quote: "When I run the test here, OA gives me a set global hook warning,...." }-Hi Mike,
I did not get this warning on my setup

-{ Quote: "PCAudit uses DLL injection to inject it's code (as a DLL) into authorized application instead of launching it's aim directly.
If the aimed application have full access, pcaudit will go trough without trouble.
To test PCaudit correctly, say "Always" if your firewall will warn you that Explorer.exe try to access the Internet. Then try again, and if your firewall don't show you an alert about pcaudit.exe, it means that it is vulnerable...

Meaning
If the test is a success, this means that your firewall is vulnerable to DLL injection." }-

PCAudit2 was an update that does include keylogging.
-{ Quote: "PcAudit V2 uses a different way than his previous version to bypass DLL protection of personal firewall (which can block the first PCAudit)" }-

EDIT:

I will set up again, but on XP(But this will be tomorrow). Maybe there is still a problem with OA+W2K

Update:

OA2, due to update, now intercepts both PCAudit leaktests.

I will now move on to checking performance of OA firewall with torrent client.
I did start testing on W2K system, but the results where not good, possibly due to past problems with OA2 and W2K OS. I have setup on XP and will check findings.

I have been using OA FW with uTorrent from the start and get great performance, hopefully you will get the same results Stem, good review by the way.

dja2k

hey dja2k does OA FW work well with blacklists?

I tried it, and enjoyed the Firewall. Very good, congrats for the development team.

I was amazed i could block countries! The graphs and stats were good, rule creation very easy, but here i'm with Stem- although we can restrict local ports globaly, i cannot restrict local ports per application, only remote ports. That would be a good suggestion for the to-do list.
If this is irrelevant still, please, explain me why. I could use some learning.

A lot of things looked self expanatory too, like the ICMP list.
Answering the pop-ups gave me the tight rules i wanted. Still i would have liked to, like with Kerio 2.1.5, fine tune the rule when the pop-up appears.

This is also true for Comodo.

I'd like to say more, but i uninstalled it.
Because it didn't seem capable of handling Emule. I have lots of things on the download list:) , and OA wouldn't calm down. I couldn't use the pc. So i'm testing the same situation now with Comodo, and it spikes, but calms down after a while.
I'll give it a go again if i can (trial). But for now, i want to use the pc to download.

I'd like to add one thing: OA seemed lighter than Comodo while browsing, somehow, but with Emule, it's a different scenario.
Yes, i closed Opera to see if that was it.

I'm open to suggestions, if i could have done something.

-{ Quote: "....hopefully you will get the same results..." }-I did have some problems on W2K, with OA blocking a lot of outbound packets. I have yet to try the later builds that may now of solved this?


On my try out with XP, I had no problems, I set up to download a large distro, loaded up into OA large blacklists (the blacklists I had in post#4), I had the limits I set for download (120kb) and upload (40kb) and OA ran to my limits without problem, I was still able to browse etc without slowdown. Memory usage during the 10hr period I ran the torrent didnt change much, for the 2 OA processes, this was between 16-20mb.

-{ Quote: "...although we can restrict local ports globaly, i cannot restrict local ports per application, only remote ports. That would be a good suggestion for the to-do list." }-This as been asked for a couple of times, and it was mentioned that this would be added.

That's good news. How about Emule, did you try something of the sort?
I couldn't even navigate within the program, to search for files, etc. CPU usage was very high, like 97% (OA process, can't remember the name).
Obviously, by having lots of files for download, all kinds of conections are active, and this should a great test, if done by one that really knows how to do it.
It didn't seem to handle it for me.

Comodo isn't perfect here either, but i can use the pc. Is this a symptom for all good FWs, that have to analyse a lot of traffic?

-{ Quote: "How about Emule, did you try something of the sort?" }-I have only checked using a torrent client. I will set up tonight with Emule. I will have to see how many different distro`s I can find/download.

-{ Quote: "I did have some problems on W2K, with OA blocking a lot of outbound packets. I have yet to try the later builds that may now of solved this?

On my try out with XP, I had no problems, I set up to download a large distro, loaded up into OA large blacklists (the blacklists I had in post#4), I had the limits I set for download (120kb) and upload (40kb) and OA ran to my limits without problem, I was still able to browse etc without slowdown. Memory usage during the 10hr period I ran the torrent didnt change much, for the 2 OA processes, this was between 16-20mb." }-

Well Stem you an expert at this firewall stuff so I will leave the final verdict to you.

dja2k

I forgot to turn off "Monitor dll injections" in Comodo. It's responsible for cmdagent.exe spikes, and i've got it covered.
Comodo is light after this, much lighter than OA it seems.
I also realize that this only serves as IDS, with the option to block, but then it blocks the browser (for instance) altogether. (HIPS will do wonders here)

To be clear, i only had OA's Firewall running, i turned everything else off. With this out of the way (either something i did, or with a fix), this is an outstanding firewall!

Hi,

I am using it and happy too.

Its better than LnS, ZAP and others.....

~
ankupan

Does anyone run this with NOD32? Are there any known programs it conflicts with?

-{ Quote: "Does anyone run this with NOD32? Are there any known programs it conflicts with?" }-

Run what, if you mean OA Firewall, yes it works fine. I even run the AV+ version with Nod32 with no problem. Look at most people's signature for their security lineup and you will see some others run Nod32 + Online Armor FW.

dja2k

I am using NOD32 + OA2.

its interested to use NOD32 + OA2 AV+...any user using this ?

OA+ AV+ is using KAV engine, so may be conflict will occured.

-{ Quote: "Run what, if you mean OA Firewall, yes it works fine. I even run the AV+ version with Nod32 with no problem. Look at most people's signature for their security lineup and you will see some others run Nod32 + Online Armor FW.

dja2k" }-

-{ Quote: "Does anyone run this with NOD32? Are there any known programs it conflicts with?" }-I know of no conflicts with OA and NOD.
All the times I have had OA2 installed, I have had NOD2.7 installed and active.

I have not teasted OA2+AV with NOD as I would not personally install 2 AV`s

From the start Mike has done Online Armor AV+ to run along side other residential AV's. Online Armor AV+ only uses its AV for scanning of executables and not run actively in the background like other residential AV's. There is no problem whatsoever running OA AV+ and Nod32, its like having the best of both Antivirus programs. :D

dja2k

It means, we can run two AV together or

OA 2 AV+ (antivirus can be disabled) and can be used as on demand scanner too ?? with NOD32 setup....

Comments......

Is it possible to disable anttivirus in OA2 AV+ ?

as you are using, your comments please

-{ Quote: "From the start Mike has done Online Armor AV+ to run along side other residential AV's. Online Armor AV+ only uses its AV for scanning of executables and not run actively in the background like other residential AV's. There is no problem whatsoever running OA AV+ and Nod32, its like having the best of both Antivirus programs. :D

dja2k" }-

Both are active on my computer. OA AV+ is using the KAV engine sorta like an antimalware scans executables for anything bad, so basically its not a full blown Anti-Virus. Anything executable that runs has to pass through Online Armor AV+ and Nod32 before it runs. Mike might put more options into the AV+ portion of Online Armor, but later. Yes you can disable any Shield in Online Armor in the GUI or right clicking the OA icon in the taskbar and of course you can use OA AV+ for on demand only.

dja2k

-{ Quote: "I am using NOD32 + OA2.

its interested to use NOD32 + OA2 AV+...any user using this ?

OA+ AV+ is using KAV engine, so may be conflict will occured." }-

Hi ankupan

On my laptop and on my desktop i have used OA AV+ version 2 with together with NOD32 since 4 month and there have never been a conflict.
The OA firewall works like I want and I am very happy with the HIPS and Kernel protection.
All OA including the AV+ part of OA is running at the same time as NOD32 AMON-DMON-EMON-IMON.
I have a scheduled scan 1 time a week wit NOD32 and an on-demand scan with OA AV+(KAV). I use SuperAntispyware and AVG AS on demand too.

All running very light and is a very big improvement from ZoneLabs ISS and Norton ISS:)
My laptop is 1,4 GHz and 528 MB.

According to task manager the memory consumption on resident protection is:

nod32krn.exe use 21.684+19.408
Nod32kui.exe use 2.700+3548
OAsrv.exe use 7.436+26.044
OAui.exe use 5.380+5.536
ScanningProcess.exe use 13.208+18.720

kvp

Hi,

Just I have uninstalled OA2 and installed OA2 AV+

its running well, lets try till 2 April than time for ESET SMART Suite ;D

my system is
Laptop 1.6 Mhz, 512 MB RAM, 120 GB HDD

I am running OA+FW along with AVG antispy (paid) avira, Superantispyware and First defence.

No conflicts at all, runs very fast for me using opera.

Can also be useful to block ads, after being on a site with ads, go into the OA configuration-my websites- highlight the site and choose untrusted. This blocks the ads.

-{ Quote: "That's good news. How about Emule, did you try something of the sort?
I couldn't even navigate within the program, to search for files, etc. CPU usage was very high, like 97% (OA process, can't remember the name)." }-

Hi Someone,

Sorry, seems I missed a lot of posts to this thread... I have not tested OA with emule - we should handle this level of load - we certainly do with other P2P programs... remember this is a preview release, not final :)

In any case, I have added to the TODO list a test with emule... if we can find the same problem as you, we will fix it.


Mike

Hi,

OA AV+ : antivirus is having only one option that is scanning.

Is there any more option ? or that all.

Surprising OA2 AV+ without any options for antivirus (Disable and Scan only two options)

-{ Quote: "Hi,

OA AV+ : antivirus is having only one option that is scanning.

Is there any more option ? or that all.

Surprising OA2 AV+ without any options for antivirus (Disable and Scan only two options)" }-

That's it. In OA we only use the AV as an extension of our own system to help identify known-dangerous files.


Mike

-{ Quote: "Hi Someone,

Sorry, seems I missed a lot of posts to this thread... I have not tested OA with emule - we should handle this level of load - we certainly do with other P2P programs... remember this is a preview release, not final :)

In any case, I have added to the TODO list a test with emule... if we can find the same problem as you, we will fix it.


Mike" }-
My computer isn't proper for testing (too many programs installed, and i have no experience in troubleshooting), and i wait for Stem to report:) .
Note that my Emule is loaded of things to download, and that's just the active ones. Most are curiosity items, but they do go over 100.

As i said, with this out of the way, you have a great firewall:thumb:
Personally though, i'd only use the firewall and the program part. The other items seem useful too, just not for me, since i have it covered, and i don't use IE.

Hope you can see what's wrong. I'll revisit OA to try again.

Hi Someone,
-{ Quote: ".....and i wait for Stem to report" }-

I am setting up now, so will keep the thread updated.

I am using the FW at default setting as I have no clue about creating rules and such. What are your thought on running at default level?

Thanks

I have found that to be a big plus of OA firewall Nixie, the fact that running at default (manual as opposed to advanced) level gives all the protection that most users will need right from the setup.

-{ Quote: "I am using the FW at default setting as I have no clue about creating rules and such. What are your thought on running at default level?

Thanks" }-

I also run it at the default level nixie. I think it's fine.

Pete

Thanks!!

Hello again Someone,
-{ Quote: "Because it didn't seem capable of handling Emule. " }-OK, I know still too early for full report, but thought I would let you know I am set up, and currently running OA with Emule (on test PC).

Have been running for 3HRs and will be checking for any problems, (and of course will post to inform of any I find).

I will leave this running for as long as I can spare the PC.

current download rate 145.8kb/s
Current upload rate 32.4kb/s
current "active(upload/download in progress)" connections 54
current memory usage (2 processes of OA) 15,200kb
Blacklists on all connections

Thanks Steam! :thumb:

Seems a very nice firewall with useful features :)

I will try the final version, but unfortunatly it isn't freeware...

Excellent work, MikeNash! :thumb:

-{ Quote: "Thanks Steam! :thumb:

Seems a very nice firewall with useful features :)

I will try the final version, but unfortunatly it isn't freeware...

Excellent work, MikeNash! :thumb:" }-

Thanks Vampiric Crow. I'd love to make OA freeware, but unfortunately my family has grown accustomed to eating and having clothes. It would be a shame to ruin it now for them. ;D

-{ Quote: "Thanks Vampiric Crow. I'd love to make OA freeware, but unfortunately my family has grown accustomed to eating and having clothes. It would be a shame to ruin it now for them. ;D" }-
I completly understand you... ;)

Keep the very good work! :thumb:

-{ Quote: "I'd love to make OA freeware, but unfortunately my family has grown accustomed to eating and having clothes. It would be a shame to ruin it now for them. ;D" }-
Clothes: overrated! Food? common.. all you really need is bread and water!

Stem and MikeNash: i'll install it again today or tomorrow to see what was wrong. I downloaded what i wanted, for now... P2P is an addiction.
I'll try uninstalling some programs that i really don't use anymore, and that could be interfering.

-{ Quote: "Clothes: overrated! Food? common.. all you really need is bread and water!

Stem and MikeNash: i'll install it again today or tomorrow to see what was wrong. I downloaded what i wanted, for now... P2P is an addiction.
I'll try uninstalling some programs that i really don't use anymore, and that could be interfering." }-

:D Hi Someone!

If you help us to solve this problem then you'll get a complementary key for the product :)

Mike

It remains to be seen that there is a problem:) , but i really appreciate the gesture:thumb:

Dwonloaded OA2 and it is running fine with my NOD32. Just for the heck of it I went over to grc.com and it passed the true stealth test.

i have been using emule since i began beta testing OA since around Build 139. my system is XP Pro SP2, and i have had a variety of security apps over the last few months. one of the pleasant surprises for me has been how easy OA firewall is to get along with. even in my present OA set-up where i did not allow auto set-up of trusted apps, and not allowing trusted apps to automatically connect out, OA after my manually allowing initial connections gives me high id on KAD and edonkey servers evertime. on every build, i am presently running 165.


Mike

-{ Quote: "Does anyone run this with NOD32? Are there any known programs it conflicts with?" }-

yes i do and it runs flawlessly with OA...all builds i have tested. NOD 32 is the only security app that has been a constant in my testing with OA, around 4-5 months. i tested OA with AV brefiely, but went back to using NOD after 3-4 days. based on my experience you will encounter no issues with NOD & OA running together.


Mike

Uninstalled several programs, cleaned the registry, temp files (why not, did a full cleanup), uninstalled completly Comodo, and installed OA.
Spiked at first, then calmed down, spiked a bit less then, and now it's calm, quite until now, no reason to suspect it will rise.
Atachment is read like a book (regarding time), left to right, up- down.

Emule hasn't started to seriously download, but last time OA spiked from start. This could be due to conflict of some sort, given the amount of programs i had.

If i run into trouble, i'll report, but it looks like my last impression was wrong.

note: as i write this, oasrv.exe went to 16%-46%-26.x%-86%-back to 8%.
I'm puzzled:wacko:

Oh no...
Ok, now calming down. I suspect it spikes when new conections are established. Then it goes back to normal.

Someone...

What program is that, that you can see the process like that?

Thanks

Process Explorer from sysinternals.
Double click on the process.

Process Explorer (http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx).
There's also What's Running (http://www.whatsrunning.net/whatsrunning/main.aspx), diferent.

THANKS!

I downloaded OA2 w/o AV. But today I scanned my computer for viruses as there was an option to do that on the program. Is this done with the KAV engine?

-{ Quote: "I downloaded OA2 w/o AV. But today I scanned my computer for viruses as there was an option to do that on the program. Is this done with the KAV engine?" }-

No, this is done with OA's much smaller blacklist.. we should probably change the wording on the non AV version.

This looks very promising, I really like the built in support for blocklists. making peerguardian or protowall unnecessary.

-{ Quote: "This looks very promising, I really like the built in support for blocklists. making peerguardian or protowall unnecessary." }-

Have you given it a try yet? I think we'll be releasing in the next few days if the next build pans out.


Mike

-{ Quote: "Have you given it a try yet? I think we'll be releasing in the next few days if the next build pans out.


Mike" }-
Hi Mike

Has the compatibility problem with KIS been resolved? I noted this when the beta first came out, ie, KIS users advised not to install. Have not seen anything on this since.

Would like to check out non firewall features of OA2 but do not dare until this issue has been resolved.

Thanks in advance.;D

-{ Quote: "Hi Mike

Has the compatibility problem with KIS been resolved? I noted this when the beta first came out, ie, KIS users advised not to install. Have not seen anything on this since.

Would like to check out non firewall features of OA2 but do not dare until this issue has been resolved.

Thanks in advance.;D" }-

Hi Baldrick,

Yes, the KIS issue is resolved... I will be uploading a release candidate later today/tomorrow depending on the feedback of our beta test team.

Cheers

Mike

Hi Mike

Thanks for the prompt reply. That's great...will watch out for the RC, download it and have a good look. Am still looking for a PG replacement. Have narrowed the field so the OA RC will be most opportune to be added into the mix. Looking forward to it.

Regards


Baldrick;D

-{ Quote: "Hi Baldrick,

Yes, the KIS issue is resolved... I will be uploading a release candidate later today/tomorrow depending on the feedback of our beta test team.

Cheers

Mike" }-
Hi Mike

As a matter of interest I am not a beta tester so where will I be able to get hold of the release candidate once it is released??? Will there be a specific website for this or will you be posting a link at Wilders???

if he releases another build (RC) for the public, im sure he will post here as well as in the general help section (http://support.online-armor.com/forums/viewforum.php?f=1&sid=4f2a43ff5c1fb8f138d42d4a35090a8a) of his forum.

Hi Baldrick, last night I was able to install and ran OA 2.0 beta build 169 with KIS 6 build 671 running. I had disabled the OA firewall component since running OA's firewall together with KIS 6's firewall would have conflicts (and I had tried it in the past and got extremely slow Windows login and eventual lockup). Since I could not find any option to not install OA's firewall during installation, I had to wait for installation to finish, then chose not to reboot my PC and finally manually disabled OA's firewall from the OA GUI before rebooting. After rebooting, OA worked smoothly with KIS 6 (with PDM enabled).

Hope this helps.

-{ Quote: "Hi Mike

Has the compatibility problem with KIS been resolved? I noted this when the beta first came out, ie, KIS users advised not to install. Have not seen anything on this since.

Would like to check out non firewall features of OA2 but do not dare until this issue has been resolved.

Thanks in advance.;D" }-

-{ Quote: "if he releases another build (RC) for the public, im sure he will post here as well as in the general help section (http://support.online-armor.com/forums/viewforum.php?f=1&sid=4f2a43ff5c1fb8f138d42d4a35090a8a) of his forum." }-

I certainly will :)

Has anyone ran SSM alongside Online Armor with OA's Program Shield running? I am running OA2 now with the program guard disabled while SSM (full) is enabled.

If I should run just one (either SSM or OA Program Shield) how do these two compare and contrast? Essentially does the Program Shield provide the same or better protection as SSM full? I ran both for a short while and noticed no conflicts. But then decided to just run one at a time. I would rather not have protection overlapping when it would save resources to just run one.

BTW- I have ran Web Shield with SSM for a while and there seems to be no issues.

afaik OA lacks teh child/parent control of SSM.

For me, SSM offers more fine-grained process, registry, etc. control and protection than OA. I normally only run OA to allow/disallow applications that I tend to keep and run for a long time. I use SSM when I am testing suspicious (and usually transient) files.

-{ Quote: "Has anyone ran SSM alongside Online Armor with OA's Program Shield running? I am running OA2 now with the program guard disabled while SSM (full) is enabled.

If I should run just one (either SSM or OA Program Shield) how do these two compare and contrast? Essentially does the Program Shield provide the same or better protection as SSM full? I ran both for a short while and noticed no conflicts. But then decided to just run one at a time. I would rather not have protection overlapping when it would save resources to just run one.

BTW- I have ran Web Shield with SSM for a while and there seems to be no issues." }-

Stem,
Just wanted to thank you for your review of the OA firewall.
Some excellent info and I found it very useful.
Downloaded the trial a few days ago of v. 2.0.1.190.
Looks like it maybe a keeper
Again, thanks for your time and efforts.;D
It is appreciated!
All the Best, Dan

Hi Dan,
-{ Quote: "Just wanted to thank you for your review of the OA firewall.
Some excellent info and I found it very useful." }-Your welcome. I do need to look again at any changes made since my origin post. I will update(when I can)

Regards,

-{ Quote: "
I do need to look again at any changes made since my origin post. I will update (when I can)
" }-

Yes, Stem....please do. ;)

Thanks again :thumb:

-{ Quote: "Hi Dan,
Your welcome. I do need to look again at any changes made since my origin post. I will update(when I can)

Regards," }-

Loooking forward your updates. Thank you Stem for doing these test! :thumb: