I am running ESS beta 2 on Win XP SP2. Seems to be running pretty well so far:thumb:

My question is: What are the Firewall's inbound security capabilities?

From the ESS help file:

-{ Quote: "Personal firewall is a device protecting your computer from attacks from within local network or from the Internet. Its basic task is to control outgoing traffic and thus to prevent leakage of sensitive data from your system." }-

Does the ESS Firewall do any check for malformed packets or SPI? Will it stealth ports? I can't run a shields up test as I am behind a router with a firewall here and can't connect without it.

Thanks for any comments.

you can configure your pc to be on a DMZ within your router.

this then will leave you bypassing the firewall/nat

-{ Quote: "you can configure your pc to be on a DMZ within your router.

this then will leave you bypassing the firewall/nat" }-

Right, I think I saw that somewhere in my router manual ??? But to be honest, I was hoping someone who didn't have a firewall router would post results or comments. Not that I'm lazy or anything;)

Well, for interest Ichanged my router to DMZ my PC and then tested using ShieldsUp at www.grc.com.

ESS passed all the tests with flying colours apart from ping response.

There seems no way switch off the rule that allows ICMP responses in either Automatic or Interactive mode, but I could have missed the setting ?

When you have a router, the ping response on WAN must be disabled on the router.

-{ Quote: "tested using ShieldsUp at www.grc.com.

ESS passed all the tests with flying colours apart from ping response.
" }-

It must be GRC's bug about the ping . I use DSL connection and NAT in the modem . Everytime I test my NAT device it passes everything but their ping test . Moreover , when I test ZA free , Windows Firewall or ESS on dial-up connection (no router on dial-up - obviously) they also pass everything but GRC's ping . So it looks like a bug for all the 3+1 firewall configured for max not to pass this ...

On the topic , ESS protects very well from inbound attacks . Passes all tests with Stealth on hackerwatch and PC-Flank.

-{ Quote: "There seems no way switch off the rule that allows ICMP responses in either Automatic or Interactive mode, but I could have missed the setting ?" }-

You might have a look at http://www.wilderssecurity.com/showpost.php?p=1034230&postcount=4

Thanks, that sounds sensible but I assumed that the existing system rule to allow all pings would take precendence over any user created rule.

Can you confirm how conflicting rules are handled to determine what wins ?

-{ Quote: "You might have a look at http://www.wilderssecurity.com/showpost.php?p=1034230&postcount=4" }-
Would it not be better to remove the hard_coded rules that allows all ICMP in/out?
(all rules shown cannot be removed/edited)

192888

-{ Quote: "Would it not be better to remove the hard_coded rules that allows all ICMP in/out?
(all rules shown cannot be removed/edited)

192888" }-

Thanks Stem. I did find this window. I agree that hard_coded rules are unfamiliar to me as my experience is with ZA and Comodo which do not use these. And I have to agree with crummock's question :

-{ Quote: "Can you confirm how conflicting rules are handled to determine what wins ?" }-

Also today, I checked my Firewall log files and there are numerous entries there that I don't understand. Any comments are welcome.

edit: Setup is ess beta2 on Lenovo win XP sp2 behind Actiontec router (not set as trusted)

i also get lots of those -{ Quote: ""Incorrect IP packet checksum 0"" }-
about every 2 minutes or so

-{ Quote: "i also get lots of those
about every 2 minutes or so" }-

Strange that ess doesn't provide any further information in the logs (empty columns). From my days with Comodo, I think these might be related with IGMP or possibly upnp from my router. I have verizon Fios service and the router also communicates with my TV set top box. But I don't know how to tell for sure with the minimal info from the logs.