Well, i've tested out several firewalls and found PCTools and Private Firewall to run the best on my system. However, both of these ended up interfering with a program and were therefore removed. The latest being Private Firewall preventing Prevx from scanning new installs, etc. despite giving Prevx full open access in the rules.

So since i'm already behind a router, i thought i would try to "fore-go the firewall route" and use something else for outbound internet monitoring.

Looking for a free and lightweight app that will tell me when an outbound request is made and give me the option to allow/deny "once" or create a "standing rule".

Again, outbound connections only. I don't want to be popup bothered everytime a program tries to run (full HIPS)

Can Sandboxie be setup this way or is it just whatever is running in the sandbox??

Thanks!

Sandboxie can be configured to only allow outbound connections from designated applications, but you aren't going to get any on-the-fly options. If you set restrictions on network connections then you have to specifically configure Sandboxie for each application to allow.

You can do what you want with Threatfire by enabling the included custom rule for processes enabling network connections.

Online armour free w/ HIPS off. You can configure the firewall under advanced user.

-{ Quote: "Online armour free w/ HIPS off. You can configure the firewall under advanced user." }-

-{ Quote: "So since i'm already behind a router, i thought i would try to "fore-go the firewall route"" }-

That firewall did not play well on my setup.

-{ Quote: "Sandboxie can be configured to only allow outbound connections from designated applications, but you aren't going to get any on-the-fly options. If you set restrictions on network connections then you have to specifically configure Sandboxie for each application to allow.

You can do what you want with Threatfire by enabling the included custom rule for processes enabling network connections." }-

I understand that program is a behaviour blocker. Can it be used for outbound connections "Only"?? No other action popups??

Tobacco,
It sounds like you are looking for a light weight firewall w/ outbound only. Have you tried look nstop or sunbelt personal firewall? You might also try and figure out the problem with the firewalls that do work with your system. I can't think of any programs other than a firewall that monitors and allow/deny access to access the net.

-{ Quote: "Tobacco,
It sounds like you are looking for a light weight firewall w/ outbound only. Have you tried look nstop or sunbelt personal firewall?" }-

Well, I'd suggest LnS as well, be he wants a free one... :doubt:

-{ Quote: "Well, I'd suggest LnS as well, be he wants a free one... :doubt:" }-

Yes, the construction industry where i live is still suffering :(

look n stop is lite;)

-{ Quote: "Tobacco,
It sounds like you are looking for a light weight firewall w/ outbound only. Have you tried look nstop or sunbelt personal firewall? You might also try and figure out the problem with the firewalls that do work with your system. I can't think of any programs other than a firewall that monitors and allow/deny access to access the net." }-

I tested all the freebies and any major conflicts or major bootup slowdowns were immediately yanked. The 2 i mentioned i spent time investigating and trying to correct the issue but enough was enough which is why i want to try another direction. I'll try an HIPS if i can disable it to only watch outbound connections.

-{ Quote: "I understand that program is a behaviour blocker. Can it be used for outbound connections "Only"?? No other action popups??" }-

No, you can't disable the behavior blocker. But it is lightweight and free, and if you turn it down to its lowest settings you'll probably never see a popup.

-{ Quote: "I understand that program is a behaviour blocker. Can it be used for outbound connections "Only"?? No other action popups??" }-

Yes set sensitivity level to 1 and you are done

-{ Quote: "You can do what you want with Threatfire by enabling the included custom rule for processes enabling network connections." }-

-{ Quote: "Yes set sensitivity level to 1 and you are done" }-

Thanks - am testing right now in a VM, in WonderShare Time Freeze, in Sandboxie ;D

There's a link for Look 'n' Stop Lite in this post (http://www.wilderssecurity.com/showpost.php?p=1661610&postcount=5) if you're looking for a free version of this lightweight firewall.

-{ Quote: "There's a link for Look 'n' Stop Lite in this post (http://www.wilderssecurity.com/showpost.php?p=1661610&postcount=5) if you're looking for a free version of this lightweight firewall." }-

Thanks but my bad - i didn't say i run Vista32 and it says XP and older. Secondly, from the description it looks like inbound protection only in that free version??

-{ Quote: "You can do what you want with Threatfire by enabling the included custom rule for processes enabling network connections." }-

I'm liking so far with it set at "2". Very light. Wonder if it's outbound blocking abilities have been tested??

Thanks Again

for a light app...

i would recommend

http://www.privacyware.com/

Free? Light?

Kerio 2.15 - Lightest
Sygate 5.5 - Very Light (turning off IDS lightens it a lot)

i am very tempted to try threatfire again;D

-{ Quote: "i am very tempted to try threatfire again;D" }-

Bootup time a tad slower now but besides that, Threat is playin well with Avira and Prevx.

So far, as a non-firewall app, it is fulfilling my outbound protection needs.

-{ Quote: "Yes set sensitivity level to 1 and you are done" }-

Great stuff Kees, didn't know that. Been using the latest threatfire for a couple of weeks now, on its own (network connection alerts enabled), with Hitman Pro on-demand and sandboxie. Awesome. :)

Yep,

See some older instruction http://www.wilderssecurity.com/showthread.php?t=253507

Please make two precautions

1. Make sure you create a restore point before Quarantaine (see older post)

2. Secure explorer from being quarantained

Remove an allow outbound connection program from the Allowed list in threatcontrol (e.g. WindowsMediaPlayer). Now start WMP, choose KILL! Then start WMP again: Terror will strike into your heart wih the following pop-up: TF tries to quarantaine Explorer because it launches a untrusted program. Now choose ALLOW + REMEMBER. again start WMP and also choose ALLOW + REMEMBER.


For XP users running admin (and Windows 7 users running UAC default) and wanting to add startup protection of HKLM: Download Autoruns (from Microsoft), run it and simply add all keys listed in HKLM) see picture (Note when you run full UAC in Vista or Windows7 registry keys of HKLM are protected)

-{ Quote: "Great stuff Kees, didn't know that. Been using the latest threatfire for a couple of weeks now, on its own (network connection alerts enabled), with Hitman Pro on-demand and sandboxie. Awesome. :)" }-

Yes,

For a reasonable knowledgeable PC user, Windows 7 with UAC on default, my registry download protection tweak (using Chrome as Browser) and TF (set sensitivity level to 1) looking at autorun keys and outbound, you get a decent protection.

DJames has promised me that they would add sensitivity level and the ADS bit (which I use for my registry tweak) of mail attachements and downloaded files (the ADS bit which prompts Windows for a warning) to the custom rules.

This would make custom rules possible like

When any process
tries to execute a file
which has been downloaded
set sensitivity level to 4

regards Kees

Great info there Kees :thumb:

Would you give us your general option on Threatfire??

For a freebie it is a good application. In the time the HIPS were real 'dumb' meaning the user had to know, it was a breakthrough technology.

Currently I think PrevX has the best BB implementation. WIth HIPS going smart (e.g. Comodo Sandbox), It is still a viable strong solution. But they big plus (less user knowledge) is reducing because ithers get smarter.

I really like the custom rules, I really dislike the auto quarantaine, as illustrated with my bewares. I think they shot themselves in the foot. TF was the best BB, so they even imitated AV behaviour (quarantaine). The reported false quarantaines are really decreased. You can influence it by adding trusted processes (they will never be quarantained).

Still for a knowledgeable user TF on sensitivity level 2 or 3 with some custom rules is a strong free solution.

-{ Quote: "For a freebie it is a good application. In the time the HIPS were real 'dumb' meaning the user had to know, it was a breakthrough technology.

Currently I think PrevX has the best BB implementation. WIth HIPS going smart (e.g. Comodo Sandbox), It is still a viable strong solution. But they big plus (less user knowledge) is reducing because ithers get smarter.

I really like the custom rules, I really dislike the auto quarantaine, as illustrated with my bewares. I think they shot themselves in the foot. TF was the best BB, so they even imitated AV behaviour (quarantaine). The reported false quarantaines are really decreased. You can influence it by adding trusted processes (they will never be quarantained).

Still for a knowledgeable user TF on sensitivity level 2 or 3 with some custom rules is a strong free solution." }-

And will it detect keyloggers and prevent them connecting out??

Thanks again for your time!

I was looking for a similar thing some years ago and found a firewall called a-Wall / x-Wall. If you're running XP, I'd recommend this. As far as I could tell, all it did was handle outbound connections.

-{ Quote: "Thanks but my bad - i didn't say i run Vista32 and it says XP and older. Secondly, from the description it looks like inbound protection only in that free version??" }-

If you are just looking for outbound notification and TF doesn't fit the bill for you couldn't you just run the Vista inbuilt firewall w/ outbound protection enabled? Maybe also try something like Vista Firewall Control?

http://www.sphinx-soft.com/Vista/index.html

http://www.softpedia.com/get/Network-Tools/Misc-Networking-Tools/Vista-Firewall-Control.shtml

-{ Quote: "If you are just looking for outbound notification and TF doesn't fit the bill for you couldn't you just run the Vista inbuilt firewall w/ outbound protection enabled? Maybe also try something like Vista Firewall Control?

http://www.sphinx-soft.com/Vista/index.html

http://www.softpedia.com/get/Network-Tools/Misc-Networking-Tools/Vista-Firewall-Control.shtml" }-

While i was satisfied with Threatfire's ability to monitor outbound connections, the lack of a "block" option prompted me to leave it as a BB only (set at 3) and just use the vista firewall with the windows 7 firewall control free version.