Here's the main part of the firewall.

Here's what the Control Internet programs look like. It's not a bad Firewall just has a little learning curve and also leaves port 135 open if you're running WinXP. I'm not sure how to close it.

more than 100 warnings, and i bet most, if not all, were harmless packet transfers.
Thats the thing with Firewalls, half the stuff they alert on (especially Zonealarm) is harmless, its a shame because the average 'as long as it does its job' user doesn't want to see hundreds of alerts as he instantly thinks he's under attack comparable to WWIII.

But veering off topic there, how does it run? are the rules easily customiseable?


Edit* sorry, looks like I replied in the middle of the screenies! :-[ :-X

Leaving port135 open is often a cause of 'Generic Host Process' (svchosts) whch you have highlighted there, make sure its not running as a server (a common Sygate problem with Port 135 and new users)

The rules are a little hard to do if you're a newbie to rule based firewalls. I would say that Kerio is a little easier to fix the rules than McAfee. I know most of the hits where harmless the only hits that wasn't harmless is the ones I did when I ran tests on it.

Yeah I have Generic host blocked and still have the port opened. I never had the problem with Sygate just the problem that Weather Pulse would access the internet without asking. It piggybacked Proxo lol. But to the rules, if you know what you're doing on rule based firewalls I'm sure it will be easy to set up. The only thing I find sad is that All the McAfee programs are program in the filter for you. I see Virus scan not having no point in going online only the updater. lol

Thanks for the pics.
Can you show a shot of the page that shows when you make a rule? You know, what options you have.
Also, can you make global system rules, such as block ports 135-139 UDP?

Here you go Root. This is my filter for Generic host. I have it blocked though. You have to click on each of the blue writing to make a filter.

Oh yeah I haven't found a place so you can make a global system rule. You have to add a program to make a rule.

Interesting. Thanks.
Doesn't look anything like Signal9s old firewall. I wonder if it uses the same engine?
You might try making a rule for SVCHOST.EXE specifically blocking port 135. Not sure if you can do that though.

Thanks for the pics, NaG !
I always wondered what McAfee FW was like !
Keep us posted on it's performance.
I also like the GUI of McAfee FW. Neat and tidy.


Nice work ! ;)

regards,
bill :)

Thanks Root and Eyespy. this firewall get rather annoying with the pop up messages. Everytime I allow a porgram and put a checkmark in remember this it keeps asking. Right now I have to allow all cuz Proxo is not playing nice with McAfee FW. They was getting along and now they aren't. lol Still working on find a way to block port 135. As soon as I get Proxo adn the firewall to work together again I'll try on a rule and let you guys know if it works.

Well I gave McAfee FW a try and thought it was a nice FW but I have some gripes with it. The first is that it lefts port 135 open. the next gripe is that it don't play will with proxo. Every time I put a checkmark in the remember this it block proxo. I had that silly little Eye in a triangle page that says the page can't be found or something like that. It even did it on this board. You also have to allow incoming on a few programs just so they can works. I tried making a rule for Proxo and still got the same web page. I also found that it took a little more mem than the virus scan does. The FW might be good for some but I didn't really care for bulky app. :) I unistalled it and went back to Sygate even though it has it share of problems. I'm waiting for the new Sygate or Outpost. which ever one that comes out first will get me to download and use. :) I hope this little post help some people.

Hang on long enough to at least try Outpost.
It's looking good. ;)

I think outpost might be out before Sygate getes there bugs fixed. But I really want to try outpost. How does it work with XP HE?

The ones I know that are using XP aren't complaining. That's where they put a lot of effort into the new features and fixes.I really believe its going to be a very popular firewall.

I'm looking forward in trying it. Any word on when it will be released?

Nope. :)

-{ Quote: " quoting: notageek link=board=23;threadid=8674;start=#56329 date=1051115511]
I think outpost might be out before Sygate getes there bugs fixed. But I really want to try outpost. How does it work with XP HE?
" }-

Hi. New to the forum. 1st post. I've been using 5.0 standard version for a few weeks and aside from a few things that enabled as the default, SPF 5.0 is shaping up to be a really great rules based firewall. What 'bugs' are you referring to in Sygate?

I'm no expert Mothman but I believe a major concern is that Sygate cant filter LocalHost, for instance if you were running a proxy any program can connect to this proxy and get out without any warning from Sygate.

Like I say I'm not good with firewalls so someone will be along to correct me or expand more soon.

:)
Kev

Yes tinribs that's the the main bug I seen Sygate have. I sure there's other minor bugs with Sygate but lot of programs haves bugs in them. ;) But I heard Sygate was going to have this fixed in the next update.


Mothman, Sygate isn't a true full ruled based firewall. It's rule based to a point. Kerio on the other hand is a full rule based firewall. ;)

-{ Quote: " quoting: notageek link=board=23;threadid=8674;start=15#57442 date=1051542688]

Mothman, Sygate isn't a true full ruled based firewall. It's rule based to a point. Kerio on the other hand is a full rule based firewall. ;)
" }-

So what makes Sygate *not* a "true" rules based firewall. Or are you overruling it simply because of what Tinribs said about apps using the web if you're using a proxy. I want to know because despite the few items that really chap my ass about Sygate, I still like it a lot more than ZA.

I used ZA for almost 4 yrs because it was a perfect no brainer firewall--it did the job w/o me having to specify rules about protocols that I did not want to learn about. But then I had to remove it bc it interfered with my connection and thats when the nightmare began.

Ended up having to reinstall Windows and once I got over being disgruntled about that decided on using a firewall that wasn't going to wrap itself so tightly around my system that if I removed it would wreak havoc. Sygate was my 2nd choice.

After I learned how to configure it and became familiar with setting up advanced rules and got over being pissed about every application having server privs enabled *by default,* I've been really happy with it. It passes port security scans, etc. and I use an IDS as well so I'm assured that my system is relatively secured at least for now. If someone really wanted to hack into my system then I'm sure neither firewall nor IDS would stop him but for me, SPF is good enough for the moment.

Sygate is an application/rule based. Maybe someone else can explain it a little better.

Hi mothman,

I don´t know if you´re familiar with this site: http://bellsouthpwp.net/i/k/ikpe/
It helped me a lot when trying to learn a little more about configuring SPF.

Regards,

Pieter

Pieter I stepped away from my computer for a little and came back and was going to put up the same link as you did. You beat me to it. :)

-{ Quote: " quoting: notageek link=board=23;threadid=8674;start=15#57502 date=1051563405]
Pieter I stepped away from my computer for a little and came back and was going to put up the same link as you did. You beat me to it. :)
" }-

:D
The site is a must for SPF users IMHO. It's one of my all-time favorites.
Sometimes in a daring moment I think about installing a truly rule-based firewall (with all the help I can get here, it should be possible), but then I reconsider how using SPF in combination with SSM has never let me down, and start other, less challenging, projects from my TODO list.

Regards,

Pieter

I meant to say in my post that although bugs are known I'm still a Sygate Pro user and happy with it, although its logging system could be better. ;)

Sygate is a good Firewall. when you put SSM and Sygate together you get good protection. I use them both also.

-{ Quote: " quoting: Tinribs link=board=23;threadid=8674;start=15#57378 date=1051512969]
I'm no expert Mothman but I believe a major concern is that Sygate cant filter LocalHost, for instance if you were running a proxy any program can connect to this proxy and get out without any warning from Sygate.
" }-

Outpost has the same exact bug. On top of it's more well known bugs, which have never been fixed.

Wow! does anyone know of any Firewall that don't have this problem.

Frank, are you talking about the beta outpost or the older version?

Outpost does not have this bug. Outpost can filter localhost and you can make rules for it.
This issue came up some time back and the best I can understand about using proxys is that you want to allow loopback for all ports, except the port the proxy uses to access the net.
For instance, with Proxo, allow loop back on all ports except 8080, which Proxo uses if memory serves me correctly.
This area is not all that familiar to me and I don't use any proxies, so I have not experimented in this area.
Also, since Outpost version 2, now in beta has had so much code rewritten may deal with this differently and it remains to be seen if anyone finds a problem in this area.

I can't wait to try Outpost 2. :)

-{ Quote: " quoting: root link=board=23;threadid=8674;start=30#58003 date=1051805793]
Outpost does not have this bug. Outpost can filter localhost and you can make rules for it.
This issue came up some time back and the best I can understand about using proxys is that you want to allow loopback for all ports, except the port the proxy uses to access the net.
For instance, with Proxo, allow loop back on all ports except 8080, which Proxo uses if memory serves me correctly.
This area is not all that familiar to me and I don't use any proxies, so I have not experimented in this area.
Also, since Outpost version 2, now in beta has had so much code rewritten may deal with this differently and it remains to be seen if anyone finds a problem in this area.
" }-

Yes it does have this bug. Provide an exact rule if you're sure it doesn't.

If you're sure that version 1 doesn't have this bug, i don't understand why you're even bringing up outpost2 dealing with this problem.

Frank, I don't use Proxo or any other proxy program. I am an Admin and beta tester for Agnitum. Therefore I cannot speak from personal experience.
Some time ago the issue of using Proxo with a firewall came up and after trying a lot of different things, to the best of my knowledge, it was decided that it was safe to use Proxo with loopback enabled for all ports but 8080. (I think thats the port Proxo uses) The last I heard, there were people using Proxo and Outpost with no problems.
When you stated "Outpost has the same exact bug. On top of it's more well known bugs, which have never been fixed"
I did not feel that was a fair assessment of the issue.
Outpost can make rules for loopback as well as or better than any other firewall. There is no bug. There is an issue that is somewhat akin to the leak tests. Is more about design features than bugs.
I and a couple of other Mods here discussed this at length some time ago, and NIS was discussed as well. I will admit I am not the most technical minded person around, and this issue is a confusing one.
As to why I brought up version 2 - Outpost has had much of its code rewritten. It now uses Stateful Packet inspection among other things that may be of some benefit with this issue. That's all.
So yes, Outpost had some serious bugs in version 1, and all have been fixed in version 2 as far as I know. If it turns out that there is a bug related to using proxy programs, it will be dealt with. There never was an outstanding bug about this issue that had been turned in as far as I know.
I hope I have explained what I meant when I said there is no bug. An issue, yes, but one of design in my opinion.

I think my statement was fair and accurate. I brought up outpost's other well known bugs because they haven't been fixed. And i feel this proxy bug won't be fixed either. (Care to place a wager?) I'm more than happy to be corrected on this bug, by you, agnitum, or anyone else.
If calling it an "issue" makes you happy, knock yourself out. But i think most users are smart enough to realize that what's been described in this thread is a security hole bug.

I found out how to block port 137 in McAfee firewall. After playing with it on my other system I found a way to block it. It's rather annoying to do it but you have to until a patch comes along. All you have to do is open the firewall by right clicking on the icon in system tray. After that click McAfee firewall/ run firewall. click on stop firewall. than click run firewall. This will block port 137. Yes as far as I know you have do it everytime you start McAfee firewall. Now i need to work on not letting programs have server rights. I hate when Firewalls make everyone program have server rights.

Good info notageek :)
Regards
Ole