F-Secure IS Firewall

In checking FSIS firewall at Gibson's RC it showed all ports stealthed. The leak test, however, indicated no protection as if I had no firewall.
The default setting was Normal. I changed it to strict, and it passed the leak test.

I am surprised that the normal setting failed the leak test.

Jerry

 

When I tested this program, on the normal setting, it failed that test on one port, number 139. On Strict, it passed.

 

Thanks, Tony. I hope we see what others have experienced, although FSIS is not a widely used AV I don't think.

Best,
Jerry

 

I just retested the probe at grc.com in case it was a fluke, but alas, no, port 139 still shows as closed as opposed to stealthed in Normal mode. It is stealthed at Strict though. I should also point out I'm not behind a router so it does locate my actual IP address at that site. Whether this makes any difference I dunno.

 

Hi Tony,
I am behind a router, and it seems that the ping test is always "fail." I don't worry about it.
I have never been convinced that there is anything wrong with a closed port. If it is closed, how would anything get through?

Best,
Jerry

 

normal is secure,

strict is lockdown

if you think of it like that, it sounds better than "1 closed port"

 

Closed is fine, but all the hype is that it should be stealthed. I know it's only one port, but even so grc still classes it as a fail.

 

Hello TonyW,

Have you got netBIOS active?

 

It should be off even at the Normal setting. I guess one can tweak the settings, but by default it should automatically disallow such things IMO. Other firewalls manage it. I'll check it later.

 

Hello TonyW,

I am just downloading now, so I will install to check.

 

I find this firewall strange. (apart from the 2 hardware resets it as given (no BSOD, just full reset/restarts))

First of all, the firewall is passing the shieldsup scans, all stealth on this setup.

I can see a problem, when the DNS service is disabled, all apllications need to make thier own DNS lookups, but the firewall insists that an application should have server status (allow inbound connections) for the returned DNS lookups.
When I enable the DNS service, there is no alert for internet access for svchost, and the DNS rule within the "services" section of the firewall are currently "not in use".

EDIT:
I have just had another hardware reset as I was attempting to check the windows services, so unfortunately I am now having to remove F-Secure.

 

I have to agree about it being strange in the way it handles some things. I did have another look, and I couldn't see where to make sure NetBIOS wasn't active. It's not very clear in either the rules or services section of the program.

It doesn't matter to me as this isn't my IS program. I just wanted to test it out.

 

Hi TonyW,
I have set up on a VM.

I do think there will be some confusion with the settings for this firewall.
There are rules included for netBIOS, but these are to allow inbound from the local network, and become active when the firewall policy is set to "Strict". This may not at first seem a problem, but for the many users who are on untrusted LANs this is a major problem. What makes it worse, is the fact that in the firewall rules, these allowed comms are not shown, there is a need to check the "Services" tab for all active rules.