OK, I changed my AV to Kaspersky Anti-Virus (KAV) to test how much impact it had the resources of my PC (AMD64 3200, 1G RAM). It was quite un-noticeable. However, I was surprised that KAV managed to bypass my firewall rules and update itself automatically, without asking me whether it could access the Internet. My rules are only outbound but I noticed in the activity monitor that kavsvc.exe was being allowed inbound on a udp port ... of course I could block this inbound activity, but my greater fear is that some untrusted process could be able to do the same! Any ideas: I'll try to summarize the firewall rules later as I have to go to church.
I was under the impression that only Trusted apps were allowed full access in both directions in Tiny...
KAV personal updates via active FTP or HTTP. It listens on ports 1110 and 1125 to scan pop3 and smtp, respectively, and needs access to ports 110 and 25 to receive and send mail. The UDP activity may have been loopback. You might want to watch for whether your AV picks up email activity from your email client after KAV is running.
In the TPF2005-Pro the "services" group is not restricted. You need to create a rule to control this group. If not all apps in the service group will have full access to the net. In an earlier build of TPF the "KnownSystemApps" had the same problem. Michael
Thanks Michael for the info. Both ewidoctrl.exe, ewidoguard.exe and kavsvc.exe are in the services tab. Incidentally, I had the same problem with ewido which automatically updated itself everyday. I stopped it by removing svchost.exe from connecting out and instead allowed system outbound access. However, the subsequent Netbios alerts and prompts drove me crazy so I had to allow svchost.exe access to 255.255.255.255.
You have to allow DHCP Broadcast (255.255.255.255) , out As far as automatic updates, you should control those with the program itsself, not Tiny. Michael
