I have am trialling this FW in one of my system snapshots. It looks quite good. I had not been in this snapshot for 6 days, so consequently my Sunbelt definitions had to be updated...in this case the whole definitions set, rather than incrementally as it would have done if I had been logged in constantly. See screenshot #1 However, I also see I can customize the rules...but I have no idea,e.g. the application HitmanPro as per screenshot #2 and #3 I would appreciate any advice on which ports I can/should/or not allow. I have no idea when it comes to customized rules in a FW, but I am always interested in learning.
The easiest way to see which ports you should allow an application to access is to use the logs to see what it is trying to do. I would start with a couple trusted applications that you know won't be trying to make rogue connections. Once you set up rules for them, you will get the hang of how to do it. For example, in your first screenshot you can restrict Sunbelt's local ports to the range: 1025 - 5000. You can make this same restriction for most all of your outbound rules. These ports are known as ephemeral ports. Your outbound port for Sunbelt looks like it can be limited to a single port: 80. You could even limit the remote addresses if you wanted. As for the Hitman Pro screenshots, the same rules apply. Ports 1025 - 5000 local and port 80 and 443 remote (Hitman Pro uses port 443 to upload suspicious files to the cloud). There shouldn't be a need for an incoming or UDP rule for these connections. Only TCP outgoing. I'm not sure about the dialog you posted with Hitman Pro using the ICMP protocol. This protocol is typically used for pings and traceroutes. Most firewalls come with predefined rules for ICMP. If this one didn't, you may find it easier to learn by using another firewall for awhile first before moving on to this one.
You might want to check the following post in regards to ephemeral ports. They have changed in Vista and W7. https://www.wilderssecurity.com/showthread.php?t=275573 weeNym
Sorry for the late reply....another thread I overlooked. Thanks!....I am running XP. Plus, this snapshot has gone the way of the Dodo... I answered wrongly to a popup and it took down C:\WINDOWS\system\system32\drivers\os_cfg.sys So, trying to boot the system in SAFE MODE, takes me so far...and then nada! ...as follows: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\ntoskrnl.exe multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\hal.dll multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\KDCOM.dll multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\BOOTVID.dll multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\config\system multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\C_1252.nls multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\C_850.nls multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\l_intl.nls multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\FONTS\vgaoem.fon multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\AppPatch\drvmain.sdb multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\Drivers\ multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\System32\os_vdisk.sys I have to try imaging...but!...I just can't make up my mind...too many choices! So, if I stuff up snapshot, I still have that classic, FD-ISR to save my bacon! Just wipe that snapshot and create a new one from several more that I have for testing other betas.
