Outpost 2009 Free or Pro

Stem,

I have all of these checked off...even the last one...is that good?

 

It should not be a problem on a small LAN. There can be some problem if scanning/mapping is made from the gateway. But you will know that if it happens. So you can leave all enabled.

I dont think it will be of benefit to you to block reserved ports as the IP blocklist with that entry will stop all nodes(PCs) on LAN connecting (it will also stop you connecting to them)

We need now to check what other applications have been given access. Can you post a screen shot of the application list (no need for the rules)


- Stem

 

OK -- I have to let my computer run for a couple of minutes so that the apps show in OP -- I will be right back.

 

No Problem,
I am mainly concerned with applications such as windows explorer and task manager that dont actually need internet rules.

If you prefer not to post a screen shot of applications, then no problem, just type a list of the window applications that are in the list.


- Stem

 

OK Stem, here it is!

 

other ones just popped up that was not included in that screen shot:
taskeng
wermgr

Also svchost keeps trying to make a UDP connection with 3702...I keep blocking this...is this ok or should I keep blocking it?

 

From the screen shots all signed applications are being given default rules. Not a real security issue, but some users dont like MS apps connecting out.


Port 3702 is used as part of uPnP, is this an inbound attempt? What is the popup shown? (it may be from gateway)



- Stem

 

OK - I'll be right back I'm gonna restart to get that popup.

 

2 more

 

The first popup port 49176 I think is specific to Vista, I will check the comms, but will need to restore the vista image.

Block both for now.

What I would like you to do, if willing, is to clear the firewall log. Then just continue as usual. Then say in about 12 hours, copy the firewall log and either attach it to a post here, or PM me and you can upload it to a file sharing site.
I can then check to see what comms are being made and what changes should be made to make you secure.

- Stem

 

One thing I noticed was that when I restarted my computer....and went to wilders...I was still logged in! lol does this have something to do with the IP blocking?

Also, my URL search history isn't working...no big deal.

 

If you dont log out, and cookies are not cleared from your browser, then you will be remembered.

URL search history in what?


- Stem

 

OK - sounds good. I should delete the text documents in the log section right?

 

Oh yeah I checked remember me, Duh

Never mind about the search history...I think it was always like that....I forgot that I mostly use favorites so I never have to type anything in the URL.

 

Just open OP, go to "Firewall" log, and select "Clear"



When you want to post/PM me the log, just go to the firewall log again, select all the entries, right click, select copy. Then open notepad and paste.


- Stem

 

OK Stem,

Thank You so much. You are the Man!!!!!!!!!!!!!!!

 

No problem.

Happy surfing.

I will check your logs as soon as I receive them

Time for my sleep (2:40 am here)


- Stem

 

Thanks again -- have a good night.

 

Good Morning Stem,

In the log you will see that I "allowed once" svchost on certain connections. I wanted you to see this because if you read it as "blocked" you would probably assume that it was automatically blocked and not to worry about it.

Here are the results

 

Good morning.

Open OP, go to the applications, and select svchost.

There are 5 rules that you should change to block(remember, change to block, do not delete them):-

2(two) rules for; link-local Multicast Name resolution
3(three) rules for;- LDAP





There are a couple of entries where outbound netbios as been blocked, but the attempts have been to send outside the LAN(to internet). Dont panic, but I do not like those entries. Do you have an AV installed?

A question.
Do you currently have anything installed from the Vendor Comodo? or have you had Comodo installed and then un-installed?


I need to go through your log fully again, but will now wait for your reply to see if you have questions concerning the above.
(and there may be the ICMPv6 rules to change)


- Stem

 

Hi Stem,

I have blocked the rules for svchost.

I currently do not have an AV installed but I do on-demand scans with A2, MBAM, Superantispyware, and McAfee's online scanner. I do scans very frequently.

The connections for Comodo belong to Comodo system cleaner. I've been using this for about a month now.


Off to work now -- TGIF

 

Hi Toby,

OK,

Can you check your LMhosts file for any entries. There is info here of its location.

I am just checking.


- Stem

 

Hi Stem,

File doesn's exist...the following files are in that folder:
hosts
lmhosts.sam
networks
protocol
services

 

Hi Toby,

OK.

You should now be OK from any connections within the LAN. If you do have any further questions, then just post to forum.


- Stem

 

So am I bulletproof? lol

What should I do with those 2 popups further up on this page?

Thank You for your patience and time -- You are very helpful!