Outpost Pro Firewall 7.0.4 (3403.520.1244)

This tread is a continuation of the "old" thread last posted in April 2010. It is NOT a learning thread. For my part, I will just post what I have done and will be doing to "harden" the product. I'm on Windows 7 64 bit so if you aren't the posts may be of no relevance to your set up. This is not a bash the vendor thread.

Today as I'm set at Block Most and am NOT having any automatic rules made for me by the vendor I thought I'd review every single rule to see if it referred to a real executable. I have upgraded to MS Office 2010 and installed new versions of other software.

>settings>application rules>1st application (ACS.EXE)> Edit> Properties

If you get properties displayed carry on to the next application.

If you get a message can't find application the rule should be removed.

I found dozens of them. Most were one time set ups or old exe left over from MS office 2010 beta.

After completion save the rule set so you don't lose the effort.

 

Re: OUTPOSTPRO FIREWALL 7.0.4 (3403.520.1244)

In keeping with MY security policy ( not yours), over the last 2 days I did the following:

1) Went through each rule in options and changed prompt for raw socket access to block access. No ill effects yet. I have never been prompted for it anyway, so I slammed the door.

2) The attack detection picked up 8 ports scanned by an ip ( the default threshold is 6) so I changed it to 3 (tighter) and added the 8 ports to the vulnerable ports list. IMHO this should be made automated so I don't have to do each ports one by one

The idea I try to follow is each day make at least 1 improvement to my layered security no matter how trivial it may seem.

 

Re: OUTPOSTPRO FIREWALL 7.0.4 (3403.520.1244)

Has this firewall started loging the Block Post blocked packets.Last version i trialed did not.
On XP OFP 7 doesnt look as good as OFP 4 was ,it s like some packets are filtered randomly or something ,because i think some bad packets got in some weeks ago , in some P2P session.
Strange firewall for my taste network packet wise.
ARP protection is also very silent in this version.
I like the new features but the network filtering seems strange.

 

Re: OUTPOSTPRO FIREWALL 7.0.4 (3403.520.1244)

Ahh I'm on windows 7 OP PRO FW 7 64 bit so can't comment on your xp questions.

FWIW, blocked packets show up all the time in my log

If you think you hit a bug go to vendor support to report your bugs. They want data or proof if you like.

 

Here for reference are the current port lists, ranges and uses.

I have tightened all my rules for TCP local ports outbound to be 49152-65535. These are the windows 7 ephemeral ports.

Remote ports are 80-83,85,88,90.

Next I will review these lists for common trojan ports and conflict ports and add them to the OP attack detection list of ports needing special attention.

List of TCP and UDP port numbers

[FONT=&quot]http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers[/FONT]

From Wikipedia, the free encyclopedia
Jump to: navigation, search
This is a list of Internet socket port numbers used by protocols of the Transport Layer of the Internet Protocol Suite for the establishment of host-to-host communications.
Originally, these port numbers were used by the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP), but are used also for the Stream Control Transmission Protocol (SCTP), and the Datagram Congestion Control Protocol (DCCP). SCTP and DCCP services usually use a port number that matches the service of the corresponding TCP or UDP implementation if they exist.
The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[1] However, many unofficial uses of both well-known and registered port numbers occur in practice.
Contents

• 1 Table legend
• 2 Well-known ports: 0–1023
• 3 Registered ports: 1024–49151
• 4 Dynamic, private or ephemeral ports: 49152–65535
• 5 See also
• 6 References
• 7 External links

 

Critical vulnerability revealed in Outpost 7.0, 7.0.1 and 7.0.2

It is important to upgrade NOW!

 

In the orginal post setting up this continuation thread, I said

Now I am observing that OP Pro 7.0.4 does still create rules for me even though the no automatic rules settings are on.

So something is causing this and I don't know (yet) what it is all I can say right now is I don't like it.

Each time it occurs during boot up and creates a rule for windows explorer. Yet when I look at explorers rules their is nothing new to see!

I would greatly appreciate it if someone else (Stem?) could confirm this on W 7 64 bit before I submit a bug report to the vendor.

 

Yes, I have seen this explorer thing from time to time on both my win xp sp3 and win 7 pro 32bit machines via an alert (I have checked Rules auto-creation in the Alerts) and, just like you, no rules appeared to have been created. I know because I have no network rules for explorer.exe, and, after the alert, there are still none.
I'll pay more attention next time I see this kind of alert. I have not reported this anomaly thinking it might be just my machines and their configs...
OP never has created rules automatically with the settings under Rules Creation set to Disable automatic rule creation and automatic rules for apps signed by trusted vendors unchecked.

 

Thanks, go to know I'm not seeing things!

I'll watch as well, but it sure is disconcerting to have an alert yet no rule is created that user can see.

 

I know the feeling!

 

3 months later, the behaviour is also present in OFP 7.1 on both my win xp and win 7 machines.
OFP has alerted me of the auto creation of rules for explorer and lately for firefox also.
What are created are not network rules, but anti-leak rules...for no apparent reason and usually upon starting my machines. Not sure why that is ... unless it is perhaps linked to application guard

I am now testing OP 7.5 beta 2.

 

Thanks for the update.

I'm holding back at OP FW Pro 7.1.

Also I'm interested in the new key logger features but have done no work on this.

Does 7.5 have the KL features?

 

Just an update for the thread:

Here is the latest version link:

http://www.agnitum.com/products/outpost/history.php


I'm on OP FW Pro 7.5.

One thing of potential interest is the clipboard and screen scrapping protection.

I have KeyScambler so with the clipboard and screen scrapping from OP my security has improved. My concern re KeyScambler lacking these 2 features has been reduced.

Not selling anything here I'm just a user sharing information.