White knight rescues Kerio's free firewall

Discussion in 'other firewalls' started by msanto, Dec 1, 2005.

Thread Status:
Not open for further replies.
  1. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Merry Xmas too!:)

    Go into the configuration, and you can change every setting you want;)
     
  2. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    I assume you and Kerodo are right, but that have nothing to do with Sunbelt.

    We only can wait what Sunbelt is doing with Kerio Firewall, perhaps they will listen to their customers and take the same customer serious:)
     
  3. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Pretty well actually. It uses more resources than Sygate Free, and also slows down my browsing slightly more than Sygate. To be expected though as Kerio has a lot more to offer than Sygate. It's still pretty good and the slowdown is only marginal really. Behaviour Blocking, HIPS and NIPS(gotta love that word :) ). Also has the ad blocking, which i like.

    As to the question of uninstalling Sygate completely instead of disabling it. Well i disabled the service and the Sygate startup. Nothing to do with Sygate is running, and i'm not experiencing any conflicts as far as i can tell. Once i am sure this firewall is a worthy keeper then i'll uninstall Sygate. I used to use Kerio 2.1.4 and liked that. This is the first time i've used Kerio since that version. So it's probably 3+ years. Looking good so far.

    muf
     
  4. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    muf, it did not work for me when I did only go to Sygate 'Options' dialog and there disabled the 'Automatically load Sygate Personal firewall service at startup. You must have done something to the firewall service in Win XP settings too. Care to clear out more?

    I got all sorts of wierd behaviour and like to keep Sygate too in my PC installed since it is working well and I can only import the 'Advanced rules' to a new install and always make the application rules by hand to be sure everything is working properly.

    You disabled the Sygate firewall service from XP services too?
    Have you tried disabling Kerio 4.2.2 and run Sygate with both firewalls installed?

    I know it is not recommended to have them both installed.
    Kerio only on my system. It was working otherwise fine, but a few BSOD's I got.
    So I trust SPF more. But like I Kerio too with it's nice user interface and selective logging.
    Sygate has better logging, but not able to exclude Skype.
     
  5. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Hi,

    Yeah, if you click on Start then click Run. Then type in Services.msc and click ok. When the services list box come up, just scroll down to Sygate and right click on it and select Properties. In the middle of the box change the Startup type to disabled. Click ok and close the service list box. If you use a startup monitor or an application that has one(i have serveral), just look for the startup for smc.exe, on my system it was c:\program files\sygate\smc.exe -startgui and once you find it, just disable it.

    All systems are different, but i did it this way and Kerio works fine as far as i can tell.

    Good luck,
    muf

    p.s Tried disabling Kerio and running Sygate but it wouldn't run. Expect that if i did the same with Kerio that i did with Sygate. ie disable the service as well then if i undid the disabling in Sysgate and then rebooted, i'm pretty sure it would all work. But tbh, i'm not going to try it as BSOD's are not my favourite thing. ;)
     
  6. controler

    controler Guest

    Muf

    does netstop scm.exe work to stop sygate service?

    If so just make two bat file on desktop, one to start and one to stop.

    or add the netstop command to the autoexec.bat file. This is the first thing windows will see on bootup.

    con
     
  7. controler

    controler Guest

    It would be like this


    open notepad

    type net stop scm

    then safe file as stopsygate.bat to dekstop

    to start service again just make another BAT file with net start scm ...

    If you use quotes you will then be asked yes or no to starting or stopping the service

    net stop "scm"
     
  8. controler

    controler Guest

    Let's say for example you want to do some processing or play a game and you don't want some services running.

    creat some BAT files.

    examples to stop some stuff and you can add or delete as you wish

    Below I named Stop.Bat for ease: Copy this to notepad and safe the file as Stop.bat to desktop


    NET STOP "Cryptographic Services"

    NET STOP "DHCP Client"

    NET STOP "DNS Client"

    NET STOP "Network Connections"

    NET STOP "Norton AntiVirus Auto Protect Service"

    NET STOP "Print Spooler"

    NET STOP "Protected Storage"

    NET STOP "Remote Access Auto Connection Manager"

    NET STOP "Shell Hardware Detection

    NET STOP "Symantec Event Manager"

    NET STOP "Task Scheduler"

    NET STOP "Themes"

    NET STOP "Windows Management Instrumentation"

    NET STOP "Windows Time"

    NET STOP "SMC"

    Next you can copy the info below to notepad and save the file as Start.bat


    NET START "Cryptographic Services"

    NET START "DHCP Client"

    NET START "DNS Client"

    NET START "Network Connections"

    NET START "Norton AntiVirus Auto Protect Service"

    NET START "Print Spooler"

    NET START "Protected Storage"

    NET START "Remote Access Auto Connection Manager"

    NET START "Shell Hardware Detection

    NET START "Symantec Event Manager"

    NET START "Task Scheduler"

    NET START "Themes"

    NET START "Windows Management Instrumentation"

    NET START "Windows Time"

    NET START "SMC"

    Have fun

    con
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Although I am not sure, I think it might be possible for conflicting drivers or devices to get loaded by the system even when you disable one of the firewall services. If this is true, then it might very well cause problems. It is most likely safer to just uninstall the firewall you're not using before running the new one.
     
  10. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    I remember me the McAfee firewall, after uninstall it leave some drivers on your system and these *&^#@ nasties can cause a lot of problems.:mad:
     
  11. controler

    controler Guest

    well yea what I wrote was for shutting down services.

    Sorry

    for drivers you need to go to device drivers.

    right click on my computer, properties,device manager,


    con
     
  12. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Hmmm, I may have spoken too soon. I've had about 3 BSOD's in the last 24 hours. Caused by the same thing. When i get a repeated set of prompt's i.e i recieve a prompt of an incoming connection attempt and i click deny, then the prompt keeps coming up, and after about the 4th or 5th prompt i get a BSOD that says something like system has shut down to protect Windows from getting damaged. This is when i have been testing it at places like Sygate and GRC. It also happened when i went to E-Bay and did a search. But that currently appears to be a one-off.

    I'll wait and see what happens over the coming days.

    muf
     
  13. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Ok, further update(to those interested!). Having suffered a number of further BSOD's, some of which when i was simply browsing the security forums, i've taken the decision to uninstall Kerio. Liked it, protection and logging very good indeed. But not knowing when the next BSOD is going to happen, but knowing it would was what persuaded me. It kept generating a fault log after every crash but it was like 500mb so i don't expect it was very uploadable to Sunbelt's server!!! I'm trying the latest Outpost Pro. And for the last 36 hours since installing it not had one BSOD. I'll see how this one goes.
     
  14. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Hmm $14.95 pricing was not an incentive to purchase the product. I still do not think I would recommend this product for novice computer users. The high amount of prompting to allow or disallow items access to the Internet, even after telling it to allow it out, does not make it a software firewall for newbies.
     
  15. controler

    controler Guest

    I think if you leave it in simple mode, you do not get all the popups. At least I don't
    In network security click the predefined tab, then tick the top box that says Enable predefined network security
    and your popups will go away.

    I been messing with the javascript, active x options and they seem to work great. I leave java script enabled in Firefox but have it dissabled in Kerio and it seems to be doing it's job.


    Muff? do you have crash dump enabled in overview, preferences?
    Also have you tried to disable an option at a time such as the popups mentioned above or say HIPS or NIPS to see which modual is conflicting?
    This information would be helpful to developers.
     
  16. controler

    controler Guest

    If you go to the LOGS folder under Kerio, you should see two files, debug.log and
    error.log. If you look at the debug log you should see all the urls you visited. This would be personal information you would be sending to Sunbelt if they requested it.
    Or wait, Smokey? does this info automaticly go to Sunbelt if you have create crash dumped ticked?

    thanks

    con
     
  17. controler

    controler Guest

    Ok been messing with the logs. I clear the info in the logs and change setting on Kerio then look at the logs files in the LOG folder and info seems to still be added no mater what.

    Here is one thing I am looking at. In the GUI under settings and ticking log to syslog. Then looking at advanced I see what is default ticked.Debug & warning are NOT ticked but yet the debug and warning .LOG files in the Kerio,LOG folder still keep adding info to the file.
     
  18. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    It did generate a crash dump log to send to Sunbelt, but when i tried to send it, the sending got stopped. Now when i looked at the log file it was 502mb. Seriously, do you know how long that would take to send! Anyway, i thought it was a one-off, so i deleted the log and carried on using Kerio. Firstly i disabled the application behaviour blocking as i already use Online Armor. Still had crashes. So next i disabled the HIPS as i felt that Online Armor pretty much covered this. Still had crashes. After each crash it generated a crash log of over 500mb. There was never a chance in hell i was sending a log that big over the net, if my ISP would even allow it!!! I don't mind sending info to help a developer but one that's that size is just crazy and unreasonable to presume i would.

    Now been using Outpost Pro for two days with no crashes.

    muf
     
  19. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,565
    I have been following this thread for a while.

    4.2.2 has been installed since late October. It is running in the free version since it had previously been installed some months prior.

    I have not had any crashes with it - seems quite stable. It is running with PG and BOClean.

    Looking at the sizes of the log files I have nothing larger than 1959 KB which is the network.log, followed by khips.log at 1184 KB

    Looking at the error log I have this which put in every start

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    [01/Jan/2006 19:20:33] +------------------------------------------+
    [01/Jan/2006 19:20:33] | Service start |
    [01/Jan/2006 19:20:33] +------------------------------------------+
    [01/Jan/2006 19:20:33] Kerio Personal Firewall 4.2.2 T.
    [01/Jan/2006 19:20:33] © 1997-2005 Kerio Technologies. Web site http://www.kerio.com/
    [01/Jan/2006 19:20:33] System: Windows 2000.
    [01/Jan/2006 19:20:33] kwsapi: Could not create instance of NetFwMgr: Class not registered (0x80040154) .
    [01/Jan/2006 19:20:33] kwsapi: set: WindowsFirewall is not initialized.
    [01/Jan/2006 19:21:04] kwsapi: Could not connect to Security Center.
    [01/Jan/2006 23:42:00] Gui.cpp: Cannot start gui. Exiting.
    [01/Jan/2006 23:42:00] Gui.cpp: starting_thread: could not reconnect to gui 12.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    I don't know the relevance of this or whether I should be concerned about it.

    Could someone give me an opinion please.
     
  20. controler

    controler Guest

    Yes these logs are bugging me. Appears the same URLs appear in both debug and web logs.
    I am sure all this has been talked about in another Kerio forum. Maybe I will try to find it.
    I don't know about the free version but the debug log seems to fill up fast.
    Under logs & alerts you can set log size. DOn't know if this is only for the syslog or what. I DO think an option to clear a log or all logs would be helpful to me.
    It seems clearing the .LOG file (not deleting it) does not rid the GUI of the log even after shutting down and restarting the service.

    con
     
  21. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    It was hard to tell whether this comment was meant for me or not. I assumed it was and my Kerio is already configured in that mode and I notice no difference in the amount of popups. I still stand by my comment that I do not thing that Kerio is a software firewall that a newbie computer user would be comfortable with. I see newbies getting frustrated even with the less frequent prompting that some of the other firewalls out on the market do. I realyy think that with Kerio they would wind up just saying YES to the frequent prompts poping up.
     
    Last edited: Jan 5, 2006
  22. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Any software firewall will bother the user with popups, whether it's Kerio or something else, so it's just something the user has to deal with and get used to, else what's the point of having the firewall there at all? Inbound protection is easy, but any outbound has to ask questions. There's no other way..
     
  23. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    I have also used ZoneAlarm and Sygate and I still feel that with these two firewalls if a valid application wants access to the Internet and you tell them to allow and remember your decision then there is no more prompting. I find that Kerio if you do the same you are still prompted even in simple mode, to allow other DLLs etc called by this already allowed application.
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I don't remember Kerio 4 having any component control in the same sense that ZAP and Sygate have, so I don't think that's the problem. Kerio won't ask about dll's like the others will. All I can think of is that it might be the HIPS feature. You might try turning that off and see if it's better. Could be that a few of your apps are triggering HIPS alerts of some kind. Other than that, I have no idea..
     
  25. controler

    controler Guest

    Maybe it is only my computer but try this, as a test. First in Applications remove
    IE or Firefox or other browser. Make sure you got enable predefined network security chacked. Then try opening IE again. On my system I get no Alert to create rule. Now if you do the same thing only this time do not check predefined network security and you open IE , you WILL again the get popup asking to create a rule. I am not sure this is how the developer intended it to be or a bug.
    Note: The first time I got the popup I created a rule to allow. Don't know if that means anything but I could try to not allow on the first opoup and see if anything changes. WIll try later with more time.


    con
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.