Here is a really embarassing question

Discussion in 'other firewalls' started by Escalader, Jun 8, 2010.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Hi Stem:

    I don't mind testing for you ! :cool:

    On this new test do you want this done with your workaround in place ie the block ip for 6 minutes ON or OFF?

    PS to do any updating users must disabled self protection. That means user has to turn it back on after an update.

    Fun eh!
     
    Last edited: Jun 10, 2010
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Escalader,

    Leave it off



    Thanks,

    - Stem
     
  3. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    213
    I have no trouble updating with self protection on and neither do most people. Apparently your trouble is intermittent as well?
    You said
    http://outpostfirewall.com/forum/showpost.php?p=188869&postcount=41
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Firepost::D

    Don't know about most people, but I have had varying results with self protection. On my "success" post at OP forum that was the first time it worked for my setup I got excited!

    The setup I have is OP FW Pro 7 (latest) windows 64.

    Will test again later and report back.

    Would be interesting to hear from other users here it may be my set up has something unique.
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Ok Stem, I will now proceed with this test and report back.
     
  6. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    213
    Yes it would. On a support forum it is generally only the ones that have an issue posting.

    One point of clarification on "Firewall_Log_During 6 minute block time.jpg". The attack detection had already triggered, so anything to or from that IP would be blocked. The earlier "attack" was clearly from what was perceived as a port scan. Once triggered no conclusions should be made about traffic types that are blocked.

    Outpost version 7 did have work done to address the issues under discussion in the thread fax linked for us.

    # New stateful packet inspection (SPI) for UDP protocol
    # New invalid TCP flag filtering

    The results with "block the attacker" off should provide some clarity for us Did the flag filtering get a bit too tight?
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Stem:

    Here are the results. My observation is that with port scanning off I get no reported blocks either by pop up re attack or logged.

    Here are the 3 jpg's and 1 txt file I took during the tests:
     

    Attached Files:

  8. wat0114

    wat0114 Guest

    Actually, is there even a need for Attack detection enabled when behind a firewalled router? I doubt it.
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Thanks for testing.


    - Stem
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Depends on what the router and Attack plugin filters on a current connection.

    - Stem
     
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Well, the results of todays test are:

    1) If I turn self protection on, the product update fails. It goes into the looping blue icon again and hangs there. Skip no longer lets me escape the loop (it did before).
    The product quits and I have to reboot because task manager won't close the OP services gui it has access denied on.

    2) If I turn self protection OFF, the product does update okay. I get the blocked ip of the OP web site scanning messages that Stem is asking me for tests. All those are done.

    That's it for this update saga for now.
     
  12. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    At the request of the vendor, I just completed some additional tests.

    They involved the Nod32 V4.2.42.0 driver.

    Renaming it temporarily in safe mode and rebooting made two problems go away.:D

    1) Looping updates in self protect mode
    2) The blocked OP update site on port scans

    This implies a possible conflict with Nod32 V4 and OP FW Pro 7 on 64 bit windows 7 computers.

    Since Nod32 is ticked during install for compatibility purposes it seems their is some more work to do.

    I don't want to id the driver as it may vary by versions of Nod32, OP and operating system and for general users it is extremely dangerous work. Wait for vendor fixes.

    Your mileage will vary!!
     
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    I've completed all the Nod32 tests I can with OP FW Pro 7.

    The bottom line is as soon as I removed Nod32 64 w7 version OP FW Pro 7 is happy as it can update without looping and without crashing if user trys to "skip" out on the looping.

    I have no more port scans from the vendor site (with Nod32 gone) via the attack detection feature.

    To satisfy the need for a RT AV I have installed MSE and all seems calm. I can update OP and no crashes and false scan attacks. I'm NOT saying MSE is better than Nod32, but I need my layers complete. No AV is a rather large hole in the defensive security screen.

    I have not experienced it myself, but it looks like AVAST AV is in the same condition visa via OP as Nod32 V4 64 bit.

    Maybe the vendors can solve this problem as it is theirs to solve not the users. That is my view anyway.

    It would be interesting to hear how you other OP FW Pro 7 users have dealt with this one.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.