PC Tools Firewall

You can set outgoing port ranges in the Advanced Rules pane. These rules only apply if you have packet filtering enabled (I only use app control).

 

Yup. The packet filtering Advanced Rules look very extensive. You can set incoming and outgoing port ranges, and single matches, both with conditions such as "equals" "equals or" doesn't equal" and "does not equal and". Other rule choices I'ld have to study on before using

The application rules seem to be weaker. If PC Tools would ever send my forum signup confirmation I could ask about a few things.

 

numerous Commodo posts un-related to this PC Tools Firewall topic were moved to a thread of their own for further discussion.

https://www.wilderssecurity.com/showthread.php?t=212075

Bubba

 

@Stem,

Have you find some time testing it SPI capabilities?

Thx K

 

Stem must be on vacation!! lol

 

Have you tried logging in with your user/pass? When i signed up last year I spent a while waiting for a confirmation that never came, so I tried logging in and it worked.

 

HI Espresso, that was probably a good thing to try, but it did get taken care of by a helpful PC Tools person. Appreciate the thought though.

How are you liking the firewall? I'm still trying to get a handle on the packet filtering rules vs the application rules and how they interact. Being used to Kerio 2.1.5, it's a bit different. The protection against code injection seems good. Sure get a lot of popups when installing programs, so if a malware tries it out of the blue, it should be something for concern. Takes user cognition to allow or deny, but I'ld rather have the chance at it, than not. With threatfire on as backup, hopefully a mistake is still caught

 

I had the same problem at the beginning. IMHO, think the "advanced rules" as higher priority rules or "global" rules and application rules as having lower priority.

FYI, the code injection, uses the same driver as Threatfire, MCHINJDRV, so practically Threatfire uses the same driver to monitor code injection, but without prompting you all the time. IMHO, you could disable the code injection in PC Tools firewall and rely on Threatfire entirely. You will avoid useless popups.

 

Here's a little something I just started... http://www.mntolympus.org/SPFSPIFWS.html


Regards,
Phant0m``

 

Is there any test application to test how they handle these scenarios you described? If not how did you work out what the capabilities are?

 

Fuzzfas,

I notice that you are using Ashampoo Firewall Free. I have been interested in it, but never know anyone who used it.

Please share your experience and evaluation of it.

Thanks

 

The most recent version of PCTools firewall still has the bug where the GUI interface will not release memory when running in a LUA under XP SP3.

So far as SPI is concerned, I thought the UDP pseudo stateful on LnS is limited to a few special situations and requires the raw rule editor. Otherwise most software firewalls don't have it, and simply rely on application specific rules. That means with something like Skype or eMule the application rule allows for listening for UDP on all ports. My tests with LnS showed that when an application triggered rule was used, those ports were available globally.

 

Hi Grey Owl! It's good if you want a simple firewall and you are behind a router, so you don't care much about it. It doesn't stealth ports (closed instead), i like the GUI, it's very light on resources , even under heavy p2p (one of the lowest CPU usage available and about 12 MB RAM), you can allow or block an application for a specific port (but there is no protocol control) and has an almost decent log.

The bad things, is that it has minor gui and behaviour bugs (but you get used to it, nothing important) and that it has some serious compatibility issues with some other security applications. Some antiviruses can't update their definitions, because the firewall doesn't "see" their request and doesn't give you the pop up. (AOL's KAV based virus scanner and i think Avira 7 too for example). I had also serious trouble with Threatfire (total freeze) in the past, don't know about the current TF version.

Also, unless you disable the option to protect the firewall from termination, the event viewer gives application errors for ASFWhide, which is the driver that is supposed to do the job (Twister flagged it as rootkit btw).

I just installed it to see how it will play with Twister and WinPatrol and i am sad to say that although the firewall is running, right now the sys tray icon has disappeared, so i am prone to think it has some problem with one of them too.

I think it would be nice firewall for people who want simple outbound control, because it's very light, but AShampoo hasn't released a new version for many months now and there are certainly bugs and compatibility issues. IF you are lucky and it likes your configuration, it's a nice little firewall. Unfortunately, it doesn't like mine very much.

 

Fuzzfas,

Thanks for all the info and your experience with Ashampoo.

Greyowl

 

Wow - That's awesome Phant0m! Like you even have 8-signs firewall there which is like a very sophisticated enterprise firewall...

I see that its work in progress but it would be great if you could add Outpost Pro and ZoneAlarm. If you can add FortKnox Firewall 2008 that would be great too...

Great Work!!!

 

if any one is interested there is a link to a beta (soon to be released) of the next version of the PCTFW here
http://www.pctools.com/forum/showthread.php?t=52329

 

Thanks dmenace!

I'll consider doing the other products, right now I don't have much time.

 

I guess the pcTools thread for beta information requires special privileges... A person cannot just click on the link you giving and directly visit the page.


Regards,
Phant0m``

 

Probably so

Would you like to apply to become a Beta Tester for PC Tools products?

 

If you go over to the forum there is a thread with a download link:

http://www.pctools.com/forum/showthread.php?t=52313

I hope this works better.

 

That last link worked for me. Currently running the latest beta. I installed right over top of the latest stable release with no problems. Nice installer, it detected the current PCTFW, notified that it would be stopped and installed over and did it. Reboot necessary. It kept the advanced config rules from the old setup but the application rules were not.

So far there are no problems with any other apps. The GUI seems snappier than the old stable release.......just a feeling, no data

Running W2k SP4 on an old 233MHz laptop, with Threatfire and Antivir personal, and FF w Noscript (yeah she's a might slow, but good for a test bed )

So far the beta is runnning well.

 

I must correct myself. The random reboots were proved to be caused by my updated audio drivers for the motherboard.

PC Tools Firewall was innocent.

 

It is down to controllability.
I know most of the time there is possibly no need to concern for local port for outbound, but I do (and others I support) have software that use various local ports for internal comms. These ports I see as reserved for that software, so I like to place restrictions on local port use.

 

I cannot speak for Phant0m, certainly as your question appears to of been ignored, but, there are a number of available applications that can be used (in conjunction) to perform such tests.
I personally use various programs, one to make (keep open) a connection, then others to create and send invalids etc. I know from simple tests that PC tools firewall is not, in my mind, classed as a packet filter, but then again, from the checks I have made with various other firewalls, that packet filtering appears not to be at the top the the list of priorities by most vendors.

 

I have just installed PC Tools Firewall.

I have unchecked the box "Automatically allow known applications"
But some programs are having access to the internet with no warning from PC Tools ??

It detected Avira, Firefox, K9, Filezilla.
But missed DefenseWall, Ashampoo burning studio, Jet Audio, SpywareBlaster, Revo Uninstaller and SuperAntispyware.