2 questions and 3 remarks about NPF 2002

Discussion in 'other firewalls' started by stalker, Jan 21, 2004.

Thread Status:
Not open for further replies.
  1. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia
    Hello all ...


    1.) Is it possible, if I changed some rules in Internet Access/System-Wide Settings to switch them back to default ??


    2.) Then what happens, if you permit all access to/from some program, but in Internet Access/System-Wide Settings, there is no permition for example for site (or IP range) where this program download udates, or whatever incompatible rules (rule, that "override" other rule).
    I try, and made two rules - one to block all comnicatons, on all ports from and to all computers, and second to permit all comunications, on all ports (in case puting the same IP to trusted and to Restricted Zone, program warns you) - which one values then ??


    3.) The strange thing about my previous installation of Norton Personal Firewall 2002, there was one service (process) missing ...

    Norton installed only 4 services (in my opinion already 4 is too much, compare to Zone Alarm, which is running only with "zlclient.exe", and "vsmon.exe"), which are non-stop running, but the most important service SYMPROXYSVC.exe just weren't there running, as it is now (important because it uses TCP endpoints, and monitors all web pages displayed).
    So therefor majority of features: "Web Privacy", "Content Blocking", "Confidential Info Blocking" (some of them logged/viewed in Event Log), just weren't working (so my PC wasn't fully protected).

    And as the most important for me: if I choosed to block some program accessing internet - it just didn't help, program still contacted its home page (some PCBoost program's annoying "registration check routine")

    Now, second time installing Norton Personal Firewall 2002 - there was this new SYMPROXYSVC.exe process running (which I saw first time now), and all the features (listed above), are working normally, exept preventing specific program (again PCBoost) to access internet - "Block-all", as mentioned in Internet Access, but I put that IP to Restricted zone, and it prevents it "registration check routine")

    Though it is also strange, that installation procedure itself haven't "warn" me during previous istallation, that some "parts" of program are missing !!!


    4.) First issue: Appearantly some dll's were completely "mixed-up" I am using two OS, and some were (I don't know how) moved to system32 folder, which should be in Program Files\Norton Firewall folder, and reverse. So every time, I wanted to add some IP, or domain name to Restricted, or Trusted zone, I got "unknown error" message in module kernel32.dll. After moveing some dll's I correct that mistake.


    5.) Second issue: I continuosly get Blue Screen error message when shuting down computer, caused by Symevent.sys (Symantec driver)

    The thing is, that since I remember installing Norton Personal Firewall 2002 second time on my current Windows XP installation. I prefer using Zone Alarm, but I am waiting for version with less "CPU-kernell-mode" consuming True Vector Service (in case of using some programs currently being "front application"). But that is another story, for another topic. I remember, after clicking "restart", or "shutdown" getting always the same BSOD (Blue Screen) with message STOP: SYMEVENT.SYS ... which is as far as I know Symantec driver ...

    P.S., After that BSOD, scandisk finds "invalid clusters", or "bad links" in folder D:\Documents and Settings\MyName\Local Settings\Temp\ in files:


    IconCache.db (or.bd)
    Ntuser.log.dat
    Perflib_Perfdata_767.dat (or 776, 766, 676, etc.)



    Thank you for any answer
     
  2. FanJ

    FanJ Guest

    Hi,

    I'll ask the mods to move your question to the firewall-section.
    CrazyM and Joseph know a lot about NPF so I hope they can help you !

    Cheers, Jan.
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi stalker

    ...welcome to Wilders :)

    As a general rule, there is no option within NIS/NPF to restore default rules.

    For versions up to and including NIS/NPF2002 rule sets can be saved/restored via the registry. There was a handy third party utility that did this, but the link I have no longer works and I will have to check on the status and availability (NIS Rules by Albert Janssen).

    NIS2002 Pro (v4.5) has an option called "Managed Settings". This allowed you to configure program options, firewall rules, and other preferences on an administrator's computer, then export these settings to other computers and would also work as a back up for your own configuration(s).

    NIS/NPF2003 (v6.x) you can backup the firewall.rul file in c:\program files\common files\symantec shared\. Reboot after restoring. This file only contains the firewall rules and not other program settings. This isn't supported or formally documented, but it should work. This file will not be portable across machines. I have not used NIS/NPF2004 and do not know if this still applies.

    If you need help restoring/modifying rules, let us know which ones.

    If you want to restrict a permitted application to specific remote address this can be done by modifying the permit rule in Internet Access/Application Control. The System Wide rules are not usually application specific.

    NIS/NPF processes rules from top to bottom. Starting at the top with System Wide/General Rules -> Application/Program Rules -> Trojan Rules. Anything not permitted by the rules will be blocked and depending on configuration you may get a prompt. Any IP's entered in the Trusted Zone bypass the rule set and all traffic is permitted. Any IP's in the Restricted Zone all traffic is denied/blocked.

    Hope this helps, let us know if you need suggestions for specific rules.

    Regards,

    CrazyM
     
  4. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia



    Hi, thanks for your answer.


    About you saying that "Anything not permitted by the rules will be blocked", so I assume, anything not strictly blocked will be also blocked, of course considersing settings in "Personal Firewall Settings" (HIGH/MEDIUM/MINIMUM thing) ??

    And about "rules overriding" the same question appears, what if I set "Personal Firewall Settings" to Custom --> "Allow All Comunications", then (I hope) my specific rules, those in "Internet Access Control", "Trusted/Restricted Zone" config., etc.) are still "taken into consideration" ??

    Then there is that "Automatic Internet Access Control", which I dislike, must say. Cause NPF have the most important rules (for vshost.exe, alg.exe, winlogon.exe, msimn.exe,iexplorer.exe, etc.) already somewhere in its database, for "new" programs accessing internet I certainly would like to know what rules are applyed (therefor NPF allowed that "Registration Check Routine" from PCBoost.exe, I mentioned, and my PC was rebooted in the middle of surfing)



    I just wanted to point out, that in NPF there are to many "sorts" of rules, if you know what I mean. To many rules, which override some other rule. You have general protection settings (HIGH/MEDIUM/MINIMUM), then "Internet Access Control" for each application, then for whole system in general ("System-Wide-Settings"), then "Trusted/Restricted Zones" ...

    It is just too confusing, to much thinking (testing, rebooting PC)needed to figure all out ...

    That's why I like Zone Alarm, cause it is more user-friendly, and I am not "newbie" at protection related stuff. And there is also mentioned "story" with SYMPROXYSVC.exe process completely missing in previous installation (and therefor most of NPF features, exept basic rules were missing too), and question, why 5 processes are needed to run all the time (even when not connected, with NPF disabled) ...

    I would use Zone Alarm, but I am waiting for version with less-CPU consuming "True Vector Engine Service" ...

    And I don't like re-installing too often ...




    P.S., I double tryed. "Internet Access Control" doesn't work in my case. I (temporary) set "Block All" for Internet Explorer. Nothing. Still can browse, etc., as usual.

    Not to mention all other programs are also normally connected even if set rules for them to "Block All" from the beggining (after installing NPF second time now, few months ago). There must be some bug, or something here.



    Thanks again
     
Loading...
Similar Threads
  1. ttomm1946
    Replies:
    0
    Views:
    521
Thread Status:
Not open for further replies.